The Ultimate Cybersecurity Guide for the It Professional

THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL

2019

Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of exposure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe.

With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you:

• Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks 04 05 06 Terms to Know Experts to Blogs to Read Follow 07 08 09 Events to Books to Read Movies + Shows Attend to Watch 10 11 12 Communities Become a References to Engage Threat Hunter 13 Appendices SEC. //01. _HISTORY OF CYBERSECURITY

HISTORY OF 1981 First Outbreak { Elk Cloner } 1984 Thompson Finds First Backdoor CYBERSECURITY 1986 First IBM Virus + Military Attack 1987 Viruses Get Media Attention KEY 1988 Morris Worm Slows Internet 1989 ATTACKERS First Ransomware { AIDS } DEFENDERS 1990–1994 Viruses Create Hysteria Chameleon family of viruses hits Polymorphic viruses created Form virus becomes most common 1974 Rabbit Virus Makes Copies Michelangelo creates digital apocalypse Leandro + Kelly, Freddy Krueger + 1971 First Virus OneHalf spread { The Creeper } 1975 First Trojan { ANIMAL } Tens of thousands of identified malware

VIRUSES FOR FUN VIRUSES FOR MASS DESTRUCTION

1990–1994 Influx of New Antivirus 1971 The Reaper Developed to Beat The Creeper Panda Software released Panda AV Trend Micro introduced PC-cillin Symantec launched Norton Antivirus 1.0 Grisoft released Anti-Virus Guard (AVG)

1989 Legacy AV is Born 1988 5 Antivirus Programs Released 1987 Brain + Vienna Neutralized by AV 1986 Astronomer Defeats Military Attack 1970 1980 1990

1968 1969 1971 1972 1973 1974 1975 1976 1977 1978 1979 1981 1982 1983 1984 1985 1986 1987 1988 1989 1991 1992 1993 1994

For more details on each event, see Appendix For more details on each event, see Appendix SEC. //01. _HISTORY OF CYBERSECURITY

1995–1999 2000–2004 2005–2009 2010–2014 2015–2019 Worms Expand to Nasty Worms Spread Quickly Data Theft Evolves Keyloggers Get Bank Info Breaches Made Us WannaCry New Systems Pikachu targets children Nyxem, Storm Worm + Conficker were destructive SpyEye + Zeus get mobile phone banking info Locky infected millions in Europe Boza hits Windows 95 files Anna Kournikova spreads to contacts Keyloggers Zeus, Torpig + Daprosy steal data Anti-Spyware disables AV Tiny Banker Trojan infected over 24 banks First MS Excel virus (Linux) ILOVEYOU worm infects millions 92M records stolen from AOL Flame used for targeted cyber espionage Mirai infected IoT and launched DDoS attacks Staog attacks Linuz machines Fastest worm (SQL Slammer) causes internet Cardsystems Solutions hacked for 40M records CryptoLocker so powerful it gets copycats GitHub, Twitter, Reddit Netflix + Airbnb access denied disruptions within 15 min. Happy99 attached to emails TK/TJ Maxx sees breach of 94M records First IoT virus hits (Linux Darlioz) Wannacry spread globally causing $4B in damages Melissa attacks MS Word + Outlook Credit card scam gets 130M records from Heartland Multiple Sony hacks get 101M records Kedi RAT targeted Citrix users ExploreZip destroys MS Office docs Government loses over 125M records Evernote + LivingSocial each Aadhaar, the India ID system, breached for 1.1B records hacked for 50M records Kak worm exploits bug in Outlook Express Marriott Starwood, Equifax, Yahoo data breach steals 22M records Anthem + Uber suffered major breaches Facebook/Cambridge Analytica case puts data use into question

VIRUSES FOR MASS DESTRUCTION ATTACKS FOR RANSOM + DATA CYBERATTACKS AS A BUSINESS MODEL

1995–1999 2000–2004 2005–2009 2010–2014 2015–2019 Continued AV Innovation Antivirus is a Must-have Rise of Endpoint Protection Endpoint Security Goes Deep Security Advances in the Cloud

