ML SystemPart 4: Chapter 6
CH.06 ~40 min
Advanced Research
WAF, Sandbox, and IoT Blockchain security.
ModSecurityCuckoo SandboxBlockchainCowrie
- Configure ModSecurity for web application protection.
- Perform dynamic malware analysis using a sandbox.
- Understand PoA concepts in the IoT-Blockchain ecosystem.
- Build a honeypot system for early detection.
01 WAF Implementation with ModSecurity Viz
Detection vs Blocking Mode
ModSecurity can be run in 'DetectionOnly' mode to minimize false positives before being switched to 'Blocking' mode for active defense.
02 Malware Analysis with Cuckoo Sandbox
- **API Call Tracing:** Tracks system calls to see how malware interacts with the kernel.
- **Network Sniffing:** Captures malware communication to C2 (Command & Control) servers.
- **Memory Dumping:** Captures RAM content to analyze ransomware encryption algorithms.
03 IoT Security through Blockchain
Definition
Proof of Authority (PoA)
A blockchain consensus mechanism that is more energy-efficient, suitable for low-power IoT devices.
04 Honeypot: Early Warning Systems
TTP (Tactics, Techniques, and Procedures)
The behavior patterns used by attackers in launching cyber campaigns.
Key Takeaways
- 1WAF provides Layer 7 protection that traditional firewalls cannot.
- 2Sandbox analysis unravels malware polymorphism.
- 3Blockchain guarantees data integrity on IoT devices.
- 4Honeypots divert attacker attention from real production assets.
CH.06
Chapter Complete
Chapter Progress
Reading
Exercise
Interact with the visualization
Quiz
Chapter Quiz
No quiz available for this chapter.