Log File Frequency Analysis with Python
HTML-код
- Опубликовано: 30 июл 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com/
00:00 - Introduction
02:09 - Welcome
02:38 - Sans Teaching Events
03:17 - Agenda
04:15 - Challenge
05:59 - Regular Expressions
06:25 - What is a Regular Expression
08:35 - Rules of Regular Expressions
10:48 - Custom Sets
17:17 - Capturing Groups
21:28 - Named Groups
23:22 - regex Golf
24:33 - Python Dictionaries
32:14 - Python Collections
36:21 - Coding Time
37:21 - Testing Regular Expressions
42:33 - Analyzing Regular Expressions
45:32 - Prototype Python Script
46:44 - Running Python Script
48:01 - Python Code
57:23 - Discussion
Description: Information Security professionals often have reason to analyze logs. Whether Red Team or Blue Team, there are countless times that you find yourself using "grep", "tail", "cut", "sort", "uniq", and even "awk"! While these powerful UNIX methods take us far, there is always that time when you want more power! In this webcast, Joff Thyer will discuss using Python regular expressions, and dictionaries to extract useful data for frequency analysis. If you want to learn even more about Python, join Joff for SANS SEC573 - "Automating Information Security with Python" www.sans.org/sec573
Slides available here: www.blackhillsinfosec.com/web...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest RUclips: / wildwesthackinfest
Active Countermeasures RUclips: / activecountermeasures
Antisyphon Training RUclips: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec Кино
Fantastic.....no nonsense....direct to the point....really learnt a lot, thanks.
Its a very insightful presentation. Thank you very much
Thank you Sir! Awesome explanation.
W
permission to learn sir thanks you
Good one.
Very impressive presentation of material. Thank you Sir
Bravo :)
thanks for the presentation !!
it will work on continuous log file (like apache access/error) ?
Great Videos.But, how I can got the raw data or raw code?
Thanks!
the link for code is expired, can you give me the new link
They moved the repositories to github - github.com/yoda66/bind9_logstat
Remarquable. À quand la suite ?
Coordinator: "Our line up of speakers is stupid" 😁
Language is crazy. When the adjective "smart" or "bright" don't do justice to your panel, "stupid" or "rediculous" will do. I'm a techie and a linguist, so pardon the off topic comment.
Minute 35: you are not counting dictionaries, you are counting words in a list.