Incident Response tactics with Compromise Indicators
|
|
- Margaret Quinn
- 5 years ago
- Views:
Transcription
1 Vladimir Kropotov, Vitaly Chetvertakov, Fyodor Yarochkin RusCrypto 2014 March 25-28, 2014
2 Outline Basics Standards Tools Sharing IOCs IOCs composites Case Study More on Tools Questions
3 Introduction Indicators of Compromise Indicator of compromise (IOC) in computer forensics is an artifact observed on network or in operating system that with high confidence indicates a computer intrusion.
4 IOC workflow A typical flow with Indicators of Compromise: source: Sophisticated indicators for the modern threat landscape, 2012 paper
5 Standards: OpenIOC OpenIOC - Mandiant-backed effort for unform representation of IOC (now FireEye)
6 Standards: Mitre Mitre CybOX: Mitre CAPEC: Mitre STIX: Mitre TAXII
7 Open-source tools OpenIOC manipulation Mantis Threat Intelligence Framework Mantis supports STIX/CybOX/IODEF/OpenIOC etc via importers: Search splunk data for IOC indicators: Our framework:
8 Online Sharing of IOCs
9 Policies on Sharing Policies on sharing IOCs: what to be shared/can be shared who to share with when to share
10 Where to look for IOCs: Outbound Network Traffic User Activities/Failed Logins User profile folders Administrative Access Access from unsual IP addresses Database IO: excessive READs Size of responses of web pages Unusual access to particular files within Web Application (backdoor) Unusual port/protocol connections DNS and HTTP traffic requests Suspicious Scripts, Executables and Data Files
11 Challenges Why we need IOCs? because it makes it easier to systematically describe knowledge about breaches. Identifying intrusions is hard Unfair game: defender should protect all the assets attacker only needs to poop one system. Identifying targeted, organized intrusions is even harder Minor anomalous events are important when put together Seeing global picture is a mast Details matter Attribution is hard
12 Challenges All networks are compromised The difference between a good security team and a bad security team is that with a bad security team you will never know that you ve been compromised.
13 An Example A Network compromise case study: Attackers broke via a web vuln. Attackers gained local admin access Attackers created a local user Attackers started probing other machines for default user ids Attackers launched tunneling tools connecting back to C2 Attackers installed RATs to maintain access
14 Indicators So what are the compromise indicators here? Where did attackers come from? (IP) What vulnerability was exploited? (pattern) What web backdoor was used? (pattern, hash) What tools were uploaded? (hashes) What users were created locally? (username) What usernames were probed on other machines
15 Good or Bad? F i l e Name : R a s T l s. e x e F i l e S i z e : 105 kb F i l e Mo dificat ion Date /Time : 2009: 02: 09 19:42:05+08:00 F i l e Type : Win32 EXE MIME Type : a p p l i c a t i o n / o c t e t s t r e a m Machine Type : I n t e l 386 o r l a t e r, and c o m p a t i b l e s Time Stamp : : 0 2 : :38:37+08:00 PE Type : PE32 L i n k e r V e r s i o n : 8. 0 Code S i z e : I n i t i a l i z e d Data S i z e : U n i n i t i a l i z e d Data S i z e : 0 E n t r y P o i n t : 0 x3d76 OS V e r s i o n : 4. 0 Image V e r s i o n : 0. 0 S u b s y s t e m V e r s i o n : 4. 0 S u b s y s t e m : Windows GUI F i l e V e r s i o n Number : P r o d u c t V e r s i o n Number : F i l e OS : Windows NT 32 b i t O b j e c t F i l e Type : E x e c u t a b l e a p p l i c a t i o n Language Code : E n g l i s h (U. S. ) C h a r a c t e r Set : Windows, L a t i n 1 Company Name : Symantec C o r p o r a t i o n F i l e D e s c r i p t i o n : Symantec x S u p p l i c a n t F i l e V e r s i o n : I n t e r n a l Name : d o t 1 x t r a y
16 It really depends on context RasTls. DLL RasTls. DLL. msc RasTls. exe Dynamic-Link Library Search Order
17 Tools for Dynamic Detection of IOC Snort Yara + yara-enabled tools Moloch Splunk/Log search
18 Tools for Dynamic Detection Moloch Moloch supports Yara (IOCs can be directly applied) Moloch has tagger plugin: # t a g g e r. so # p r o v i d e s a b i l i t y to import t e x t f i l e s with IP and/ or hostn # i n t o a s e n s o r t h a t would cause a u t o t a g g i n g o f a l l matching p l u g i n s=t a g g e r. so t a g g e r I p F i l e s=b l a c k l i s t, tag, tag, tag... t a g g e r D o m a i n F i l e s=d o m a i n b a s e d b l a c k l i s t s, tag, tag, tag
19 Sources of IOCs ioc bucket: Public blacklists/trackers could also be used as source: https: //zeustracker.abuse.ch/blocklist.php?download=ipblocklist https: //zeustracker.abuse.ch/blocklist.php?download=domainblocklist Eset IOC repository more coming?
