Starting presentation

presentation_gpn_2022
Thorsten Sick 3 years ago
parent 99f6a7486c
commit f83df02360

@ -0,0 +1,20 @@
# Minimal makefile for Sphinx documentation
#
# You can set these variables from the command line, and also
# from the environment for the first two.
SPHINXOPTS ?=
SPHINXBUILD ?= sphinx-build
SOURCEDIR = .
BUILDDIR = _build
# Put it first so that "make" without argument is like "make help".
help:
@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
.PHONY: help Makefile
# Catch-all target: route all unknown targets to Sphinx using the new
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
%: Makefile
@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

@ -0,0 +1,103 @@
# Configuration file for the Sphinx documentation builder.
#
# This file only contains a selection of the most common options. For a full
# list see the documentation:
# https://www.sphinx-doc.org/en/master/usage/configuration.html
# -- Path setup --------------------------------------------------------------
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
# -- Project information -----------------------------------------------------
project = 'PurpleDome Intro'
copyright = '2022, Thorsten Sick'
author = 'Thorsten Sick'
# -- General configuration ---------------------------------------------------
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
]
# Reveal JS
extensions += [
"sphinx_revealjs",
]
# -- Options for Reveal.js output ---------------------------------------------
revealjs_static_path = ["_static"]
revealjs_google_fonts = ["M PLUS 1p", ]
revealjs_style_theme = "black"
revealjs_script_conf = {
"controls": True,
"progress": True,
"history": True,
"center": True,
"transition": "slide",
}
revealjs_script_plugins = [
{
"name": "RevealNotes",
"src": "revealjs4/plugin/notes/notes.js",
},
{
"name": "RevealHighlight",
"src": "revealjs4/plugin/highlight/highlight.js",
},
{
"name": "RevealMath",
"src": "revealjs4/plugin/math/math.js",
},
]
revealjs_css_files = [
"revealjs4/plugin/highlight/zenburn.css",
"custom.css",
]
# Graphviz
extensions += [
"sphinx.ext.graphviz"
]
# -- GraphViz configuration ----------------------------------
graphviz_output_format = 'svg'
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = 'de'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path.
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
# -- Options for HTML output -------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
html_theme = 'alabaster'
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']

@ -0,0 +1,103 @@
=========================================
Purple Dome - Kein Schwein greift mich an
=========================================
.. This toctree is only to link examples.
.. toctree::
:glob:
:hidden:
Kein Schwein greif mich an
==========================
Habe mir gerade einen neuen Event Logger auf meinem Server installiert. Die Log Details hochgedreht... und jetzt greift mich keiner an.
Keine Ahnung ob die Sensoren tun ?
----------------------------------
Wir überhaupt mitgelogged was wichtig ist ?
Daten habe ich jetzt ....aber Erkennungslogik ?
-----------------------------------------------
Nach was greppe ich denn nun in den Logs ?
Viel gemacht aber alles ungetestet
==================================
Die einzige Lösung: Ein Angreifer muss her. Vielleicht nicht auf mein Produktivsystem.
Simulierte Angriffe
===================
Purple Dome erlaubt es, Angriffe zu simulieren. Scriptbar und als Python Pluins
Metasploit
----------
Caldera
-------
Kali Linux commandline
----------------------
Simulierte Ziele
================
Die Angriffe gehen nicht auf das Produktivsystem, sondern auf VM targets
Sensoren nach Wunsch
====================
Welche Sensoren auf den Targets laufen kann man per config und Plugin definieren
Vulnerabilities nach Wunsch
===========================
Damit die Angriffe auch etwas Schaden hinterlassen, kann man per Plugins auch erst mal Vulnerabilities auf den Targets installieren.
Targets nach Wunsch
===================
Erzeugt mittels Vagrant oder als bestehende VM
Wie das Ganze dann aussieht
===========================
Resultat: PDF
-------------
Resultat: Sensordaten
---------------------
Resultat: Angriffsdaten
-----------------------
Input: Commandline
------------------
Input: Config
-------------
Wo kann ich PurpleDome kaufen ?
===============================
Gar nicht. Ist kostenlos und Open Source
https://github.com/avast/PurpleDome
Bitte forken. Jetzt.
Fragen ?
Origin story
------------
* Sensoren eines Behaviour Blockers müssen mit jedem OS update neu getestet werden
* Jeder neue Angriff muss verifiziert werden...
Also wurde automatisiert.

@ -0,0 +1,35 @@
@ECHO OFF
pushd %~dp0
REM Command file for Sphinx documentation
if "%SPHINXBUILD%" == "" (
set SPHINXBUILD=sphinx-build
)
set SOURCEDIR=.
set BUILDDIR=_build
if "%1" == "" goto help
%SPHINXBUILD% >NUL 2>NUL
if errorlevel 9009 (
echo.
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
echo.installed, then set the SPHINXBUILD environment variable to point
echo.to the full path of the 'sphinx-build' executable. Alternatively you
echo.may add the Sphinx directory to PATH.
echo.
echo.If you don't have Sphinx installed, grab it from
echo.http://sphinx-doc.org/
exit /b 1
)
%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
goto end
:help
%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
:end
popd
Loading…
Cancel
Save