Bitdefender + Antivirus eXpert (AVX) comes AV for GNU/Linux released called ClamAV 5M new malware samples found annually Fileless malware challenges endpoint Machine learning models displace AV signatures out of Softwin Bit9 (later Carbon Black) was founded Legacy AV companies struggle to keep up protection platforms EPP and EDR converge First Black Hat information security event held Advancing threats convince majority of Symantec develops first Carbon Black develops Endpoint Detection Large scale AI and advanced analytics applied to cloud Many security companies formed following AV companies to buy AV endpoint protection platform and Response (EDR) security data releases in early 1990’s Windows XP service packs pay increasing Carbon Black develops application control Cloud-based security platforms developed Security Operations Centers (SOCs) become commonplace and consolidate stack attention to security Next-gen firewalls detect and block Carbon Black launches the PSC, a single-agent security platform Cloud enables big data collection of endpoint activity undesirable HTTP Third party testing labs re-invent better ways Gartner creates SIEM framework MITRE ATT&CK documents TTPs of adversaries to simulate real-world threats BSides 1.0 held during Threat hunting becomes a security role Billions of investment dollars pour into the endpoint security space Black Hat Security Conference Outsourcing security to MSPs common for smaller companies

2000 2010 2020

1994 1995 1996 1997 1998 1999 2001 2002 2003 2004 2005 2006 2007 2008 2009 2011 2012 2013 2014 2015 2016 2017 2018 2019

For more details on each event, see Appendix For more details on each event, see Appendix SEC. //02. _ATTACKERS + THEIR MOTIVES

{ 01101000 01110100 01110100 01110000 00111010 00101111 00101111 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 HACKTIVISTS 01100001 01100011 01101011 03 00101110 01100011 01101111 01101101 00101111 01100011 01111001 01100010 01100101 : Companies and organizations ATTACKERS + 01110010 01100011 01110010 01101001 01101101 01101001 that are an affront to their religion, politics 01101110 01100001 01101100 01110011 } or cause. : THEIR MOTIVES NATION STATE ACTORS OR Cause disruption for attention to their cause or steal data to damage their targets. 01 CYBERTERRORISTS There are four categories of adversaries that are threatening the : Typical ways hacktivism is executed include website security of today’s companies and organizations. It is important : Governments and businesses defacement, denial-of-service attacks (DoS), to not just understand the different types of attackers, but also running critical infrastructure like power grids. redirects, website parodies, information theft, what motivates them so you can better protect against them : Steal sensitive information, virtual sabotage and virtual sit-ins. disrupt enemy capabilities or create meeting their objectives. : Promote their religion, international incidents. politics or cause. : Sophisticated cyberattacks where the adversary often DAMAGE MEDIUM works directly or indirectly for their government and utilizes highly advanced cyberattacks against targets. : Putting their nation in a better position against supposed enemies. 04 SCRIPT KIDDIES DAMAGE EXTREMELY HIGH : Networks or websites with minimal security. : Gain access to a network to show CYBERCRIMINALS 02 they could or deface a website. : Unskilled hackers : Companies with customer data utilize scripts or programs developed by others. (particularly financial data) or valuable IP. : Impress friends or gain : Steal sensitive information that credit in computer-enthusiast communities. can be sold or directly steal money. : Infiltrate networks, DAMAGE SMALL often through a less secure partner, and retrieve the sensitive data. : Money