20 where to mine IOC passive HTTP (keep your data recorded) passive DNS These platforms provide ability to mine traffic or patterns from the past based on IOC similarity show me all the packets similar to this IOC We implemented a whois service for IOC look-ups whois h i o c. h o s t. com a t t r i b u t e : v a l u e+a t t r i b u t e : v a l u e
21 Mining IOCs from your own data find and investigate incident Or even read paper determine indicators and test it in YOUR Environment use new indicators in the future see IOC cycle we mentioned earlier
22 Example If event chain leads to compromise h t t p : / / h t t p : / / h t t p : / / h t t p : / / l i a p o l a s e n s [. ] i n f o / indexm. h t m l l i a p o l a s e n s [. ] i n f o / c o u n t e r. php? t=f&v=win %2011,7,700,169& a=t r u e l i a p o l a s e n s [. ] i n f o /354 R I c x l i a p o l a s e n s [. ] i n f o /054 R I c x What to do?
23 Use YARA, or tune your own tools r u l e { susp_params_in_url_kind_of_fileless_bot_drive_by meta : date = " oct 2013 " d e s c r i p t i o n = " L a n d i n g hxxp : / / j d a t a s t o r e l a m e. i n f o / indexm. h t m l : d e s c r i p t i o n 1 = " J a v a S p l o i t hxxp : / / j d a t a s t o r e l a m e. i n f o /054 RIwj " s t r i n g s : $ s t r i n g 0 = " h t t p " $ s t r i n g 1 = " indexm. h t m l " $ s t r i n g 2 = " 054 RI " } c o n d i t i o n : a l l o f them
24 Use snort to catch suspicious traffic: # many plugx d e p l o y m e n t s c o n n e c t t o g o o g l e DNS when n o t i n u s e a l e r t t c p! $DNS_SERVERS any > ( msg : "APT p o s s i b l e PlugX G o o g l e DNS TCP p o r t 53 c o n n e c t i o n a t t e m p t " ; c l a s s t y p e : misc a c t i v i t y ; s i d : ; r e v : 1 ; )
25 GRR: Google Rapid Response: Hunting IOC artifacts with GRR
26 GRR: Creating rules
27 GRR: hunt in progress
28 IOC management portal
29 IOC exportable to json { " 8000 " : { " IP " : [ , , , , 2 1 " f y f l a s h " : { " IP " : [ , , , , , , ], " Domain " : [ wmi. n s 0 1. u s, p r o x y. ddns. i n f o, windows. ddns. u s, m i c r o s a f e s. no i p. o r g, f u c k c h i n a. govnb. com, i d s. n s 0 1. u s, u p d a t e d n s. n s 0 1. u s, u p d a t e d n s. n s 0 2. u s, a d s e r v i c e. no i p. o r g, j a v a. n s 1. name ], "MD5" : [ 7d810e3564c4eb95bcb3d11ce191208e, 1ec ec9092db ] }, " b t c " : { " IP " : [ ] }, " s l v b u s o " : { "MD5" : [ F17E3B014B9BCE89A793F5775B2 ], " Domain " : [ h e l l d a r k. b i z ] }, " s p " : { " IP " : [ , , , , , , ] }, "pw" : { " IP " : [ , ] }, " sophmdropfqi " : { "MD5" : [ c f f d 9 f a 5 c d 5 6 b b a 4 9 ], " Domain " : [ s a m i o l l o. o r g ] " s y m s r " : { " IP " : [ , , ], " Domain " : [ w e r t d g h b y r u k l. ch, r g t r y h b g d d t y h. b i z ] } " f a k e i n s t r " : { " IP " : [ , , ] }, " m s P r o l a c o " : { " Domain " : [ k a t h e l l. com, c o g i n i x. o r g ] } }
30 and every manager loves graphs :p
31 Q and A Or contact us at...
MySQL Attack Mitigation Using Deception Technology
1 RESEARCH REPORT : MySQL Attack Mitigation Using Deception Technology RESEARCH REPORT MySQL Attack Mitigation Using Deception Technology A Report by TrapX Labs December 31, 2016 2 RESEARCH REPORT : MySQL
More informationExtending MISP with Python modules MISP - Malware Information Sharing Platform & Threat Sharing
Extending MISP with Python modules MISP - Malware Information Sharing Platform & Threat Sharing Alexandre Dulaunoy Andras Iklody TLP:WHITE June 16, 2016 Why we want to go more modular... Ways to extend
More informationExtending MISP with Python modules MISP - Malware Information Sharing Platform & Threat Sharing
Extending MISP with Python modules MISP - Malware Information Sharing Platform & Threat Sharing MISP Project @MISPProject TLP:WHITE MISP Training - @SWITCH - 20161206 Why we want to go more modular...
