Michał Sołtysik - Deep Packet Inspection Analysis - Examining One Packet Killers (ENG)
Вставка
- Опубліковано 16 лип 2024
- Other content: • Michał Sołtysik - Cybe...
Michał Sołtysik
Cybersecurity Consultant
Specializing in deep packet inspection (i.e. network edge profiling and 0-day attacks).
To date, he has identified 254 protocols in the IT, OT and IoT areas used for cyber attacks.
Additionally, a Digital and Network Forensics Examiner, CyberWarfare Organizer and SOC Trainer.
C)CSA - Certified Cyber Security Analyst
C|SA - Certified SOC Analyst
C)NFE - Certified Network Forensics Examiner
C)DFE - Certified Digital Forensics Examiner
WCNA - Wireshark Certified Network Analyst
C|ND - Certified Network Defender
C)ISSO - Certified Information Systems Security Officer
C)PTC - Certified Penetration Testing Consultant
C)PTE - Certified Penetration Testing Engineer
C)PEH - Certified Professional Ethical Hacker
C)VA - Certified Vulnerability Assessor
RvBCWP - Red vs Blue Cyber Warfare Practitioner
CM)IPS - Certified Master Intrusion Prevention Specialist
CIoTSP - Certified Internet of Things Security Practitioner
OOSE - OPSWAT OT Security Expert
CNSP - Certified Network Security Practitioner
CNSE - Certified Network Security Engineer
CCE - Certified Cybersecurity Expert
CCSS - Certified Cyber Security Specialist
Accredited by ANAB under ISO/IEC 17024.
Accredited by the NSA CNSS 4011-4016.
Approved by DoD under Directive 8570 (previously) / 8140 (presently).
Mapped to NIST / Homeland Security NICCS's Cyber Security Workforce Framework.
Mapped to NCWF (NICE Cybersecurity Workforce Framework).
Approved on the FBI Cyber Security Certification Requirement list (Tier 1-3).
Recognized by NCSC - part of GCHQ (UK's intelligence, security, and cyber agency).
0:00 Start
1:51 Title of the lecture: Deep Packet Inspection Analysis: Examining One Packet Killers.
2:30 Description of the lecture: Security Operations Center (SOC) teams monitor network traffic using SIEM and IPS solutions, along with other security tools. However, these tools can sometimes fall short in their capability, particularly when faced with complex attacks that exploit legitimate network protocols, such as a single, crafted packet. To combat these threats, SOC teams must adopt advanced techniques such as Deep Packet Inspection (DPI). The webinar explores DPI analysis techniques to detect and mitigate "One Packet Killers", using real-world examples from DHCP, H.225.0, Modbus over TCP, WTP, and BAT_GW protocols. Furthermore, it examines the intricacies of each protocol and highlights how specific message manipulations within these protocols can activate Denial-of-Service (DoS) attacks or disrupt communication flows. By mastering DPI techniques and addressing these protocol security weaknesses, SOC teams can enhance their ability to maintain a robust network security posture.
Content:
1:37 Opening words
3:58 Why IPS, WAF, and SIEM solutions are not enough.
7:07 Summary of the need for deep packet inspection analysis.
10:14 The four main categories of weaknesses/vulnerabilities.
10:53 DoS Attack Categories.
12:39 One Packet Killer via a vulnerability (CVE-2021-45105).
13:45 One Packet Killer via a weak protocol design in DHCP.
16:03 One Packet Killer via a weak protocol design in Modbus over TCP.
21:52 One Packet Killer via a weak protocol design in WTP.
22:53 One Packet Killer via a weak protocol design in BAT_GW.
26:13 One Packet Killer via a weak protocol design in H.225.0.
31:40 Findings (a breakdown of the possibilities and limitations behind functionalities within protocols which can be misused for DoS attacks under specific circumstances).
32:45 Protocol-based DoS Attacks.
33:48 DoS Attacks: Classification and Protocol Weakness Examples.
35:00 Some possible reasons why an attacker might send a single such packet ('One Packet Killer').
36:46 Conclusions of the webinar.
39:42 Recommendations on protocol weaknesses.
41:16 An example of a 'Silent Killer' using a ubiquitous protocol DNS.
47:35 Q&A.
58:47 Closing words.
Contact:
Mail: mikewavepoland@gmail.com
LinkedIn: / michal-soltysik-ssh-soc
GitHub: github.com/MichalSoltysikSOC
Accredible: www.credential.net/profile/mi...
Link to download the presentation in .pdf format: files.fm/f/5gh6bawv36