DAMAGE HIGH SEC. //03. _COMMON ATTACKS

Rootkits Trojan Horse A collection of software designed to enable access to a comput- A computer program which misleads users of its true intent. COMMON er or an area of its software. Similar to Trojans, it embeds very Many masquerade as a legitimate file, like an email attachment deep in the OS to mask its existence making it difficult to find or advertisement. Modern forms act as a backdoor to provide and remove. It provides the attacked administrator access with access into a network to obtain confidential information. Unlike ATTACKS full control to modify software. viruses or worms, Trojan Horses rarely replicate. Spyware Virus Software that aims to gather information about a person or A type of software that, when executed, replicates itself by organization, sometimes without their knowledge. It may send modifying other computer programs and inserting its own code. such information to another entity without consent, assert con- When this replication succeeds, the affected areas are then said trol over a device without the user’s knowledge, or it may send to be “infected” with a computer virus. such information to another entity with consent via cookies. Spy- ware attempts to go unnoticed, running for as long as possible. Advanced Fileless Worm Also called “non-malware” or “living-off-the-land”, this attack Persistent Threat A standalone software program that replicates itself in order uses script files, memory exploits, trusted apps, or the OS itself A stealthy computer network attack in which a person or group to spread to as many machines as possible. Worms consume to enter and reside in volatile systems such as the system reg- gains unauthorized access to a network, remaining undetected bandwidth on the infected network, which can cause major istry, in-memory processes and service areas. It aims to never for an extended period of time. The attack uses various forms disruptions, but do not corrupt or modify files like a virus.

of malware to exploit vulnerabilities in the system. Once inside, have its contents written to disk so that it can’t be found by

the attackers continuously monitor and extract data from their standard forensic strategies. It only exists until the infected sys- target to use for espionage or profit. tem is rebooted, but can do significant damage or theft during that window. Adware Software that delivers unwanted advertisements to users in the Ransomware form of a pop-up or unclosable window. While this is often a le- This attack utilizes a Trojan Horse or even a worm to enter a gal irritant, illegal forms of adware hijack the user’s browser and user’s device. It then executes a threat to publish the victim’s add more ads to web pages. Additionally, adware using stolen data or perpetually block access to it unless a ransom is paid. certificates can disable anti-malware and virus protection. Advanced versions utilize cryptoviral extortion to encrypt the victim’s files, making file recovery without the decryption key Cryptojacker nearly impossible. This software hides on a computer or mobile device and hijacks the machine’s resources to “mine” forms of online money known as cryptocurrencies, thereby turning a profit for the attacker. Beyond compromising devices, it can take over web browsers and even network servers and is designed to stay completely hidden from the user. SEC. //04. _TERMS TO KNOW

TECHNIQUE TERMS H R Hash Remediation TERMS A { ˈhash } | noun. { ri-ˌmē-dē-ˈā-shən } | verb. Access Control Software or hardware that tracks key- The action of selecting countermeasures verb. strokes and keyboard events, usually to reduce an organization’s susceptibility { ˈak-ˌses / kən-ˈtrōl } | surreptitiously, to monitor actions by the to cyberattack over a range of attack { 01101000 01110100 01110100 01110000 00111010 The process of granting or denying TO KNOW 00101111 00101111 01100011 01100001 01110010 user of an information system. tactics, techniques, and procedures 01100010 01101111 01101110 01100010 01101100 specific requests for or attempts to: 1) { ˈhash } | verb. (TTPs) associated with the threat. 01100001 01100011 01101011 00101110 01100011 obtain and use information and relat- A function that converts an input of letters 01101111 01101101 00101111 01110011 01100101 ed information processing services; 01100011 01110101 01110010 01101001 01110100 and numbers into an encrypted output of 01111001 00101101 01101100 01101001 01101110 and 2) enter specific physical facilities. 01100111 01101111 } fixed length, used extensively in block- S chain management. Static Analysis B { ˈsta-tik / ə-ˈna-lə-səs } | noun. I Behavioral Analysis A method of computer program debug- ging that is done by examining the code