More informationInformation Sharing and Taxonomies Practical Classification of Threat Indicators using MISP
Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP MISP Project @MISPProject - TLP:WHITE MISP Workshop @SWITCH - 20161206 From Tagging to Flexible Taxonomies Tagging
More informationInformation Sharing and Taxonomies Practical Classification of Threat Indicators using MISP
Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP Alexandre Dulaunoy - TLP:WHITE June 16, 2016 From Tagging to Flexible Taxonomies Tagging is a simple way to attach
More informationPyMISP - (ab)using MISP API with PyMISP MISP - Malware Information Sharing Platform & Threat Sharing
PyMISP - (ab)using MISP API with PyMISP MISP - Malware Information Sharing Platform & Threat Sharing Alexandre Dulaunoy Andras Iklody Raphaël Vinot TLP:WHITE http://www.misp-project.org/ Twitter: @MISPProject
More informationMISP Galaxy. Threat Sharing. Team CIRCL. MISP CIRCL
MISP Galaxy http://www.misp-project.org/ Twitter: @MISPProject MISP Training @ CIRCL 20181218 Team CIRCL Threat Sharing MISP Galaxies MISP started out as a platform for technical indicator sharing The
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T WO R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationYes, the Library will be accessible via the new PULSE and the existing desktop version of PULSE.
F R E Q U E N T L Y A S K E D Q U E S T I O N S THE LIBRARY GENERAL W H A T I S T H E L I B R A R Y? The Library is the new, shorter, simpler name for the Business Development (Biz Dev) Library. It s your
More informationPatrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies
Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies Jun Dai, Xiaoyan Sun, and Peng Liu College of Information Sciences and Technology Pennsylvania State University,
More informationPortal for ArcGIS: An Introduction. Catherine Hynes and Derek Law
Portal for ArcGIS: An Introduction Catherine Hynes and Derek Law Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options and groups Portal for ArcGIS
More informationLeveraging Web GIS: An Introduction to the ArcGIS portal
Leveraging Web GIS: An Introduction to the ArcGIS portal Derek Law Product Management DLaw@esri.com Agenda Web GIS pattern Product overview Installation and deployment Configuration options Security options
More informationIntroduction to Portal for ArcGIS
Introduction to Portal for ArcGIS Derek Law Product Management March 10 th, 2015 Esri Developer Summit 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationPortal for ArcGIS: An Introduction
Portal for ArcGIS: An Introduction Derek Law Esri Product Management Esri UC 2014 Technical Workshop Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration
More informationDeep-dive into PyMISP MISP - Malware Information Sharing Platform & Threat Sharing
Deep-dive into PyMISP MISP - Malware Information Sharing Platform & Threat Sharing Team CIRCL http://www.misp-project.org/ Twitter: @MISPProject MISP Training @ Helsinki 20180423 Context MISP is complex
More informationT H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K
1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi T H R E A T S A R E
More informationCyber-Awareness and Games of Incomplete Information
Cyber-Awareness and Games of Incomplete Information Jeff S Shamma Georgia Institute of Technology ARO/MURI Annual Review August 23 24, 2010 Preview Game theoretic modeling formalisms Main issue: Information
More informationIntroduction to Portal for ArcGIS. Hao LEE November 12, 2015
Introduction to Portal for ArcGIS Hao LEE November 12, 2015 Agenda Web GIS pattern Product overview Installation and deployment Security and groups Configuration options Portal for ArcGIS + ArcGIS for
More informationAttack Graph Modeling and Generation
Attack Graph Modeling and Generation Ratnesh Kumar, Professor, IEEE Fellow Electrical and Computer Engineering, Iowa State University PhD Students: Mariam Ibrahim German Jordanian University Attack Graph:
More informationIt s about time... The only timeline tool you ll ever need!
