 |
A glimpse into training day. Yesterday marked the official start of Black Hat 2016, kicked off with various training courses spread throughout the convention center. For the RSA NOC team this meant a chance to validate yesterday’s installation and get an initial glimpse into the activity within and around the classroom and conference networks before the full deluge hits the wire during the briefings. As the conference ramps up, so too will the volume and variety of traffic that one would expect when allowing thousands of hackers access to an unfettered network – so expect much more to come – but here is a small glimpse into this ephemeral digital world. While the sources are few, the logs are plentiful. The RSA NetWitness Suite is capturing and summarizing network and web access logs from Fortinet equipment and wireless access points from Ruckus and merging it with RSA NetWitness solutions for a single, consolidated viewpoint.  On the full packet capture side we’ve certainly started to see a few interesting things, but the first order of business was simply to build out a few dashboards to get a handle on the data. In the spirit of Black Hat, we decided to have a little fun with one dashboard in particular, calling out some tools we’ve seen generating network traffic, protocol visibility, executable file transmission, and clear text password transmission (complete with associated username – you may want to think twice about how you authenticate at a hacker convention)  We’re also processing all portable executable, PDF, and document file types captured in transit which is starting to (unsurprisingly) bubble up evidence of potential malware.  Over the coming days we’ll be sharing some of the more compelling events, interesting statistics, and overall mischief we uncover as we peer into this world and try to bring some order and understanding to the chaos. The post Tales From The Black Hat NOC: Organizing the Chaos appeared first on Speaking of Security - The RSA Blog and Podcast. |
