Security Automation - Python - Introduction
2 likes911 views
This document summarizes how security automation can be applied across different areas including security operations, adversary simulation, application security, DevSecOps, and compliance using various tools and Python. Security automation involves integrating tools and automating tasks to improve processes like alert triage, threat intelligence, penetration testing, code analysis, and incident response that would otherwise be done manually. The presenter provides examples of how tasks like phishing email analysis, forensic investigations, vulnerability scanning, and security control checks can be automated using APIs, Python modules for networking and web applications, and other tools to innovate security operations.
Security Automation - Python - Introduction
- 1. P R E S E N T A T I O N B Y P 3 T 3 R P 4 R K 3 R Introduction Security Automation Python
- 2. Working as a Security Engineer Hello! I Am Santhosh Baswa You can contact me at Twitter@P3t3rP4rk4r
- 4. Automation Innovative & Improve processes using Multiple Integrations. Automation is taking action without human intervention. Scope of Industrialisation.
- 5. It is the automatic handling of a task in machine-based security application that would otherwise be done manually by a cyber security professional. Security Automation
- 6. Security Automation Security Operations (Blue Team) Adversary Simulation & PT (Red Team) Application SecurityDevSecOps Compliance
- 7. SOC Operations (Blue Team) Alert Triage & IR - Integration SIEM - (Log sources) - Correlation Rules & Central Alert System - IR - Team Coordination (Timeline Track) Phishing Triage - Phishing email Analysis. - Extraction IPs & URLs & Attachments. - Integrate & Check those IOCs (F/T) - Automated Email notifications. APIs + Digital Forensic Investigations - Automated Remote Forensic Imaging - Automated Volatility Investigation Report - Innovative Projects (CTI Integrations etc) Threat Intelligence - Integrate Dark Web Intelligence Tools - Track APT + New Malware IOCs - Password Dumps & Email Compromise - Automated Threat Lookups & SIEM
- 8. Adversary Simulation (Red Team) & Penetration Testing RT / Pentest Environment - Automated Phishing Campaigns (PhishFrenzy). - Covert C2 Channels & Beacon Infra (Cobalt Strike) - Client Sensitive Data Sync/Secure Backup. Recon - OSINT (Web Crawling) - Campaign Email Generation - Sensitive Data Collection (Ex:Gitrob) Scan/Enumeration - Controlled NMAP Scans (NSE) - Sub Directories/Domains ReportsExploitation - Modification of Toolset - Payload Generation - AV Bypass payload Test Post Exploitation - Data Exfiltration Automation - Slack/Gmail/Twitter/C2
- 9. 01 02 03 05 04 Bugs/Fixes - Vulnerable Versions & Packages. - Security Bug fixes (Bug Bounty) Testing/Verification - Automated DAST Program. Code/Implementation - Secure Coding Standards. - Static Code Test Automation Requirements & Design - Choose Dependencies / Languages - Secure Application Design Training - Training program for new joiners / experience developers. - Test their abilities through Quiz. Application Security -Automation
- 10. DevSecOps Cloud Infrastructure - Security Monitoring (CloudTrail) - Automated Profile based Security Checks Automated Security Tests - Security Functional Tests (Auth checks) - Default Configs (Apache security config checks) Code Analysis - Static Code Analysis (Vulnerable Functions) Runtime Application Security - Fuzzing/Dynamic checks on Validation. - Automated API input checks.
- 11. Detect & Respond - Automated Incident Scoring - Tracking Incidents Protect - Security Controls Check (NIST) - Track process & Procedures Inventory - External Asset Inventory - Automated Risk Level Categorisation Recovery - Syslog Backups - Downtime - Crisis management Compliance -Automation
- 13. Python Automation Sys/NetworkOps (OS Internals/Command Execution/SSH/SMTP/SNMP) Web modules (OSINT/WebApp Testing/Auth/Injections/Brute force) Cryptography (Hash/Encrypt/Decrypt) Network/Digital Forensics (Steganography/PCAP Analysis/Image Acquisition)
- 15. You can find me at: git@P3t3rp4rk3r Google:”Santhosh Baswa” Any questions? Thanks!