It s about time... The only timeline tool you ll ever need! Introduction about me Jon Tomczak Senior Consultant Crypsis Game Dev turned Forensicator Past: Started TZWorks in 2006 Consultant at Mandiant
More informationWeb georeference of historical maps
Vassilios Tsioukas Web georeference of historical maps Keywords: Historical maps, Georeference, Cartography, Cartographic Heritage Summary The creation of an application to perform the geo-referencing
More informationLeveraging ArcGIS Online Elevation and Hydrology Services. Steve Kopp, Jian Lange
Leveraging ArcGIS Online Elevation and Hydrology Services Steve Kopp, Jian Lange Topics An overview of ArcGIS Online Elevation Analysis Using Elevation Analysis Services in ArcGIS for Desktop Using Elevation
More informationInformation Sharing and Taxonomies Practical Classification of Threat Indicators using MISP
Information Sharing and Taxonomies Practical Classification of Threat Indicators using MISP Alexandre Dulaunoy - TLP:WHITE January 26, 2016 Quick MISP introduction MISP 1 is an IOC and threat indicators
More informationCHAPTER 22 GEOGRAPHIC INFORMATION SYSTEMS
CHAPTER 22 GEOGRAPHIC INFORMATION SYSTEMS PURPOSE: This chapter establishes the administration and use of to improve the quality and accessibility of Department s spatial information and support graphical
More informationWeb GIS Deployment for Administrators. Vanessa Ramirez Solution Engineer, Natural Resources, Esri
Web GIS Deployment for Administrators Vanessa Ramirez Solution Engineer, Natural Resources, Esri Agenda Web GIS Concepts Web GIS Deployment Patterns Components of an On-Premises Web GIS Federation of Server
More informationAccount Setup. STEP 1: Create Enhanced View Account
SpyMeSatGov Access Guide - Android DigitalGlobe Imagery Enhanced View How to setup, search and download imagery from DigitalGlobe utilizing NGA s Enhanced View license Account Setup SpyMeSatGov uses a
More informationIncorporating ArcGIS Pro in your Curriculum
AAG, Boston 2017 April 5, 2017 Incorporating ArcGIS Pro in your Curriculum Geri Miller Agenda Concerns Acknowledged Learning curve ArcGIS Pro does not have all the tools (perception) Licensing and offline
More informationManagement of Geological Information for Mining Sector Development and Investment Attraction Examples from Uganda and Tanzania
Mineral Wealth Conference 2016 Kampala / Uganda Management of Geological Information for Mining Sector Development and Investment Attraction Examples from Uganda and Tanzania Andreas Barth 1, Andreas Knobloch
More informationAnalytical data, the web, and standards for unified laboratory informatics databases
Analytical data, the web, and standards for unified laboratory informatics databases Presented By Patrick D. Wheeler & Graham A. McGibbon ACS San Diego 16 March, 2016 Sources Process, Analyze Interfaces,
More informationR E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H.
R E A D : E S S E N T I A L S C R U M : A P R A C T I C A L G U I D E T O T H E M O S T P O P U L A R A G I L E P R O C E S S. C H. 5 S O F T W A R E E N G I N E E R I N G B Y S O M M E R V I L L E S E
More informationDetection and Mitigation of Cyber-Attacks Using Game Theory and Learning
Detection and Mitigation of Cyber-Attacks Using Game Theory and Learning João P. Hespanha Kyriakos G. Vamvoudakis Cyber Situation Awareness Framework Mission Cyber-Assets Simulation/Live Security Exercises
More informationSemantic 3D City Models for Strategic Energy Planning in Berlin & London
Semantic 3D City Models for Strategic Energy Planning in Berlin & London The content of this presentation is provided by Zhihang Yao, Robert Kaden, and Thomas H. Kolbe Chair of Geoinformatics, TU München
More informationArcGIS GeoAnalytics Server: An Introduction. Sarah Ambrose and Ravi Narayanan
ArcGIS GeoAnalytics Server: An Introduction Sarah Ambrose and Ravi Narayanan Overview Introduction Demos Analysis Concepts using GeoAnalytics Server GeoAnalytics Data Sources GeoAnalytics Server Administration
More informationEasySDM: A Spatial Data Mining Platform
EasySDM: A Spatial Data Mining Platform (User Manual) Authors: Amine Abdaoui and Mohamed Ala Al Chikha, Students at the National Computing Engineering School. Algiers. June 2013. 1. Overview EasySDM is
More informationWhat s New. August 2013
What s New. August 2013 Tom Schwartzman Esri tschwartzman@esri.com Esri UC2013. Technical Workshop. What is new in ArcGIS 10.2 for Server ArcGIS 10.2 for Desktop Major Themes Why should I use ArcGIS 10.2
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationAn IDS Visualization System for Anomalous Warning Events
