当前位置:首页 > 报告详情

把鸟群赶出我的云端:使用 DuckDB 检测配偶破坏行为.pdf

上传人: 可*** 编号:991796 2025-12-07 36页 1.56MB

1、Get The Flock Out of My Cloud:Using DuckDB to Detect Spousal SabotageJared Gore+Liz GoreJared GoreCloud Security EngineerPrimary Household Contribution:Sourdough Sweetie Liz Gore Director of IT&OperationsPrimary Household Contribution:1/2 finished DIY projectsAccidental IT GuyLiz graduated from SANS

2、 Cyber Academy!She got promoted!She played Baldurs Gate 3!Thenshe got bored.How can we stay sharp and have fun at the same time?Make it a Capture The Flag!Winner Takes AllPlay PerfectionCollaboration Strengthens Both SidesReal Scenarios=Real LearningPush Each Other to Level UpWelcome to the Homelab

3、vibe codedWeb Console/APIshart.clouds“Customers”Fortune 100100 enterprises*Popular Minecraft server(7 concurrent viewers!)Multiple fraud customers mining crypto*1e+200 I dont know what that means eitherCTF Begins:What access does our new employee have?Lizs Starting Point-K8s read-only access-kubelog

4、in SSO to prod clusterDPRK TTP PlaybookInsider Threat Motivation:Money-Access to financialsPower-Control over infrastructureInformation-Secrets that can be extortedPlan of Attack:Begin data reconnaissance for valuable targetsEstablish persistent access via service accounts and rolesEscalate permissi

5、ons across K8s AWS Azure Detect with DuckDBDuckDB-online analytics processing databaseDuckDB has cloud native integrations to services like S3 or Azure BlobSupports CSV,JSON,and Parquet filesFast,Fun,and Free!Detect with DuckDB(pt.2)Tailpipe from Turbot!Open Source SIEM for TerminalModular Plugins f

6、or AWS,Azure,&morehttps:/tailpipe.ioDetect with DuckDB(pt.3)Corkscrew from me!Open Source Cloud Configuration ScannerModular Plugins for AWS,Azure,GCP,K8sQuery Configuration w/SQLhttps:/ Game=Defender Point:Detection query catches attack=Attacker Point:Attack goes undetectedSCOREBOARDDefender:0|Atta

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
1. **标题**:使用DuckDB检测配偶破坏:使用Capture The Flag(CTF)游戏进行网络安全学习。 2. **背景**:文章通过一个家庭实验室的CTF游戏,展示了如何使用DuckDB等工具检测网络安全威胁。 3. **工具**:DuckDB,一个快速、免费且易于使用的在线分析处理数据库,支持CSV、JSON和Parquet文件。 4. **场景**:模拟新员工可能进行的内部威胁攻击,包括数据侦察、权限提升和加密勒索。 5. **结果**:通过DuckDB和其他工具,成功检测到攻击行为,包括秘密枚举、权限提升和加密勒索。 6. **教训**:检测是迭代的,不是完美的;好奇心和团队合作是关键。 7. **CTF**:文章宣布即将发布一个CTF,供更多人参与学习网络安全。
揭秘内部威胁!" 谁是幕后黑手?" 云安全CTF等你来战!"
客服
商务合作
小程序
服务号
折叠