{ bi-ˈhā-vyə-rəl / ə-ˈna-lə-səs } | noun. Intrusion Detection without executing the program, providing TECHNOLOGY TERMS F S The act of using software tools to detect { in-ˈtrü-zhən / di-ˈtek-shən } | noun. an understanding of the code structure and block attack patterns in a network that Firewall SOAR The process and methods for analyzing in- and whether it has been altered. are outside of normal behaviors. C { ˈfī(-ə)r-ˌwol } | noun. { ˈsor } | noun. formation from networks and information A hardware/software device or a soft- (Security Orchestration, Automation and systems to determine if a security breach Critical Infrastructure Blacklist or security violation has occurred. noun. ware program that limits network traffic Response) A solution stack of com- T { ˈkri-ti-kəl / ˈin-frə-ˌstrək-chər } | according to a set of rules of what access patible software programs that allow { ˈblak-ˌlist } | noun. The systems and assets, physical or is and is not allowed or authorized. an organization to collect data about A list of entities that are blocked or denied Threat Hunting virtual, so vital to an organization that security threats from multiple sources privileges or access. M { ˈthret / ˈhən-ti } | verb. the incapacity or destruction of such and respond to low-level security events The process of proactively and iteratively may have a debilitating impact on the without human assistance. Machine Learning organization and/or the greater public. N searching through networks to detect D { mə-ˈshēn / ˈlər-ni } | noun. and isolate advanced threats that evade NGAV A field of study concerned with designing existing security solutions. { ˈen-gāv } | noun. T Data Mining and developing artificial intelligence algo- E { ˈdā-tə / ˈmī-ni } | verb. rithms for automated knowledge discov- (Next-Generation AntiVirus) An evolution TTP Threat Prevention The process or techniques used to analyze ery relying on patterns and inference. EDR of traditional antivirus that protects { ˈtē / ˈtē / ˈpē } | noun. computers from the full spectrum of { ˈthret / pri-ˈven(t)-shən } | noun. large sets of existing information to dis- (Tactics, Techniques, Procedures) An { ˈē / ˈdē / ˈär } | noun. modern cyberattacks by examining every Policies and tools that protect your cor- cover previously unrevealed patterns or (Endpoint Detection and Response) A essential analysis concept in cybersecurity process on every endpoint to algorithmi- porate network such as, intrusion threat correlations. category of tools and solutions that focus P studies used to identify individual patterns cally detect and block the malicious tools, detection and prevention, advanced mal- on detecting, investigating and mitigating of behavior of a particular cybercriminal or tactics, techniques and procedures (TTPs) ware protection, and endpoint security Pen Test suspicious activities and issues on hosts organization, and to examine and catego- on which attackers rely. threat prevention. and endpoints. E { ˈpen / ˈtest } | noun. rize more general tactics and methods used. An evaluation methodology whereby as- Endpoint Query Event Stream Processing sessors search for vulnerabilities and at- { ˈen(d)-ˌpoint / ˈkwir-ē } | verb. tempt to circumvent the security features { i-ˈvent / ˈstrēm / ˈprä-ˌses i } | noun. W A structured request for aggregated data of a network and/or information system. A set of technologies designed to assist or information across a pool of devices Whitelist the construction of event-driven infor- that connect to the network. mation systems to process streams of { ˈhwīt-ˌli-st } | noun. event data with the goal of identifying the A list of entities that are considered trust- meaningful pattern within those streams. worthy and are granted access or privileges. SEC. //04. _TERMS TO KNOW