International Journal of Networked and Distributed Computing, Vol. 2, No. 1 (January 2014), 45-53 An IDS Visualization System for Anomalous Warning Events Satoshi Kimura 1 Hiroyuki Inaba 2 1 Computer Science,
More informationArcGIS Enterprise: What s New. Philip Heede Shannon Kalisky Melanie Summers Sam Williamson
ArcGIS Enterprise: What s New Philip Heede Shannon Kalisky Melanie Summers Sam Williamson ArcGIS Enterprise is the new name for ArcGIS for Server What is ArcGIS Enterprise ArcGIS Enterprise is powerful
More informationPI SERVER 2012 Do. More. Faster. Now! Copyr i g h t 2012 O S Is o f t, L L C. 1
PI SERVER 2012 Do. More. Faster. Now! Copyr i g h t 2012 O S Is o f t, L L C. 1 AUGUST 7, 2007 APRIL 14, 2010 APRIL 24, 2012 Copyr i g h t 2012 O S Is o f t, L L C. 2 PI Data Archive Security PI Asset
More informationWinmostar tutorial LAMMPS Polymer modeling V X-Ability Co,. Ltd. 2017/7/6
Winmostar tutorial LAMMPS Polymer modeling V7.021 X-Ability Co,. Ltd. question@winmostar.com 2017/7/6 Contents Configure I. Register a monomer II. Define a polymer III. Build a simulation cell IV. Execute
More informationGPS Mapping with Esri s Collector App. What We ll Cover
GPS Mapping with Esri s Collector App Part 1: Overview What We ll Cover Part 1: Overview and requirements Part 2: Preparing the data in ArcGIS for Desktop Part 3: Build a web map in ArcGIS Online Part
More informationARGUS.net IS THREE SOLUTIONS IN ONE
OVERVIEW H i g h l y c o n f i g u r a b l e s o f t w a r e a c c o m m o d a t e s a w i d e r a n g e o f c o l l e c t i o n s T h r e e s o l u t i o n s c o v e r P o r t a l s, C o l l e c t i o
More informationDATA SCIENCE SIMPLIFIED USING ARCGIS API FOR PYTHON
DATA SCIENCE SIMPLIFIED USING ARCGIS API FOR PYTHON LEAD CONSULTANT, INFOSYS LIMITED SEZ Survey No. 41 (pt) 50 (pt), Singapore Township PO, Ghatkesar Mandal, Hyderabad, Telengana 500088 Word Limit of the
More informationEvaluating Physical, Chemical, and Biological Impacts from the Savannah Harbor Expansion Project Cooperative Agreement Number W912HZ
Evaluating Physical, Chemical, and Biological Impacts from the Savannah Harbor Expansion Project Cooperative Agreement Number W912HZ-13-2-0013 Annual Report FY 2018 Submitted by Sergio Bernardes and Marguerite
More informationArcGIS Web Tools, Templates, and Solutions for Defence & Intelligence. Renee Bernstein Esri Solutions Engineer
ArcGIS Web Tools, Templates, and Solutions for Defence & Intelligence Renee Bernstein Esri Solutions Engineer ArcGIS Solutions Includes 450+ Industry Focused Apps and Capabilities Organized by 9 Primary
More informationIntelMQ - a KISS incident handling automation project (IHAP)
IntelMQ - a KISS incident handling automation project (IHAP) L. Aaron Kaplan kaplan@cert.at Sebastian Wagner wagner@cert.at Tomás Lima tomas.lima@cert.pt 2015-11-21 Overview 1 cert.at 2 Motivation 3 Intro
More informationUnsupervised Anomaly Detection for High Dimensional Data
Unsupervised Anomaly Detection for High Dimensional Data Department of Mathematics, Rowan University. July 19th, 2013 International Workshop in Sequential Methodologies (IWSM-2013) Outline of Talk Motivation
More informationSolving Polynomial Systems in the Cloud with Polynomial Homotopy Continuation
Solving Polynomial Systems in the Cloud with Polynomial Homotopy Continuation Jan Verschelde joint with Nathan Bliss, Jeff Sommars, and Xiangcheng Yu University of Illinois at Chicago Department of Mathematics,
More informationMISP Training: Galaxies
MISP Training: Galaxies Team CIRCL http://www.misp-project.org/ Twitter: @MISPProject MISP Training @ Helsinki 20180423 MISP Galaxies MISP started out as a platform for technical indicator sharing The
More informationAmong various open-source GIS programs, QGIS can be the best suitable option which can be used across partners for reasons outlined below.
Comparison of Geographic Information Systems (GIS) software As of January 2018, WHO has reached an agreement with ESRI (an international supplier of GIS software) for an unlimited use of ArcGIS Desktop
More informationA Reconfigurable Quantum Computer
A Reconfigurable Quantum Computer David Moehring CEO, IonQ, Inc. College Park, MD Quantum Computing for Business 4-6 December 2017, Mountain View, CA IonQ Highlights Full Stack Quantum Computing Company
More informationWho are we? Cesena Security and Network Applications. Why join CeSeNA?
Unexpected inputs: the danger of data and code injection Who are we? Cesena Security and Network Applications We like computer security and we want to share our knowledge. Founded by Marco Ramilli in 2005.
