User Controls
Cool ideas for security related data visualization app?
-
2017-10-09 at 2:50 PM UTCSo for a while i was getting into R for data visualization and data analytical purposes. R is a cool language that is perfectly suitable for that sort of thing. In fact as far as i am aware the language was designed precisely with that that in mind. By now i can build some basic data analytical tools and such but things like a web app for interactive data visualization tend to get a bit more involved. And while R is similar in some ways to Python, when it comes to the more complex side of things i would say i am more comfortable writing Python.
I've been meaning to build an app that integrates data collection with visualization. So you'd run the script from the command line and it collect some data and then it will provide you with the option to visualize the data in a web app. So as i was doing some research on the topic i came across a Python library called Dash that seems suited for what i have in mind. It's more like a framework such as Django but it seems really straightforward to use and powerful. If you're interested click here to check out some examples in the documentation.
Anyway i figured i would try my hand at Dash however i would like to have a data set to work with that has to do with security so in your opinion what would be some interesting data to collect and work with with regards to the spirit of the project? If there's something you'd like to see visualized please feel free to mention it and i will try to build it. Personally the purpose of this exercise for me is to get familiar with the framework and get better at data viz in general. So with that in mind i am taking suggestions as to what i should try and build.
Anyway, thanks in advance guise. -
2017-10-09 at 3:44 PM UTCwhat sort of data? just graphs and stuff?
-
2017-10-09 at 4:24 PM UTC
-
2017-10-10 at 2:19 AM UTCMake me a program that'll read license plates, make a list of them includding the GPS location they were read, and alert me if any show up to often.
Something I can put in my car to spot trackers. -
2017-10-10 at 2:21 AM UTCOr make me a program that'll spot freeway cameras(other cameras as well), and beam them with a laser light so they can't track me.
-
2017-10-15 at 11:40 AM UTCUltimately, you want people to install it on the things you want to gather this data. You need some crash test dummies to test your code. Provide the source code and the process of installation/deployment.
-
2017-10-15 at 12:10 PM UTC
Originally posted by Grimace Ultimately, you want people to install it on the things you want to gather this data. You need some crash test dummies to test your code. Provide the source code and the process of installation/deployment.
That would be true for a malware however in the security business we have this thing called Open Source Intelligence, it's when you use publicly available sources to establish a profile on what you want to investigate i was thinking about something along the lines of that. The only reason why you would want to employ data visualization in terms of malware is to keep track of how well it is doing. In which case you would have a web application that gets it's data from the malware's command and control infrastructure. You then take this data and represent it in a way that is useful to what you want to know. Like total number of infections, countries where the 'clients' reside and that sort of thing.
If you just want to fuck around with some malware send me a PM, i have some samples to play with. Also, if you want to be a little malicious on your own i am sure you know how to install a legitimate remote administration tool and set it to start u at boot. If you need a way to enter credentials on the client side automatically i can write you a small script for that. -
2017-10-15 at 12:22 PM UTC
Originally posted by Sophie That would be true for a malware however in the security business we have this thing called Open Source Intelligence, it's when you use publicly available sources to establish a profile on what you want to investigate i was thinking about something along the lines of that. The only reason why you would want to employ data visualization in terms of malware is to keep track of how well it is doing. In which case you would have a web application that gets it's data from the malware's command and control infrastructure. You then take this data and represent it in a way that is useful to what you want to know. Like total number of infections, countries where the 'clients' reside and that sort of thing.
If you just want to fuck around with some malware send me a PM, i have some samples to play with. Also, if you want to be a little malicious on your own i am sure you know how to install a legitimate remote administration tool and set it to start u at boot. If you need a way to enter credentials on the client side automatically i can write you a small script for that.
I have a couple of crash test machines at work that I use just to tinker with malware. Allow them to be infected with a specific infection and then attempt to remove it and see what it was doing basically. I have also poked around with self-written "malware" just to see how certain things work. Shit I have written would be insta-flagged by heuristics from ANY antivirus, ahahha.
Anyway, if you're GOING TO start an app based on data collection related to security, most people are going to immediately zero in on connections in/out. "WHAT IS GOING ON IN MY COMPUUUUUUUTER BEHIND THE SCEEENESSSS?"
Any ordinary firewall can tell you that. I suppose, what I would like to see that the OS doesn't natively report (or make it easy to report), is a list of programs launched with their date and time, what permission level they ran under, and a general idea of what they did. Event Viewer > Windows Logs > Applications gives some of this information, but it's lacking and needs more info. It also doesn't record EVERY application, which a technician needing to troubleshoot would need.
Make an app that does all of this better than bullshit Windows Event Viewer and better than other downloadable programs. -
2017-10-15 at 12:39 PM UTC
Originally posted by Grimace I have a couple of crash test machines at work that I use just to tinker with malware. Allow them to be infected with a specific infection and then attempt to remove it and see what it was doing basically. I have also poked around with self-written "malware" just to see how certain things work. Shit I have written would be insta-flagged by heuristics from ANY antivirus, ahahha.
Anyway, if you're GOING TO start an app based on data collection related to security, most people are going to immediately zero in on connections in/out. "WHAT IS GOING ON IN MY COMPUUUUUUUTER BEHIND THE SCEEENESSSS?"
Any ordinary firewall can tell you that. I suppose, what I would like to see that the OS doesn't natively report (or make it easy to report), is a list of programs launched with their date and time, what permission level they ran under, and a general idea of what they did. Event Viewer > Windows Logs > Applications gives some of this information, but it's lacking and needs more info. It also doesn't record EVERY application, which a technician needing to troubleshoot would need.
Make an app that does all of this better than bullshit Windows Event Viewer and better than other downloadable programs.
AV Heuristics is a lie, it's mostly based on signature detection ¯\_(ツ)_/¯
Also, i am not sure how i would write an app like that. Tell me, if you know, when you dump a process with task manager does it have this data? Date, time, permissions? Because if that's the case i guess you could just automate the dumping of all the processes then look for some sort of regular expression in the reports that gives you what you are looking for. Sounds like a job for PowerShell to me tbh, IDK how to dump a process with Python. Although i am sure one can. Maybe with the psutil lib. -
2017-10-15 at 12:45 PM UTC
Originally posted by Sophie Tell me, if you know, when you dump a process with task manager does it have this data? Date, time, permissions?
It has very limited data. It will report date and time and the permission it ran under. It will not report what the program did (like connecting out to a remote IP for example) or any files written to disk. If it did this, I would be a happy boy.
Originally posted by Sophie Sounds like a job for PowerShell to me tbh,
Yep.