ADVERSARY TERMS I Z DEFENDER TERMS F S Incident Zero-Day Forensics SecOps

A { ˈin(t)-sə-dənt } | noun. { ˈzē-(ˌ)rō \ ˈdā } | noun. A { fə-ˈren(t)-siks } | verb. { se-k ˌō-ˌpē-ˈes } | noun. Adversary An occurrence that actually or potentially A computer-software vulnerability that is Attack Pattern Cybersecurity work where a person: A collaboration between security and op- noun. results in adverse consequences to an in- unknown to those who would be interested noun. collects, processes, preserves, ana- erations teams resulting in the creation, { ˈad-vər-ˌser-ē } | formation system or the data it processes, in mitigating the vulnerability. { ə-ˈtak ˈpa-tərn } | lyzes, and presents computer-related management and execution of processes An individual, group, organization, or stores, or transmits. { ˈzē-(ˌ)rō \ ˈdā } | verb. Similar cyber events or behaviors that evidence in support of a network vul- and tools used to ensure the security of government that conducts or has the in- may indicate an attack has occurred or is The act of attacking or exploiting a nerability or cyberattack investigation. their application environment. tent to conduct malicious activities using occurring, resulting in a security violation computer-software vulnerability computer systems. or a potential security violation. K with malicious intent. Signature I { ˈsig-nə-ˌchu̇r } | noun. Attack Path Keylogger Attack Surface noun. noun. A recognizable, distinguishable pattern { ə-ˈtak \ ˈpäth } | { ˈkē-ˌlo-gər } | noun. { ə-ˈtak \ ˈsər-fəs } | Incident Response that indicates malicious activity. The steps that an adversary takes or Software or hardware that tracks key- The set of ways in which an adversary { ˈin(t)-sə-dənt \ ri-ˈspän(t)s } | noun. may take to plan, prepare for, and exe- can enter a system and potentially strokes and keyboard events, usually The activities that address the short-term, cute an attack. cause damage. Situational Awareness surreptitiously, to monitor actions by the direct effects of an incident and may also { ˌsi-chə-ˈwā-shnəl \ ə-ˈwer-nəs } user of an information system. support short-term recovery. | noun. C B The state of comprehension of the current Insider Threat status and security posture with respect noun. Cyberattack M Blue Team { (ˌ)in-ˈsī-dər \ ˈthret } | to availability, confidentiality, and integrity A person or group of persons within an { ˈsī-bər ə-ˈtak } | noun. { ˈblü \ ˈtēm } | noun. of networks, systems, users, and data, as Malware organization with the access and/or inside well as projecting future states of these. An attempt to damage, disrupt, or gain unau- { ˈmal-ˌwer } | noun. A group of individuals that defend an knowledge that would allow them to thorized access to a computer, computer sys- Software that compromises the operation enterprise’s information systems when exploit the vulnerabilities of that entity's tem, or electronic communications network. of a system by performing an unautho- mock attackers (the Red Team) attack, security, systems, services, products, or rized function or process. typically as part of an operational exer- facilities with the intent to cause harm. cise. Or proactively, conduct operational vulnerability evaluations and recommend D mitigations to improve security postures. R Data Breach P { ˈdā-tə \ ˈbrēch } | noun. Phishing Red Team A security incident resulting from un- { ˈfi-shi } | verb. D { ˈred \ ˈtēm } | noun. authorized movement or disclosure of A digital form of social engineering to Data Loss A group authorized and organized to sensitive information to a party, usually emulate a potential adversary’s attack or deceive individuals into providing sensi- { ˈdā-tə \ los } | noun. outside the organization, that is not au- tive information. exploitation capabilities in order to test thorized to have or see the information. A The result of unintentionally or accidentally an organization's defenses (aka penetra- deleting data, forgetting where it is stored, or tion testing). exposure to an unauthorized party. T E Threat Actor Dwell Time Exfiltration noun. { ˈthret \ ˈak-tər } | noun. { ˈdwel \ ˈtīm } | { eks-(ˌ)fil-ˈtrā-shən } | verb. Metric defining the gap in time from when An individual, group, organization, or gov- a breach occurred to when it was detected. The unauthorized transfer of information ernment that conducts or has the intent out of an information network. to conduct detrimental activities. SEC. //04. _EXPERTS TO FOLLOW SEC. //04. _BLOGS TO READ

EXPERTS TO BLOGS TO { 01101000 01110100 01110100 01110000 00111010 00101111 00101111 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 FOLLOW READ 00101110 01100011 01101111 01101101 00101111 01100100 01100001 01110010 01101011 01110010 01100101 01100001 01100100 01101001 01101110 01100111 }

SwiftOnSecurity Rick McElroy Network23 Dark Reading Carbon Black Blog Krebs on Security @SwiftOnSecurity @InfoSecRick @Network232 InformationWeek, IT Network Carbon Black Researchers Brian Krebs, Security Writer

: : : : : : Anonymous SysAdmin from Rick McElroy, Head of Security Anonymous Threat Researcher + 6 editors and 3 contributing writers Carbon Black threat researchers and Unbiased investigative reporting DecentSecurity.com Strategy, Carbon Black Cyber Profiler support this publication which includes security experts give readers first access of the latest security news and : : : 13 communities. They cover new threats to original security research, quarterly investigations. Lots of solid cybersecurity humor Rick is well connected within the Network 23 attends and speaks and technology trends as well as threat reports, security fixes and analysis with detailed coverage of the latest industry and is on the front lines of at security conferences and chats potential defenses and best practices. of the latest trends in cybersecurity. happenings in systems security. With the latest innovations in cybersecurity. with many experts on this list like @ 271K followers, it’s worth a look. Rick shares the latest news on TheGrugg. He covers the latest hacker attackers and defenders - all with a exploits. And yes, there is nerd humor. touch of nerd humor. MORE BLOGS SANS Internet Storm Center - A free analysis and warning TO PERUSE service based on gathering millions of intrusion detection log entries every day, from sensors covering over 500,000 IP Schneier on Security - Bruce Schneier, a public-interest addresses in over 50 countries. technologist who advises IBM and lectures at Harvard, covers MORE GREAT @AprilWright - April C. Wright, security issues and how they impact our lives. ArsTechnica Security - Security news covering major breaches Application Security Architect, Splunk and security changes by the big tech companies like Microsoft TWITTER FEEDS The Red Canary Blog - The Red Canary team of security experts and Google. - Thaddeus E. Grugq, @JaysonStreet - Jayson Street, as well as experts from the field provide tips on increasing @TheGrugq HolisticInfoSec - Run by Russ McRee, a member of Microsoft’s Security Researcher, Comae Technologies Hacker, Author. Speaker, VP of InfoSec at SphereNY visibility, expanding detection coverage, and improving information security. Blue Team, the blog is dedicated to sharing information security @MicahFLee - Micah Lee, @TAKellermann - Tom “TK” Kellerman, content and resources Computer Engineer + Open Source Developer of security tools, Chief Cybersecurity Officer, Carbon Black WIRED Security - In-depth security coverage, including cyber, in an open, clear manner. writer for The Intercept. IT and national security news. @HelpNetSecurity - Mirko Zorz, Posts By SpecterOps Team Members - As the blog name @Window - Window Snyder, Editor in Chief of Help Net Security and (IN)SECURE Magazine threatpost - An independent news site run by Tom Spring, says, this is a collection of posts from the SpecterOps team on Chief Software Security Officer, Intel @HackingDave - Dave Kennedy, former technical editor for CRN and PCWorld magazines, various topics relating to information security. serving up information about IT and business security. @RebeccaSlatkin - Rebecca Slatkin, Founder + Senior Principal Security Consultant, TrustedSec Skull Security - Titled only as “Adventures in Security”, this is iOS Software Engineer, June @MalwareUnicorn - Amanda Rousseau, an in-depth blog providing the technical coding and analysis of Offensive Security Research, Facebook security threats and fun challenges like BSides competitions.

See Appendix for an extended list of recommended Twitter feeds to follow in cybersecurity. See Appendix for an extended list of recommended blogs to follow in cybersecurity. SEC. //07. _EVENTS TO ATTEND

EVENTS TO ATTEND Black Hat

With major conferences in the US, Europe and Asia, this is one of the largest information security events, providing attendees with the very latest in information security research, development, and trends in a strictly vendor- neutral environment.

{ 01101000 01110100 01110100 01110000 00111010 00101111 US EUROPE ASIA 00101111 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 00101111 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00101101 01100010 01110011 01101001 01100100 01100101 01110011 }

MORE SECURITY ShmooCon - An American hacker convention organized by CONFERENCES The Shmoo Group, this conference covers topics related to computer security and cyberculture. Security BSides RSA Conference - RSA Conference conducts information security events around the globe that connect you to industry THOTCON - A hacking conference based in Chicago IL, USA leaders and highly relevant information on IT security. that heralds itself as a non-profit, non-commercial event looking to provide the best information security conference A grassroots, DIY, open security conference comprised DEF CON - one of the largest hacker conventions, it has been possible on a limited budget. held annually in Las Vegas, Nevada, since 1993. The event of four core events that correspond with the location consists of several tracks of speakers about computer- and SANS Events - SANS Summit + Training events provide an and timing of other major technology conferences. hacking-related subjects, as well as cyber-security challenges immersive training experience that arms attendees with They also run hacker spaces and local events CB Connect and competitions (known as hacking wargames). deep-knowledge and actionable information and has a throughout the world. lasting impact on their careers and their organizations' CACS Conferences - Held by the ISACA (The Information security programs. Systems Audit and Control Association), the NA and APAC events delve into some of the biggest challenges facing IT A series of panels, presentations and audit and security professionals. practical training on topics ranging from the need to move endpoint ISSA International - The International Systems Security security to the cloud to how to hone Association International Conference brings together ISSA Members and the larger cybersecurity community to focus on your threat hunting skills and the advancing individual growth, managing technology risk and most effective ways to combat the protecting critical information and infrastructure. latest and greatest threats shared directly from cybersecurity peers. SEC. //08. _BOOKS TO READ

{ 01101000 01110100 01110100 01110000 00111010 00101111 00101111 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 00101111 01110011 01110000 01111001 00101101 01110011 01110100 01101111 01110010 01111001 } BOOKS TO Ghost in the Wires Kevin Mitnick

: READ Written by one of the world’s most famous hackers, this is a thrilling true story of intrigue, suspense, and unbelievable escapes--and a portrait of a visionary who forced the authorities to rethink the way they pursued him, and forced companies to rethink the way they protect their most sensitive information.

Even if you already know of Kevin's history, this is a true page-turner that will keep you on the edge of your seat from cover to cover. He dives into his deep addiction to technology and the creative methods he used on his targets. The details are fascinating to those of us in the cybersecurity field!

Greg Foss Carbon Black Howler Gray Day Eric O’Neill

: A cybersecurity expert and former FBI "ghost" (Eric O’Neill) tells the MORE INTRIGUING Cuckoo’s Egg - Author Clifford Stoll was an astronomer thrilling true story of how he helped BOOKS turned systems manager at Lawrence Berkeley Lab when a take down notorious FBI mole Robert 75-cent accounting error alerted him to the presence of an Hanssen, the first Russian cyber spy. The Art of Intrusion: The Real Stories Behind the Exploits of unauthorized user on his system. His book recounts his story of Hackers, Intruders and Deceivers - Author, and former hacker, a one-man sting operation that finally gained the attention of Kevin Mitnick shares stories of real-life computer break-ins-and the CIA and ultimately trapped an international spy ring. explains how the victims could have prevented them. If you want to understand the mind of a spy and the Practical Malware Analysis - From authors Sikorski and tools they use, this is the book for you. I’ve watched Threat Vector - This fictional novel by Tom Clancy takes his Honig, this guide provides the tools and techniques used by the movie Breach countless times and since I’m lucky well known character, Jack Ryan, into the international world of professional analysts to combat malware. The authors claim enough to know Eric personally, I’ve asked him lots cyber-warfare. It depicts how scary and destructive cyberkinetic that after reading you'll be able to safely analyze, debug, and of follow up questions on what cyber tools were used attacks on power plants and grids can be, as well as a potential disassemble any malicious software that comes your way. to achieve their ends. This book answers them all. wholesale shutdown of transportation and communication Rtfm: Red Team Field Manual - A thorough reference guide by Rick McElroy systems. Carbon Black Howler author Ben Clark for serious Red Team members who routinely Counter Hack Reloaded: A Step-by-Step Guide to Computer find themselves on a mission without Google or the time to scan Attacks and Effective Defenses - Network security expert Ed through a man page. Skoudis, with Tom Liston, has thoroughly updated his original guide, Counter Hack, showing how to defeat today’s newest, most sophisticated, and most destructive attacks. The guide includes coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. SEC. //09. _MOVIES + SHOWS TO WATCH

