OWASP Meeting in Krakow - MacOS malware IR, Linux containers security tips
Szczegóły
Hi OWASPers,
Next OWASP meetup in Krakow will bring two very interesting topics.
Kuba Sendor - former corporate security team manager at Yelp will share his thoughts about malware incident response at scale. During the second presentation, Wojtek Reguła will show some tips and tricks which helps with security assessment of iOS apps.
Please RSVP, save the date and spread the word!
Agenda:
- macOS Malware Incident Response at Scale (Kuba Sendor)
Even for a big incident response team handling all of the repetitive tasks related to malware infections is a tedious endeavor. Malware incident responders spend a lot of their precious time staring at the digital forensics collected from potentially infected macOS systems, without much indication where to look at or which part of the forensic trail to focus on.
Some parts of the process could be automated, e.g. taking the advantage of the open source OSXCollector forensic evidence collection & analysis toolkit (https://github.com/Yelp/osxcollector). This process takes the full advantage of the additional information on suspicious domains, URLs and file hashes. But it still requires a certain degree of configuration and manual maintenance that consumes a lot of attention from malware incident responders.
AMIRA (Automated Malware Incident Response and Analysis) comes to the rescue (https://github.com/Yelp/amira). AMIRA turns the forensic evidence gathered by OSXCollector into an actionable response plan, suggesting the infection source as well as the suspicious files and domains requiring a closer look from an analyst. Furthermore, AMIRA could be easily integrated with the incident response platform, making sure that very little overhead is necessary.
Speaker's bio:
Kuba Sendor (@jsendor) helps companies develop securely in the ever-changing threat landscape. He has experience in automating malware incident response, as well as leading and optimizing security incident response processes.
In the past he was managing Corporate Security team at Yelp, where his team was responsible for analyzing and responding to malware and phishing threats in addition to any other unforeseen security incidents. Before that, he worked as researcher in the Security and Trust group at SAP. Over there he participated in the initiatives related to data access control and privacy policies, way before GDPR was a thing.
He holds double MSc degree in Computer Science from AGH University of Science and Technology, and Telecom ParisTech/Institut Eurecom in Sophia Antipolis, France. In his free time he likes cycling, running and reading conspiracy theory novels.
- Linux containers security tips (Maciej Lasyk)
Maciej will share his experience with building highly secure infrastructures based on containerization concept - Docker, Kubernetes, Podman etc.
- Architectural problems and limitations.
- What you should do and what to avoid?
- ...and why you could reconsider using Alpine Linux in the container.
Speaker's bio:
Cloud Acrobat @Codewise. Open source contributor, enthusiast and evangelist supporting security projects like OWASP and Fedora. Maciej believes in chaos engineering and automation. He’s devoted father and husband as well as multi - sport athlete. You can catch him on Twitter and also see his work in github and his personal blogs.