update
This commit is contained in:
Arthur Grisel-Davy
parent
6602411b97
commit
15c24f69bb
2 changed files with 117 additions and 0 deletions
|
|
@ -21,13 +21,27 @@
|
|||
#slide(title: "State of the IDS")[
|
||||
// Most IDS rely on host-based information
|
||||
// Process List is a very common default info to verify
|
||||
]
|
||||
#slide(title:"State of the IDS")[
|
||||
// Process masquerading is trivialy posible and used by many attacks (Mitre AttCK list)
|
||||
|
||||
]
|
||||
#slide(title:"State of the IDS")[
|
||||
// Countermeasure to process masquerading
|
||||
Listed by MITRE|ATT&CK:
|
||||
- Monitor OS API Calls (e.g. forks)
|
||||
- Monitor process creation source.
|
||||
Listed by Red Canary:
|
||||
- Heuristic on process properties (name, location, etc.)
|
||||
|
||||
#uncover(2)[#align(center)[#text(fill:red, weight:"bold")[All Host-Based Methods!]]]
|
||||
]
|
||||
|
||||
#slide(title:"Process List Verification")[
|
||||
// We can't stop using the process list, so let's try to verify it
|
||||
// Power as a trusted source of information
|
||||
#align(center)[#image("images/wein.svg", height:100%)]
|
||||
// add wein images that shows where other solutions are and show that with the right analysis tools, power side-channel is at the center.
|
||||
]
|
||||
|
||||
#slide(title:"Power Side-Channel")[
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue