jueves, 27 de agosto de 2020

ATTPwn En El Red Team Village De DefCon 28 Safemode & 8Dot8 Las Vegas

Ya hemos hablado bastante de ATTPwn en este blog. Es el resultado del estudio y análisis que hemos ido haciendo en estos últimos meses de la matriz ATT&CK de MITRE. Una forma de ordenar el conocimiento de las amenazas, a través del uso de tácticas, técnicas y procedimientos. En el mes de agosto hemos estado participando en diferentes eventos gracias al trabajo realizado con ATTPwn, el cual ha dado como resultado la herramienta colaborativa que tenéis en el Github de ElevenPaths.

Figura 1: ATTPwn en el Red Team Village de DefCon 28 Safemode & 8dot8 Las Vegas

Como comentamos en BlackHat, ante algunas preguntas, seguimos actualizando y metiendo funcionalidades la herramienta. Es un esfuerzo importante, ya que la herramienta tiene un gran recorrido y muchas posibilidades a realizar. Es más, pensamos en una API, en un GameScore, en añadir mayor conocimiento y en facilitar la inclusión de la implementación de cualquier usuario dentro de la herramienta. No es un proyecto que nace y muere en breve, es un proyecto para seguir creciendo y sumando. Además, cualquier ayuda en forma de colaboración será bienvenida.

Figura 2: ATTPwn en GitHub
  
El sábado, 8 de agosto, nos tocaba participar en DefCon en un horario muy matutino. Eran las 6:20 de la madrugada hora España y Fran Ramírez y yo estábamos delante del ordenador para poder exponer la conferencia en el Red Team Village. En el horario de Las Vegas, la charla era a las 22.00, por lo que nos tocaba esperar hasta las 7.00 de la mañana, hora España. Sea como sea, encantados de poder estar en uno de los grandes eventos.


Unos días antes estuvimos haciendo pequeños cambios en la herramienta. Por ejemplo, el fichero data.py sufrió algún cambio para evitar que implementaciones futuras de técnicas que estaban en un plan de una amenaza "crasheasen" la ejecución de la amenaza, precisamente por no tener la implementación indicada. 

Como digo es un proyecto vivo en el que seguimos añadiendo funcionalidades e implementaciones cuando podemos, por lo que en algunas ocasiones podemos definir el plan de una amenaza con las técnicas mapeadas del MITRE y no disponer de ningún tipo de implementación todavía.  Alguna idea como integrar Red Atomic en ATTPwn o dar la posibilidad de utilizar ciertas funcionalidades de Atomic Red en ATTPwn pueden ayudar a paliar esto que os comentaba y, por supuesto, enriquecería el proyecto con un marco de trabajo muy interesante, como es el proyecto Atomic Red.

Figura 4: Proyecto Atomic Red

Hace tiempo, ya comenté que hablaríamos algún día de este proyecto en profundidad, porque es algo muy interesante. Esos ficheros YAML y las posibilidades de integración que ofrecen son dignos de estudio. Hasta aquí os puedo leer.


Eso sí, la importancia de crear inteligencia de amenazas mapeadas con la matriz de ATT&CK tiene su importancia, tanto para un Red Team como para un Blue Team. La idea final es que lances esto sobre un activo para verificar que tus controles, es decir, tu inversión en seguridad, funcionan correctamente, es decir, son eficientes y eficaces. 

Defcon 20 Safemode & 8dot8 Las Vegas

Ahora, os dejamos el vídeo de la charla del Red Team Village de DefCon en inglés, en el que podéis ver cómo se adapta el proyecto a la matriz de ATT&CK, la arquitectura de la herramienta, diferentes casos de uso y cómo se puede colaborar con el proyecto, ya que éste último punto es el más importante, desde mi punto de vista. 

Figura 6: ATTPwn en DefCON 28 Safemode Red Team Village

Pronto terminaremos de volver de vacaciones, unas vacaciones merecidas tras este extraño año que nos ha tocado vivir, pero del que seguro podemos sacar lecturas positivas. Al menos, tenemos que hacer ese ejercicio. Cuando parece que todo se acaba, podremos sacar algo positivo y saldremos con más fuerza.

Figura 7: ATPwn en 8dot8 Las Vegas en español

Tras pasar por BlackHat USA y DefCon, nuestro amigo y compañero Gabriel Bergel (CSA de ElevenPaths) nos invitó a asistir a 8dot8 LasVegas. Esta edición especial de la 8dot8 se suele celebrar en una suite del Flamingo en LasVegas, pero en esta ocasión tocó hacerla online. Es una edición para ponentes hispanoamericanos que presentan en BlackHat o en DefCon. Siempre es un placer poder estar con Ragnar y el enorme equipo de 8dot8

Saludos,

Autor: Pablo González Pérez (@pablogonzalezpe), escritor de los libros "Metasploit para Pentesters", "Hacking con Metasploit: Advanced Pentesting" "Hacking Windows", "Ethical Hacking", "Got Root",  "Pentesting con Powershell", "Pentesting con Kali Silver Edition" y de "Empire: Hacking Avanzado en el Red Team", Microsoft MVP en Seguridad y Security Researcher en el equipo de "Ideas Locas" de la unidad CDCO de Telefónica.  Para consultas puedes usar el Buzón Público para contactar con Pablo González

Figura 8: Contactar con Pablo González

Sigue Un informático en el lado del mal RSS 0xWord

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
Related news

  1. How To Hack
  2. Hacking Tools
  3. Hacking App
  4. Hacker Tools Online
  5. Hack And Tools
  6. Hack Tools For Windows
  7. Hacking Tools For Windows Free Download
  8. Hacker Techniques Tools And Incident Handling
  9. Pentest Tools Open Source
  10. Hacking Tools Name
  11. World No 1 Hacker Software
  12. Hacker Tools Hardware
  13. Pentest Tools Tcp Port Scanner
  14. Pentest Tools Kali Linux
  15. Pentest Tools For Android
  16. Hacker Hardware Tools
  17. Hack Tools For Ubuntu
  18. Pentest Reporting Tools
  19. Hacking Tools Name
  20. Hacking Tools Software
  21. Hack Tools For Games
  22. Hack Tools Online
  23. Hack Tools 2019
  24. Hacking Tools Pc
  25. Hacking Tools Github
  26. Pentest Tools Subdomain
  27. Hacking Tools For Games
  28. Best Hacking Tools 2020
  29. Hack Tool Apk
  30. Hack Tools Pc
  31. Hack Tools For Games
  32. Pentest Tools Kali Linux
  33. Nsa Hack Tools
  34. Pentest Tools Bluekeep
  35. Hacker Security Tools
  36. Hack And Tools
  37. New Hack Tools
  38. Pentest Tools Open Source
  39. Hacking Tools Kit
  40. Black Hat Hacker Tools
  41. New Hacker Tools
  42. Hackers Toolbox
  43. Hacker Tools For Windows
  44. Kik Hack Tools
  45. Black Hat Hacker Tools
  46. Hacking Tools 2020
  47. Pentest Tools List
  48. Pentest Tools Apk
  49. Hacker Tools 2019
  50. Game Hacking
  51. Pentest Tools Framework
  52. Hacking Tools 2019
  53. Hacker Tools For Mac
  54. Hacker Search Tools
  55. Tools For Hacker
  56. Termux Hacking Tools 2019
  57. Pentest Tools Github
  58. Wifi Hacker Tools For Windows
  59. Free Pentest Tools For Windows
  60. Hacking Tools Name
  61. Best Hacking Tools 2019
  62. Hacking Tools For Windows
  63. Hacker Tools Hardware
  64. Github Hacking Tools
  65. Hacking Tools Free Download
  66. What Is Hacking Tools
  67. Hack Tools Mac
  68. Hack Rom Tools
  69. Nsa Hacker Tools
  70. Pentest Reporting Tools
  71. Hack App
  72. Install Pentest Tools Ubuntu
  73. Hack Tools For Windows
  74. Hack Tools
  75. Pentest Reporting Tools
  76. Hacking Tools Windows 10
  77. Pentest Tools Url Fuzzer
  78. Pentest Tools Windows
  79. Hacking Apps
  80. Hack Tools Github
  81. Hacker Tools For Ios
  82. Pentest Tools Website Vulnerability
  83. Pentest Tools Download
  84. Hacking Tools For Beginners
  85. Pentest Tools Subdomain
  86. Usb Pentest Tools
  87. Growth Hacker Tools
  88. Hacking Tools Name
  89. Hacker Security Tools
  90. Game Hacking
  91. Hack Apps
  92. Pentest Tools Website Vulnerability
  93. Hacking Tools For Beginners
  94. Hacker Tools For Ios
  95. Hacking Tools For Windows 7
  96. Hacking Tools Mac
  97. Hackers Toolbox
  98. Hacking Tools Hardware
  99. Top Pentest Tools
  100. Hacker Tools For Pc
  101. Hacker Tools Hardware
  102. Hacking Tools Usb
  103. Termux Hacking Tools 2019
  104. Hacking Tools 2020
  105. Hacking Tools For Windows
  106. Hack Tools
  107. How To Hack
  108. Hacker Tools Mac
  109. Hacking Tools Free Download
  110. Hacking Apps
  111. Hak5 Tools
  112. Hacker Security Tools
  113. Hacking Tools Free Download
  114. Pentest Tools Alternative
  115. Pentest Tools For Mac
  116. Hacker Tools For Mac
  117. Hack Tools For Windows
  118. Hacker Tools List
  119. Hacker Tools 2019
  120. How To Hack
  121. Bluetooth Hacking Tools Kali
  122. Hack Tools For Ubuntu
  123. Pentest Tools Linux
  124. Pentest Tools Android
  125. Tools 4 Hack
  126. Pentest Tools Framework
  127. Pentest Tools Subdomain
  128. Hacking Tools For Windows 7
  129. Hacking Tools Github
  130. Hacking Tools For Pc
  131. Hacker Tools
  132. Beginner Hacker Tools
  133. Hack Tools For Pc
  134. Github Hacking Tools
  135. Hacking Tools Software
  136. Hacking Tools Usb
  137. Hack Tools Pc
  138. Hack Tools For Ubuntu
  139. Hacker Tools For Windows
  140. What Is Hacking Tools
  141. Wifi Hacker Tools For Windows
  142. Pentest Tools For Android
  143. Hack Tools For Windows
  144. Hack Tools
  145. Hacking Tools Usb
  146. Hacking Tools Windows 10
  147. Pentest Tools Tcp Port Scanner
  148. Hacking Tools Mac
  149. Android Hack Tools Github
  150. Hacker Tools Github
  151. Hacker Tools Online
  152. What Are Hacking Tools
  153. Hack Tool Apk No Root
  154. Pentest Box Tools Download
Publicado por en No hay comentarios:

Top10 Java Script Blogs To Improve Coding Skills

10 Top JavaScript Blogs to Improve Coding Skills

 

The Best JavaScript Blogs

With two decades of improvement, JavaScript has become one of the most popular programming languages of all time. The journey started in 1995 when Brendan Eich created JavaScript in just 10 days. From there, it has seen multiple revisions, drafts, and growth in the form of frameworks, API's, modules, etc. Today, we will go forward and list the top JavaScript blogs from the internet so that you can enjoy the lastest development in the field of JavaScript.

According to RedMonk programming language rankings and GitHut.info, JavaScript is leading the pack in the terms of repositories and the most discussed programming language on StackOverFlow. The numbers itself speaks about the future of JavaScript as it has grown beyond the initial capabilities of simple DOM manipulations.

Learning JavaScript, on the other hand, can be a tricky proposition. New libraries, features, API's or Style Guide, pop up almost every day. The speed of iteration is beyond imagination, and that is why reading leading JavaScript blogs are the best approach to keep up with new changes.

Slack-clone-angularjs

JavaScript is blessed with experts that regularly contribute to the community using live streams, videos, blogs, podcasts, conferences and open source projects. An example of a cool experienced Javascript programmer is evilsoft who broadcasts awesome Javascript projects weekly on LiveEdu..

Some blogs are just gold even when they are not updated frequently. To help you reach the best content on JavaScript, let's list the best JavaScript blogs on the internet. The following blogs have a huge fan following and contain epic JavaScript content.

10 Top JavaScript Blogs to Improve Coding Skills

1. David Walsh Blog

David Walsh is a renowned name in the JavaScript world. He started his career with DZone, but his first real break came while working for SitePen as a Software Engineer. His blog composes of topics related to JavaScript, personal thoughts, guides and much more. The blog design is captivating and is going to hook you up on the first visit. Currently, he is working as a Senior Web Developer at Mozilla.

top javascript blogs

2. DailyJS

DailyJS is one of the best JavaScript blogs on the internet. The blog was started by Alex R. Young, an entrepreneur and Node.js expert in 2009. However, there are recent changes that don't sound great. Currently, the blog is no longer updated, but that does not make the content useless at all. The blog covers diverse content on JavaScript including frameworks, API's, libraries, etc.

