grizzly/deneir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Arthur Grisel-Davy 2024-09-03 13:11:23 -04:00
parent 6602411b97
commit 15c24f69bb
2 changed files with 117 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

103
PhD/seminar/images/wein.svg Normal file
View file

@ -0,0 +1,103 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="221.72084mm"
height="105.83334mm"
viewBox="0 0 221.72084 105.83334"
version="1.1"
id="svg1"
xml:space="preserve"
inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
sodipodi:docname="wein.svg"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg"><sodipodi:namedview
id="namedview1"
pagecolor="#ffffff"
bordercolor="#000000"
borderopacity="0.25"
inkscape:showpageshadow="2"
inkscape:pageopacity="0.0"
inkscape:pagecheckerboard="0"
inkscape:deskcolor="#d1d1d1"
inkscape:document-units="mm"
inkscape:zoom="1.0141844"
inkscape:cx="380.1084"
inkscape:cy="204.59791"
inkscape:window-width="1920"
inkscape:window-height="1011"
inkscape:window-x="0"
inkscape:window-y="0"
inkscape:window-maximized="1"
inkscape:current-layer="layer1" /><defs
id="defs1"><inkscape:path-effect
effect="copy_rotate"
starting_point="0,0"
origin="30.41,131.0574"
id="path-effect5"
is_visible="true"
lpeversion="1.2"
lpesatellites="#path5 | #path6"
method="normal"
num_copies="3"
starting_angle="0"
rotation_angle="120"
gap="0.31"
copies_to_360="true"
mirror_copies="false"
split_items="true"
link_styles="false" /></defs><g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(32.628418,-98.555054)"><path
style="fill:#dd55ff;stroke:#660080;stroke-width:1;stroke-linecap:round;opacity:0.3427193"
id="path4"
inkscape:path-effect="#path-effect5"
sodipodi:type="arc"
sodipodi:cx="48.944355"
sodipodi:cy="131.0574"
sodipodi:rx="26.137203"
sodipodi:ry="26.137203"
d="m 75.081558,131.0574 c 0,14.43518 -11.702024,26.13721 -26.137203,26.13721 -14.435179,0 -26.137203,-11.70203 -26.137203,-26.13721 0,-14.43518 11.702024,-26.1372 26.137203,-26.1372 14.435179,0 26.137203,11.70202 26.137203,26.1372 z"
transform="matrix(1.0722768,-0.61907929,0.61907929,1.0722768,-35.510858,24.032246)" /><path
transform="matrix(-1.0722768,-0.6190793,0.6190793,-1.0722768,29.705015,305.09186)"
style="fill:#80b3ff;stroke:#2a7fff;stroke-width:1;stroke-linecap:round;opacity:0.45687535"
id="path5"
d="m 75.081558,131.0574 c 0,14.43518 -11.702024,26.13721 -26.137203,26.13721 -14.435179,0 -26.137203,-11.70203 -26.137203,-26.13721 0,-14.43518 11.702024,-26.1372 26.137203,-26.1372 14.435179,0 26.137203,11.70202 26.137203,26.1372 z" /><path
transform="matrix(0,1.2381586,-1.2381586,0,240.50185,108.08345)"
style="fill:#ffdd55;stroke:#ff7f2a;stroke-width:1;stroke-linecap:round;opacity:0.36954338"
id="path6"
d="m 75.081558,131.0574 c 0,14.43518 -11.702024,26.13721 -26.137203,26.13721 -14.435179,0 -26.137203,-11.70203 -26.137203,-26.13721 0,-14.43518 11.702024,-26.1372 26.137203,-26.1372 14.435179,0 26.137203,11.70202 26.137203,26.1372 z" /><text
xml:space="preserve"
style="font-size:11.4172px;font-family:Fuji;-inkscape-font-specification:Fuji;opacity:1;fill:#2a80ff;fill-opacity:1;stroke:none;stroke-width:3.59596;stroke-linecap:round"
x="-30.505966"
y="114.68162"
id="text6"><tspan
sodipodi:role="line"
id="tspan6"
style="fill:#2a80ff;fill-opacity:1;stroke:none;stroke-width:3.59596"
x="-30.505966"
y="114.68162">Independance</tspan></text><text
xml:space="preserve"
style="font-size:11.4172px;font-family:Fuji;-inkscape-font-specification:Fuji;opacity:1;fill:#670081;fill-opacity:1;stroke:none;stroke-width:3.59596;stroke-linecap:round"
x="127.64307"
y="114.68162"
id="text7"><tspan
sodipodi:role="line"
id="tspan7"
style="fill:#670081;fill-opacity:1;stroke:none;stroke-width:3.59596"
x="127.64307"
y="114.68162">Relevance</tspan></text><text
xml:space="preserve"
style="font-size:11.4172px;font-family:Fuji;-inkscape-font-specification:Fuji;opacity:1;fill:#ff802c;fill-opacity:1;stroke:none;stroke-width:3.59596;stroke-linecap:round"
x="103.49713"
y="199.66727"
id="text8"><tspan
sodipodi:role="line"
id="tspan8"
style="fill:#ff802c;fill-opacity:1;stroke:none;stroke-width:3.59596"
x="103.49713"
y="199.66727">Actionability</tspan></text></g></svg>
Side by side

After

Width:  |  Height:  |  Size: 4.6 KiB

14
PhD/seminar/seminar.typ
View file

@ -21,13 +21,27 @@
#slide(title: "State of the IDS")[ #slide(title: "State of the IDS")[
// Most IDS rely on host-based information // Most IDS rely on host-based information
// Process List is a very common default info to verify // Process List is a very common default info to verify
]
#slide(title:"State of the IDS")[
// Process masquerading is trivialy posible and used by many attacks (Mitre AttCK list) // Process masquerading is trivialy posible and used by many attacks (Mitre AttCK list)
]
#slide(title:"State of the IDS")[
// Countermeasure to process masquerading // Countermeasure to process masquerading
Listed by MITRE|ATT&CK:
- Monitor OS API Calls (e.g. forks)
- Monitor process creation source.
Listed by Red Canary:
- Heuristic on process properties (name, location, etc.)
#uncover(2)[#align(center)[#text(fill:red, weight:"bold")[All Host-Based Methods!]]]
] ]
#slide(title:"Process List Verification")[ #slide(title:"Process List Verification")[
// We can't stop using the process list, so let's try to verify it // We can't stop using the process list, so let's try to verify it
// Power as a trusted source of information // Power as a trusted source of information
#align(center)[#image("images/wein.svg", height:100%)]
// add wein images that shows where other solutions are and show that with the right analysis tools, power side-channel is at the center.
] ]
#slide(title:"Power Side-Channel")[ #slide(title:"Power Side-Channel")[