mirror of https://github.com/avast/PurpleDome
Starting presentation
parent
99f6a7486c
commit
f83df02360
@ -0,0 +1,20 @@
|
||||
# Minimal makefile for Sphinx documentation
|
||||
#
|
||||
|
||||
# You can set these variables from the command line, and also
|
||||
# from the environment for the first two.
|
||||
SPHINXOPTS ?=
|
||||
SPHINXBUILD ?= sphinx-build
|
||||
SOURCEDIR = .
|
||||
BUILDDIR = _build
|
||||
|
||||
# Put it first so that "make" without argument is like "make help".
|
||||
help:
|
||||
@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
|
||||
|
||||
.PHONY: help Makefile
|
||||
|
||||
# Catch-all target: route all unknown targets to Sphinx using the new
|
||||
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
|
||||
%: Makefile
|
||||
@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
|
@ -0,0 +1,103 @@
|
||||
# Configuration file for the Sphinx documentation builder.
|
||||
#
|
||||
# This file only contains a selection of the most common options. For a full
|
||||
# list see the documentation:
|
||||
# https://www.sphinx-doc.org/en/master/usage/configuration.html
|
||||
|
||||
# -- Path setup --------------------------------------------------------------
|
||||
|
||||
# If extensions (or modules to document with autodoc) are in another directory,
|
||||
# add these directories to sys.path here. If the directory is relative to the
|
||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||
#
|
||||
# import os
|
||||
# import sys
|
||||
# sys.path.insert(0, os.path.abspath('.'))
|
||||
|
||||
|
||||
# -- Project information -----------------------------------------------------
|
||||
|
||||
project = 'PurpleDome Intro'
|
||||
copyright = '2022, Thorsten Sick'
|
||||
author = 'Thorsten Sick'
|
||||
|
||||
|
||||
# -- General configuration ---------------------------------------------------
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be
|
||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
|
||||
# ones.
|
||||
extensions = [
|
||||
]
|
||||
|
||||
# Reveal JS
|
||||
|
||||
extensions += [
|
||||
"sphinx_revealjs",
|
||||
]
|
||||
|
||||
# -- Options for Reveal.js output ---------------------------------------------
|
||||
revealjs_static_path = ["_static"]
|
||||
revealjs_google_fonts = ["M PLUS 1p", ]
|
||||
revealjs_style_theme = "black"
|
||||
revealjs_script_conf = {
|
||||
"controls": True,
|
||||
"progress": True,
|
||||
"history": True,
|
||||
"center": True,
|
||||
"transition": "slide",
|
||||
}
|
||||
revealjs_script_plugins = [
|
||||
{
|
||||
"name": "RevealNotes",
|
||||
"src": "revealjs4/plugin/notes/notes.js",
|
||||
},
|
||||
{
|
||||
"name": "RevealHighlight",
|
||||
"src": "revealjs4/plugin/highlight/highlight.js",
|
||||
},
|
||||
{
|
||||
"name": "RevealMath",
|
||||
"src": "revealjs4/plugin/math/math.js",
|
||||
},
|
||||
]
|
||||
revealjs_css_files = [
|
||||
"revealjs4/plugin/highlight/zenburn.css",
|
||||
"custom.css",
|
||||
]
|
||||
|
||||
# Graphviz
|
||||
extensions += [
|
||||
"sphinx.ext.graphviz"
|
||||
]
|
||||
|
||||
# -- GraphViz configuration ----------------------------------
|
||||
graphviz_output_format = 'svg'
|
||||
|
||||
# Add any paths that contain templates here, relative to this directory.
|
||||
templates_path = ['_templates']
|
||||
|
||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||
# for a list of supported languages.
|
||||
#
|
||||
# This is also used if you do content translation via gettext catalogs.
|
||||
# Usually you set "language" from the command line for these cases.
|
||||
language = 'de'
|
||||
|
||||
# List of patterns, relative to source directory, that match files and
|
||||
# directories to ignore when looking for source files.
|
||||
# This pattern also affects html_static_path and html_extra_path.
|
||||
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
|
||||
|
||||
|
||||
# -- Options for HTML output -------------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||
# a list of builtin themes.
|
||||
#
|
||||
html_theme = 'alabaster'
|
||||
|
||||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
html_static_path = ['_static']
|
@ -0,0 +1,103 @@
|
||||
=========================================
|
||||
Purple Dome - Kein Schwein greift mich an
|
||||
=========================================
|
||||
|
||||
.. This toctree is only to link examples.
|
||||
|
||||
.. toctree::
|
||||
:glob:
|
||||
:hidden:
|
||||
|
||||
|
||||
|
||||
Kein Schwein greif mich an
|
||||
==========================
|
||||
|
||||
Habe mir gerade einen neuen Event Logger auf meinem Server installiert. Die Log Details hochgedreht... und jetzt greift mich keiner an.
|
||||
|
||||
Keine Ahnung ob die Sensoren tun ?
|
||||
----------------------------------
|
||||
|
||||
Wir überhaupt mitgelogged was wichtig ist ?
|
||||
|
||||
Daten habe ich jetzt ....aber Erkennungslogik ?
|
||||
-----------------------------------------------
|
||||
|
||||
Nach was greppe ich denn nun in den Logs ?
|
||||
|
||||
Viel gemacht aber alles ungetestet
|
||||
==================================
|
||||
|
||||
Die einzige Lösung: Ein Angreifer muss her. Vielleicht nicht auf mein Produktivsystem.
|
||||
|
||||
Simulierte Angriffe
|
||||
===================
|
||||
|
||||
Purple Dome erlaubt es, Angriffe zu simulieren. Scriptbar und als Python Pluins
|
||||
|
||||
Metasploit
|
||||
----------
|
||||
|
||||
Caldera
|
||||
-------
|
||||
|
||||
Kali Linux commandline
|
||||
----------------------
|
||||
|
||||
Simulierte Ziele
|
||||
================
|
||||
|
||||
Die Angriffe gehen nicht auf das Produktivsystem, sondern auf VM targets
|
||||
|
||||
Sensoren nach Wunsch
|
||||
====================
|
||||
|
||||
Welche Sensoren auf den Targets laufen kann man per config und Plugin definieren
|
||||
|
||||
Vulnerabilities nach Wunsch
|
||||
===========================
|
||||
|
||||
Damit die Angriffe auch etwas Schaden hinterlassen, kann man per Plugins auch erst mal Vulnerabilities auf den Targets installieren.
|
||||
|
||||
Targets nach Wunsch
|
||||
===================
|
||||
|
||||
Erzeugt mittels Vagrant oder als bestehende VM
|
||||
|
||||
Wie das Ganze dann aussieht
|
||||
===========================
|
||||
|
||||
Resultat: PDF
|
||||
-------------
|
||||
|
||||
Resultat: Sensordaten
|
||||
---------------------
|
||||
|
||||
Resultat: Angriffsdaten
|
||||
-----------------------
|
||||
|
||||
Input: Commandline
|
||||
------------------
|
||||
|
||||
Input: Config
|
||||
-------------
|
||||
|
||||
Wo kann ich PurpleDome kaufen ?
|
||||
===============================
|
||||
|
||||
Gar nicht. Ist kostenlos und Open Source
|
||||
|
||||
https://github.com/avast/PurpleDome
|
||||
|
||||
Bitte forken. Jetzt.
|
||||
|
||||
Fragen ?
|
||||
|
||||
Origin story
|
||||
------------
|
||||
|
||||
* Sensoren eines Behaviour Blockers müssen mit jedem OS update neu getestet werden
|
||||
* Jeder neue Angriff muss verifiziert werden...
|
||||
|
||||
Also wurde automatisiert.
|
||||
|
@ -0,0 +1,35 @@
|
||||
@ECHO OFF
|
||||
|
||||
pushd %~dp0
|
||||
|
||||
REM Command file for Sphinx documentation
|
||||
|
||||
if "%SPHINXBUILD%" == "" (
|
||||
set SPHINXBUILD=sphinx-build
|
||||
)
|
||||
set SOURCEDIR=.
|
||||
set BUILDDIR=_build
|
||||
|
||||
if "%1" == "" goto help
|
||||
|
||||
%SPHINXBUILD% >NUL 2>NUL
|
||||
if errorlevel 9009 (
|
||||
echo.
|
||||
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
|
||||
echo.installed, then set the SPHINXBUILD environment variable to point
|
||||
echo.to the full path of the 'sphinx-build' executable. Alternatively you
|
||||
echo.may add the Sphinx directory to PATH.
|
||||
echo.
|
||||
echo.If you don't have Sphinx installed, grab it from
|
||||
echo.http://sphinx-doc.org/
|
||||
exit /b 1
|
||||
)
|
||||
|
||||
%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
|
||||
goto end
|
||||
|
||||
:help
|
||||
%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS% %O%
|
||||
|
||||
:end
|
||||
popd
|
Loading…
Reference in New Issue