2-daily-js

3. SitePoint

SitePoint is one of the leading web development portals since 2000. The main attraction of SitePoint is the collection of highly detailed articles. They are aimed at teaching something new to the readers. JavaScript, on the other hand, is one of the leading topics on the website where experts around the world contribute regularly. The rate of the new blog post is high, and you won't find a blog post that doesn't teach you something new. Truly, a great learning place for any JavaScript developer.

3-Sitepoint

4. JavaScript.com

Not technically a blog, but if you love JavaScript, then you need to follow the website's offerings. JavaScript.com news section is an aggregator for excellent JavaScript news, tutorials, guides, and much more. All you need to do is move to their news section and discover tons of new content surrounding JavaScript. The domain is owned by CodeSchool and is mainly utilized to contribute to the community and a landing page to their courses.

4-JavaScript

5. Brendan Eich

What's the best place to find JavaScript knowledge? The inventor? Well, you are right. Brendan Eich, the creator of JavaScript, keeps his blog with filled with his musings and other excellent thought processes about JavaScript. You can also find videos on the blog. Virtually, the blog is the mind of JavaScript where you understand it in an entirely different manner.

5-brendan-eich

6. JavaScript Playground

JavaScript Playground is yet another great place to get started with all the different JavaScript frameworks, API, and libraries. The focus is to work with the JavaScript ecosystem and provide high quality blog articles, screencast, and podcast for the audience. They also blog about different JavaScript guidelines, tips, and tricks.

6-JavaScript-Playground

7. Superhero.js

If you are looking for a superhero to fetch you the best resources on JavaScript, then you have finally found one. Superhero.js is a simple website that aims to collect everything related to JavaScript including videos, articles, presentations, etc. The content is divided into meaningful sections such as "Understanding JavaScript", "Organize Your Code", etc. Also, the page is regularly updated with new information.

7-superhero

8. JavaScript Jabber

Another "not a blog entry" into the list — JavaScript Jabber is a weekly podcast on JavaScript. Each podcast is around 1 hour of jabber and will sure have something for you to learn. They keep their tab on everything related to JavaScript, including core concepts to popular Framework discussions.

8-JavaScript-Jabber

9. Medium JavaScript Collection

Is medium a blog? Technically, not, but it contains high quality JavaScript articles. Medium is a way to connect to the audience so be ready to read many opinions on how JavaScript should have been, and what's wrong with JavaScript. Other than the ramblings, it hosts amazing JavaScript content such as Speed Up Web Apps.

9-JavaScript-collection-medium

10. Smashing Magazine

Smashing Magazine is one of the oldest websites covering web designing and development. They have a dedicated section for JavaScript, which is constantly updated with tutorials of high caliber. The tutorials surround other web development ideas such as UX, Productivity, etc.

10-smashing-magazine

Conclusion

Here are the ten best JavaScript blogs to improve your coding skills. The blogs and mix of other content types will help you to keep up with new changes in JavaScript field, and improve yourself accordingly.

If you are new to JavaScript and want to get started as soon as possible, check out the JavaScript learn section on LiveEdu.tv. And, yes, it is the most popular programming language on LiveEdu.tv which can benefit from your attention! Also, don't forget to leave a comment on how the JavaScript category page can be improved. We are listening!

Dr. Michael J. Garbade

About Author Dr. Michael Jurgen Garbade is the founder of LiveEdu.TV, Kyuda, Education Ecosystem. He is future Venture Capitalist, Future Politician and always on the lookout for the Next Big Challenge. Obtained Masters in business administration and physics, and a Ph.D. in finance with professional work experience in high-paced environments at Fortune 500 companies like Amazon and General Electric. Expertize: Python, PHP, Sencha Touch & C++, SEO, Finance, Strategy & E-commerce. He speaks English and German and has worked in the US, Europe, and Asia. At Education Ecosystem he is the CEO and runs business operations.

Continue reading

  1. Hack Tools For Pc
  2. Hacking Tools And Software
  3. What Are Hacking Tools
  4. Hacking Tools And Software
  5. Best Hacking Tools 2020
  6. Hacking Tools And Software
  7. Hacking Tools For Pc
  8. Hacker Security Tools
  9. Hack Tools For Games
  10. Hacking Tools For Pc
  11. Hacking Tools Windows
  12. Hacker Tools Online
  13. Tools 4 Hack
  14. Hacking Tools Pc
  15. Github Hacking Tools
  16. Hack Tools Mac
  17. Hacking Tools Kit
  18. Physical Pentest Tools
  19. Hacker Tools Linux
  20. Hack Rom Tools
  21. Hacker Tools For Mac
  22. Hacking Tools Hardware
  23. Game Hacking
  24. Best Hacking Tools 2019
  25. Pentest Tools Framework
  26. Hacker Tools Apk Download
  27. Hacker Tools
  28. Tools 4 Hack
  29. Hacker Tools Windows
  30. Hacker Tools Mac
  31. Hack Tools For Pc
  32. Hack Tools For Ubuntu
  33. Hacker Tools Mac
  34. Hacks And Tools
  35. Pentest Tools Online
  36. Pentest Tools Github
  37. Hacker Tools 2019
  38. Physical Pentest Tools
  39. Hack Rom Tools
  40. Hacker Tools For Windows
  41. Hacker Tools Github
  42. Hacker Tools Hardware
  43. Hacking Tools Free Download
  44. Pentest Tools Open Source
  45. Hacking Tools Kit
  46. Pentest Tools Nmap
  47. Hacker Tools 2019
  48. Hacking Apps
  49. Hak5 Tools
  50. Install Pentest Tools Ubuntu
  51. World No 1 Hacker Software
  52. Blackhat Hacker Tools
  53. Pentest Tools Download
  54. Hacking Tools Download
  55. Hacker Hardware Tools
  56. Best Hacking Tools 2020
  57. Hack Tools Online
  58. Hacking Tools Github
  59. Hacking Tools For Beginners
  60. How To Make Hacking Tools
  61. Hackrf Tools
  62. Black Hat Hacker Tools
  63. Hack Tools Online
  64. Hacker Tools Apk
  65. Computer Hacker
  66. Hacking Tools Name
  67. Game Hacking
  68. Hacking Tools Windows
  69. Hacking Tools Hardware
  70. Github Hacking Tools
  71. Hacking App
  72. Hacking Tools For Windows 7
  73. Hacker Tools Software
  74. Pentest Tools Url Fuzzer
  75. Hacking Tools
  76. Install Pentest Tools Ubuntu
  77. Tools For Hacker
  78. Hacker Tools Free Download
  79. Hacker Tools For Mac
  80. What Is Hacking Tools
  81. Pentest Tools Free
  82. Pentest Tools Tcp Port Scanner
  83. Hacking Tools Download
  84. Pentest Reporting Tools
  85. Pentest Tools Linux
  86. Pentest Tools Url Fuzzer
  87. Hacking Tools Usb
  88. Hacker Tools Github
  89. Hacker Tools Online
  90. Hacking Tools Online
  91. Pentest Tools Port Scanner
  92. Pentest Tools Kali Linux
  93. Hack Tools Pc
  94. Kik Hack Tools
  95. Nsa Hacker Tools
  96. Pentest Tools Open Source
  97. Hacks And Tools
  98. Pentest Recon Tools
  99. Hacking Tools For Windows Free Download
  100. Hacking Tools
  101. Android Hack Tools Github
  102. Hacker Tools Software
  103. Pentest Reporting Tools
  104. Hacker Tools Online
  105. Hacking Tools Windows
  106. Hacker
  107. Kik Hack Tools
  108. Bluetooth Hacking Tools Kali
  109. Hacker Tools List
  110. Game Hacking
  111. Hack Tools For Games
  112. Tools 4 Hack
  113. Hack Tools For Games
  114. Underground Hacker Sites
  115. Hacking Tools Mac
  116. Hack Tools For Pc
  117. Pentest Tools For Mac
  118. Pentest Recon Tools
  119. Hacker Tools Free Download
  120. Hack Tools
  121. Hack Tools For Windows
  122. Hacker Tool Kit
  123. Hackrf Tools
  124. Nsa Hack Tools
  125. New Hack Tools
Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)