More informationSMS Support in Tally.CRM Table of Contents
SMS Support in Tally.CRM Table of Contents 1. Introduction / Objective... 2 2. Steps to enable/configure Preferred Mobile Number... 2 i. For you as Admin or Owner of the Business... 2 ii. For your Support
More informationArcGIS Pro Q&A Session. NWGIS Conference, October 11, 2017 With John Sharrard, Esri GIS Solutions Engineer
ArcGIS Pro Q&A Session NWGIS Conference, October 11, 2017 With John Sharrard, Esri GIS Solutions Engineer jsharrard@esri.com ArcGIS Desktop The applications ArcGIS Pro ArcMap ArcCatalog ArcScene ArcGlobe
More informationForensic Analysis of Database Tampering
orensic Analysis of Database Tampering Kyriacos Pavlou and Richard T. Snodgrass Computer Science Department The University of Arizona Introduction The problem : How to systematically perform forensic analysis
More informationThe Geo Web: Enabling GIS on the Internet IT4GIS Keith T. Weber, GISP GIS Director ISU GIS Training and Research Center.
The Geo Web: Enabling GIS on the Internet IT4GIS Keith T. Weber, GISP GIS Director ISU GIS Training and Research Center In the Beginning GIS was independent The GIS analyst or manager was typically a oneperson
More informationWhy GIS & Why Internet GIS?
Why GIS & Why Internet GIS? The Internet bandwagon Internet mapping (e.g., MapQuest) Location-based services Real-time navigation (e.g., traffic) Real-time service dispatch Business Intelligence Spatial
More informationK D A A M P L I F I E R S F I R M W A R E U S E R G U I D E
K D A A M P L I F I E R S F I R M W A R E U S E R G U I D E T A B L E O F C O N T E N T S S E C T I O N 1 : P R E PA R I N G Y O U R F I L E S Via Network Router 3 S E C T I O N 2 : A C C E S S I N G T
More informationarxiv: v1 [cs.cr] 20 Dec 2012
Modeling and Performance Evaluation of Computer Systems Security Operation D. Guster N. K. Krivulin arxiv:1212.5289v1 [cs.cr] 20 Dec 2012 Abstract A model of computer system security operation is developed
More informationLord of the Bing. Taking Back Search Engine Hacking From Google and Bing. 18 MAY 2011 TakeDownCon 2011 Dallas, TX
Lord of the Bing Taking Back Search Engine Hacking From Google and Bing 18 MAY 2011 TakeDownCon 2011 Dallas, TX Presented by: Francis Brown Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W Introduction/Background
More informationKL12LM Corded Cap Lamp
KL12LM Corded Cap Lamp 1pcs main light and 2pcs auxiliary lights 10.4Ah (strong light) 800mA (working light) 450mA Power of the main light (strong light) 2.4W Power of the main light (working light) 1.4W
More informationAn Optimization Approach In Information Security Risk Management
Advances in Management & Applied Economics, vol.2, no.3, 2012, 1-12 ISSN: 1792-7544 (print version), 1792-7552 (online) Scienpress Ltd, 2012 An Optimization Approach In Information Security Risk Management
More informationOffice of Technology Partnerships GIS Collaboration
Office of Technology Partnerships GIS Collaboration State GIS Update April 21, 2017 Mark Holmes, GISP Outline MGF Upgrade Project Census Programs Imagery Update LiDAR Update Open Discussion 2 MGF Background
More informationThe iplant Collaborative Semantic Web Platform
The iplant Collaborative Semantic Web Platform W O R K S H O P O N S E M A N T I C S I N G E O S PAT I A L A R C H I T E C T U R E S : A P P L I C AT I O N S A N D I M P L E M E N TAT I O N O c t o b e
More informationcombined with the computing power of the W4M infrastructure
An efficient GUI tool for spectra processing from 1D 1H-NMR metabolomics data combined with the computing power of the W4M infrastructure Daniel Jacob Marie Lefebvre Two major metabolomics approaches Metabolic
More informationUniversity of New Hampshire Scholars' Repository
University of New Hampshire University of New Hampshire Scholars' Repository Center for Coastal and Ocean Mapping Center for Coastal and Ocean Mapping 3-2009 Environmental Response Management Application
More informationMagnetar Games Corporation
'The higher we soar the smaller we appear to those who cannot fly.. Friedrich Nietzsche Magnetar Games Corporation Magnetar Multiverse Highlights! Standards based virtual alternate reality authoring and
More informationNV-DVR09NET NV-DVR016NET
NV-DVR09NET NV-DVR016NET !,.,. :,.!,,.,!,,, CMOS/MOSFET. : 89/336/EEC, 93/68/EEC, 72/23/EEC,.,,. Novus Security Sp z o.o... 4 1. NV-DVR09NET NV-DVR016NET. 2.,. 3.,... 4... ( ) /. 5..... 6.,,.,. 7.,.. 8.,,.
More informationTreesCount! NYC Innovation & Emerging Technologies Workgroup. Culture of Innovation in NYC Government Series. Session will begin at 1:00 pm
NYC Innovation & Emerging Technologies Workgroup NYC Innovation & Emerging Technologies Workgroup Presents: Culture of Innovation in NYC Government Series TreesCount! Session will begin at 1:00 pm 1 NYC
More informationAdministering your Enterprise Geodatabase using Python. Jill Penney
Administering your Enterprise Geodatabase using Python Jill Penney Assumptions Basic knowledge of python Basic knowledge enterprise geodatabases and workflows You want code Please turn off or silence cell
More informationIntegration of ArcFM UT with SCADA, SAP, MAXIMO and Network Calculation
Integration of ArcFM UT with SCADA, SAP, MAXIMO and Network Calculation Peter Harabin (VSE) Martin Mydliar (ArcGEO) July 9, 2013 Esri International User Conference Agenda > Business/process part = WHAT
More informationFrom Geographics Stella to Bentley Map Stella Map. Kimmo Soukki, Account Manager Bentley Finland
From Geographics Stella to Bentley Map Stella Map Kimmo Soukki, Account Manager Bentley Finland This presentation Stella? Why migrate? New Bentley Stella Map - How it is done? Data migration Bonuses? What
More informationRoberto Perdisci^+, Guofei Gu^, Wenke Lee^ presented by Roberto Perdisci. ^Georgia Institute of Technology, Atlanta, GA, USA
U s i n g a n E n s e m b l e o f O n e - C l a s s S V M C l a s s i f i e r s t o H a r d e n P a y l o a d - B a s e d A n o m a l y D e t e c t i o n S y s t e m s Roberto Perdisci^+, Guofei Gu^, Wenke
More informationEnabling ENVI. ArcGIS for Server
Enabling ENVI throughh ArcGIS for Server 1 Imagery: A Unique and Valuable Source of Data Imagery is not just a base map, but a layer of rich information that can address problems faced by GIS users. >
More informationRapid Application Development using InforSense Open Workflow and Daylight Technologies Deliver Discovery Value
Rapid Application Development using InforSense Open Workflow and Daylight Technologies Deliver Discovery Value Anthony Arvanites Daylight User Group Meeting March 10, 2005 Outline 1. Company Introduction
More informationArcGIS Deployment Pattern. Azlina Mahad
ArcGIS Deployment Pattern Azlina Mahad Agenda Deployment Options Cloud Portal ArcGIS Server Data Publication Mobile System Management Desktop Web Device ArcGIS An Integrated Web GIS Platform Portal Providing
More informationA study of entropy transfers
A study of entropy transfers in the Linux Random Number Generator Th. Vuillemin, F. Goichon, G. Salagnac, C. Lauradoux The need for random numbers Computers are built to be fully deterministic......but
More informationLesser Sunda - Banda Seascape Atlas
Lesser Sunda - Banda Seascape Atlas Report prepared for the development of online interactive map for Lesser Sunda Banda Seascape by WorldFish December 2014 http://sbsatlas.reefbase.org Page 1 of 8 Table
More informationPython. Tutorial. Jan Pöschko. March 22, Graz University of Technology
Tutorial Graz University of Technology March 22, 2010 Why? is: very readable easy to learn interpreted & interactive like a UNIX shell, only better object-oriented but not religious about it slower than
More informationEffective Entropy for Memory Randomization Defenses
Effective Entropy for Memory Randomization Defenses William Herlands, Thomas Hobson, Paula Donovan 7 th Workshop on Cyber Security Experimentation and Test 18 August 2014 This work is sponsored by Assistant
More informationMassHunter TOF/QTOF Users Meeting
MassHunter TOF/QTOF Users Meeting 1 Qualitative Analysis Workflows Workflows in Qualitative Analysis allow the user to only see and work with the areas and dialog boxes they need for their specific tasks
More informationTechnical Specifications. Form of the standard
Used by popular acceptance Voluntary Implementation Mandatory Legally enforced Technical Specifications Conventions Guidelines Form of the standard Restrictive Information System Structures Contents Values
More informationArcGIS Enterprise: What s New. Philip Heede Shannon Kalisky Melanie Summers Shreyas Shinde
ArcGIS Enterprise: What s New Philip Heede Shannon Kalisky Melanie Summers Shreyas Shinde ArcGIS Enterprise is the new name for ArcGIS for Server ArcGIS Enterprise Software Components ArcGIS Server Portal
More information31 Dec '01 07 Jan '02 14 Jan '02 21 Jan '02 28 Jan '02 M T W T F S S M T W T F S S M T W T F S S M T W T F S S M T W T F S S
