LISBON 10-12
APRIL 2014
LISBON 10-12
APRIL 2014

Edit your talk

Talks > Host Intrusion Detection like a boss!

Status

This talk has been approved for this year's edition. Check the calendar for more information.

Language

English

Abstract

Imagine you own or you're responsible for a few servers. Now what if a hacker manages to get inside and you never get to realize it, while peacefully using the server and storing/processing your sensitive data in it. Even if you manage to install a Host Intrusion Detection System (HIDS) if the hacker successfully performs privilege escalation, he/she can simply turn the HIDS off. So what now?

What if I told you there's a way you can protect yourself. A way you can execute a HIDS on your server in what is usually known as stealth mode and even if a hacker gets root access to your server, he/she won't be able to simply turn it off.

That's what I'll be explaining in my presentation. A way to detect an intrusion on your server while hiddenly executing the HIDS so only you can turn it on/off, or reconfigure it.

Proposal date

2013-11-26 12:43:46

Rate & Comment

You can use this section to optionally comment on this talk (comments are public). Your comment is saved when you press the "comment" button at the bottom. Your thumb decision is private, no one will see it. You can change thumb decision at any time later, the last submission will prevail. You can post as many comments as you want.

You need to be registered and logged in to comment or rate this talk proposal.

Comments

Patrik Fehrenbach
on , said:

Awwwwwyyyeeaaahhh! I'm in!

$geekfactor 0x3

José Lopes (Sá)
on , said:

I'm looking forward to it, I'll definitely attend!

$geekfactor 0x1

Gonçalo Valério
on , said:

Good one. Added to the must attend list!

$geekfactor 0x0

Hugo Daniel Gomes
on , said:

cool, is this targeting *nix servers ? windows ?

$geekfactor 0x1

André Onofre Lima
on , said:

+ Hugo Daniel Gomes, my intention is to install, configure and demo in both an ubuntu server and a windows one as well. I say "intention" because it'll depend on the time (45m) but I think it should be enough :)

$geekfactor 0x1

Hugo Daniel Gomes
on , said:

+ André Onofre Lima, Cool :D must go to this talk

$geekfactor 0x0

Luís Costa
on , said:

This one sounds interesting. Hopefully, it will get selected.

$geekfactor 0x0

Igor Antunes
on , said:

Hope so see your presentation xD

$geekfactor 0x0

André Onofre Lima
on , said:

+ Igor Antunes, thx ;) hope to be there too

$geekfactor 0x0

António Pedro Oliveira Cunha Santos
on , said:

Hope to see the presentation.

"The like a boss" title looks a bit cocky...

$geekfactor 0x0

Mário Silva
on , said:

Seems interesting!

$geekfactor 0x0

Márcia Pinho
on , said:

Good one :)

$geekfactor 0x0

Rui Grandão Rocha
on , said:

Upvoted for multi platform!

$geekfactor 0x0

Bruno Andrade
on , said:

Simply... awesome!

One question: what kind of IDS are you working with? or prepared the talk for what kind of IDS?

$geekfactor 0x0

André Onofre Lima
on , said:

+ Bruno Andrade, the HIDS I'll be using for the presentation is Samhain. It's not very known but it's the only one with stealth capabilities and I just found that awesome :) But in terms of what I use daily on a work basis, that would be OSSEC. I'll elaborate more on that at Codebits though. If this talk doesn't make it, feel free to contact me by email ;) Take care!

$geekfactor 0x0

João Pina
on , said:

looking foward!

$geekfactor 0x0

Bruno Andrade
on , said:

+ André Onofre Lima, I make a research on that Samhain and looks very interesting. I'm going to test OSSEC too in a few days.
I hope you get to Codebits with this talk :D

$geekfactor 0x0

André Onofre Lima
on , said:

+ Bruno Andrade, Thanks ;)

$geekfactor 0x0

José Miguel Malaca
on , said:

awesome :D

$geekfactor 0x0

Patro
on , said:

Would love to hear more about that!

$geekfactor 0x0

Tiago Ferreira
on , said:

Uma talk a não perder!

$geekfactor 0x0

André Ernesto Gonçalves
on , said:

Nice one, i'll try to attend!

$geekfactor 0x0

Will try to be there, seems interesting

$geekfactor 0x0

Pedro Costa
on , said:

Computer says no...

$geekfactor 0x0

Pedro Costa
on , said:

Computer says no...

$geekfactor 0x0

Daniel Silva
on , said:

Here's something interesting to see.

$geekfactor 0x0

Henrique Rodrigues
on , said:

As a System Administrator, this interests me a lot! I won't miss it!

$geekfactor 0x0

Miao Sun
on , said:

Interesting, upvoted!

$geekfactor 0x0

Tiago Sintra
on , said:

Great! will be there checking this talk =)

$geekfactor 0x0

Christian Guimarães
on , said:

Seems interesting. Take my upvote!

$geekfactor 0x0

You must log-in in order to comment this.