Skip to content

MichalSoltysikSOC/Cybersecurity-content-videos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits

presentations

presentations

 
 

screenshots

screenshots

 
 

README.md

README.md

 
 

Repository files navigation

Cybersecurity content (in English and Polish):

https://www.youtube.com/playlist?list=PL0RdRWQWldOAAKBqOVEutxKMP-a6CNoLY

Michał Sołtysik - Deep packet inspection analyses - why the typical approach is not enough (ENG):

Title of the lecture: Deep packet inspection analyses: why the typical approach is not enough.

Description of the lecture: There is an unquestionable need to perform regular deep packet inspection analyses, i.e. network edge profiling. Providing standard SOC type services that use tools, such as SIEM, SOAR, IPS, WAF, EDR and others leads to a partial waste of human resources due to the constant dealing with the so-called "false positives". The cybersecurity industry is currently characterized by superficiality, insufficient competence and low cyber awareness. Cybercriminals are in possession of hundreds of mechanisms that they regularly take advantage of to break through firewalls. In this lecture, I will present an advanced view of the realities that teams such as SOC are unable to deal with, and explain why this is the case. I will use extensive knowledge of a variety of threats, based on analysis of 252 different network protocols from the areas of IT, OT and IoT.

Content:

Example number 1 - based on different level monitoring of HTTP traffic through SIEM system vs. DPI analysis on the example of RCE - Unauthorized User Account Creation vulnerability.

Example number 2 - based on File Upload / RCE vulnerability and HTTP traffic.

Example number 3 - based on TCP, FTP, DNS, PNIO, ICMP, RTCP, UDP, ICP, NBNS and SNMP traffic.

Example number 4 - based on RTT Measurements during DoS / DDoS cyber attacks.

Example number 5 - based on Modbus/TCP, WTP, H.225.0 RAS, GTP, RTCP and PFCP traffic.

Example number 6 - based on GTP, TIPC and CIGI traffic.

Example number 7 - based on ADwin and BAT_GW traffic.

Example number 8 - based on RCE vulnerability and MANOLITO and EtherCAT traffic.

20 simple tips - how to be a proficient network traffic analyst performing deep packet inspections.

URL: https://www.youtube.com/watch?v=_ulFvQ1z7j8

Click to watch on YouTube:

Michał Sołtysik - Deep packet inspection analyses - why the typical approach is not enough (ENG)

Michał Sołtysik - Remcos RAT threat analysis on Windows including IEC 60870-5-104 traffic (ENG):

Title of the lecture: Remcos RAT threat analysis on Windows including, surprisingly enough, IEC 60870-5-104 traffic.

Description of the lecture: Typically, malware uses popular protocols such as HTTP or TLS to exfiltrate data. However, Remcons uses IEC 60870 part 5, which provides a communication profile for sending basic telecontrol messages between two systems usually in electrical engineering and power system automation, for that very reason.

Content:

Remcos analysis

IEC 60870-5-104 traffic analysis

URL: https://www.youtube.com/watch?v=4fc_NcJxIyw

Click to watch on YouTube:

Michał Sołtysik - Remcos RAT threat analysis on Windows including IEC 60870-5-104 traffic (ENG)

Author:

Michał Sołtysik

Cybersecurity Analyst & Consultant

Specializing in deep packet inspection (i.e. network edge profiling and 0-day attacks).

To date, he has identified 253 protocols in the IT, OT and IoT areas used for cyber attacks.

Additionally, a Digital and Network Forensics Examiner, CyberWarfare Organizer and SOC Trainer.

C)CSA - Certified Cyber Security Analyst

C)NFE - Certified Network Forensics Examiner

C)DFE - Certified Digital Forensics Examiner

WCNA - Wireshark Certified Network Analyst

C|ND - Certified Network Defender

C)PTC - Certified Penetration Testing Consultant

C)PTE - Certified Penetration Testing Engineer

C)PEH - Certified Professional Ethical Hacker

C)VA - Certified Vulnerability Assessor

RvBCWP - Red vs Blue Cyber Warfare Practitioner

CIoTSP - Certified Internet of Things Security Practitioner

OOSE - OPSWAT OT Security Expert

CNSP - Certified Network Security Practitioner

CNSE - Certified Network Security Engineer

CCE - Certified Cybersecurity Expert

CCSS - Certified Cyber Security Specialist

Accredited by ANAB under ISO/IEC 17024.

Accredited by the NSA CNSS 4011-4016.

Approved by DoD under Directive 8570 (previously) / 8140 (presently).

Mapped to NIST / Homeland Security NICCS's Cyber Security Workforce Framework.

Mapped to NCWF (NICE Cybersecurity Workforce Framework).

Approved on the FBI Cyber Security Certification Requirement list (Tier 1-3).

Recognized by NCSC - part of GCHQ (UK's intelligence, security, and cyber agency).

Contact:

Mail: mikewavepoland@gmail.com

LinkedIn: https://www.linkedin.com/in/michal-soltysik-ssh-soc/

Accredible: https://www.credential.net/profile/michalsoltysik/wallet

About

Cybersecurity content (YouTube videos) | (1) Deep packet inspection analyses - why the typical approach is not enough | (2) Remcos RAT threat analysis on Windows including IEC 60870-5-104 traffic

www.youtube.com/playlist?list=PL0RdRWQWldOAAKBqOVEutxKMP-a6CNoLY

Topics

network-forensics dpi wireshark rtt rdt network-security deep-packet-inspection round-trip-time rtt-calculation rtt-measurement round-trip-delay-time round-trip wireshark-cheatsheet wireshark-cheat-sheet wireshark-capture rtt-measurements remcos deep-packet-inspection-analysis deep-packet-inspection-analyses

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published