ID Task Name Duration 0 7 Month Project Plan Template 158.5 days 1 1 Preproduction 81.5 days 2 1.1 Project Clarification 12.5 days 3 1.1.1 Clarify/Audit Commercial (inc. Marketing) requirements/objectives
More informationGIS-based Smart Campus System using 3D Modeling
GIS-based Smart Campus System using 3D Modeling Smita Sengupta GISE Advance Research Lab. IIT Bombay, Powai Mumbai 400 076, India smitas@cse.iitb.ac.in Concept of Smart Campus System Overview of IITB Campus
More informationGIS Functions and Integration. Tyler Pauley Associate Consultant
GIS Functions and Integration Tyler Pauley Associate Consultant Contents GIS in AgileAssets products Displaying data within AMS Symbolizing the map display Display on Bing Maps Demo- Displaying a map in
More informationUsing OGC standards to improve the common
Using OGC standards to improve the common operational picture Abstract A "Common Operational Picture", or a, is a single identical display of relevant operational information shared by many users. The
More informationCryptographic Hashing
Innovation and Cryptoventures Cryptographic Hashing Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Campbell R. Harvey 2017 2 Overview Cryptographic
More informationionos The most advanced stable isotope software ever created
ionos The most advanced stable isotope software ever created ionos Fast and robust data processing of the most complex samples ionos is the most advanced software ever created for the stable isotope community.
More informationIntroduction to ArcGIS Maps for Office. Greg Ponto Scott Ball
Introduction to ArcGIS Maps for Office Greg Ponto Scott Ball Agenda What is Maps for Office? Platform overview What are Apps for the Office? ArcGIS Maps for Office features - Visualization - Geoenrichment
More informationWeb GIS Administration: Tips and Tricks
EdUC 2017 July 8 th, 2017 Web GIS Administration: Tips and Tricks Geri Miller Agenda Concerns Acknowledged User Management Content Management Monitoring Licensing and logins Sophistication of IT support
More informationLeveraging Your Geo-spatial Data Investments with Quantum GIS: an Open Source Geographic Information System
Leveraging Your Geo-spatial Data Investments with Quantum GIS: an Open Source Geographic Information System Donald L. Schrupp Colorado Division of Wildlife (Retired) Danny Lewis Texas Parks and Wildlife
More informationHosted by Esri Official Distributor
Hosted by Esri Official Distributor Esri European User Conference October 15-17, 2012 Oslo, Norway Hosted by Esri Official Distributor Interoperability and Standards Support in ArcGIS 10.1 Roberto Lucchi
More informationEsri WebGIS Highlights of What s New, and the Road Ahead
West Virginia GIS Conference WVU, Morgantown, WV Esri WebGIS Highlights of What s New, and the Road Ahead Mark Scott, Solutions Engineer, Esri Local Government Team May 5 th, 2016 West Virginia GIS Conference
More informationMantaRay Documentation
MantaRay Documentation Release 1.3.8 Douglas Koster, Kevin Murphy, Chapin Bryce Sep 27, 2017 Contents 1 About MantaRay 1 2 Careers 3 3 Contributors 5 4 MantaRay Forensics 7 5 Overview 9 6 Dependencies
More informationExtremes analysis: the. ETCCDI twopronged
Manola Brunet University Rovira i Virgili, Tarragona, Catalonia Extremes analysis: the Title ETCCDI twopronged approach 5 December 2017 Fourth Session of the ETCCDI, Victoria, Feb 2011 The role of the
More informationFIRE DEPARMENT SANTA CLARA COUNTY
DEFINITION FIRE DEPARMENT SANTA CLARA COUNTY GEOGRAPHIC INFORMATION SYSTEM (GIS) ANALYST Under the direction of the Information Technology Officer, the GIS Analyst provides geo-spatial strategic planning,
More informationData Aggregation with InfraWorks and ArcGIS for Visualization, Analysis, and Planning
CI125230 Data Aggregation with InfraWorks and ArcGIS for Visualization, Analysis, and Planning Stephen Brockwell Brockwell IT Consulting Inc. Sean Kinahan Brockwell IT Consulting Inc. Learning Objectives
More informationIH 35 at Blanco River May 2015
IH 35 at Blanco River May 2015 Presentation Objectives Background of historical damage assessment processes Introduction to Collector App ( Mat Peck) Collector App and Flood Damage Assessment (Katie Steele)
More informationWe re at the height of the homebuying season. Buyers, sellers and bad guys are out in abundance.
We re at the height of the homebuying season. Buyers, sellers and bad guys are out in abundance. Attempted wire fraud against realtors, lenders and title companies continues to increase. The bad guys now
More information