MOVIES + SHOWS Sneakers : Martin Bishop is the head of a group of experts who specialize in testing security systems. He is blackmailed by government agents TO WATCH into stealing a top secret black box, sending the team into a game of danger and intrigue. After they recover the box, they discover that it has the capability to decode all existing encryption systems around the world, and that the agents who hired them didn't work for the government after all.

“A great 90’s movie highlighting different security topics and techniques still applicable today. In order to get a device that can crack any cryptography, the movie demonstrates several examples of social engineering techniques. Also super cool—a scene about bypassing a security mechanism is featured in a Mythbusters episode!

Ryan Hendricks Carbon Black Howler Breach

: Eric O'Neill, a computer specialist who wants MORE MUST-SEE National Geographic’s Series: Breakthrough - Cyber Terror to be made an agent is assigned to clerk for MOVIES + TV Episode - Breakthrough is a series about scientific explorers Hanssen, a senior FBI agent, and to write down from leading universities and institutions and how their cutting- everything Hanssen does. Within weeks, the Hackers - Hackers are blamed for making a virus that will edge innovations and advancements will change our lives in the crusty Hanssen has warmed to O'Neill, who capsize five oil tankers. immediate future and beyond. The Cyber Terror episode looks grows to respect Hanssen. How they catch Snowden - The NSA's illegal surveillance techniques are inside the shadowy world of hackers, where good battles evil with Hanssen and why he spies become the film's leaked to the public by one of the agency's employees, Edward the security of the world at stake. story. Can O'Neill help catch red-handed Snowden, in the form of thousands of classified documents Mr. Robot - Television program about Elliot, a brilliant but highly distributed to the press. "the worst spy in history" and hold onto his unstable young cyber-security engineer and vigilante hacker, who personal life? Enemy of the State - A lawyer becomes a target by a corrupt becomes a key figure in a complex game of global dominance politician and his N.S.A. goons when he accidentally receives when he and his shadowy allies try to take down the corrupt key evidence to a serious politically motivated crime. corporation he works for. - Television program about a bipolar CIA operative who What gets me about this movie, beyond the performances Ex Machina - A young programmer is selected to participate in a Homeland (Chris Cooper was just amazing) and beyond the intrigue ground-breaking experiment in synthetic intelligence by evaluating becomes convinced a prisoner of war has been turned by al-Qaeda (would I have been so bold at 20 years old?), is the fact that the human qualities of a highly advanced humanoid A.I. and is planning to carry out a terrorist attack on American soil. this really happens in the world, probably much more than Defcon the Documentary - DEFCON is the world's largest we know about. So much of what Hollywood produces is pure hacking conference. The conference has strict no-filming fiction, but Breach will make you appreciate the realities of the cyberworld we’re living in.. policies, but for DEFCON 20, a documentary crew was allowed full access to the event. The film follows the four days of the Brian Gladstein conference, the events and people (attendees and staff), and Carbon Black Howler covers the history and philosophy behind DEFCON's success and unique experience.

{ 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 00101111 01110111 01101000 01111001 00101101 01100011 01100010 00101111 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00101101 01100101 01111000 01110000 01100101 01110010 01110100 01101001 01110011 01100101 00101111 01101000 01101111 01110111 01101100 01100101 01110010 01110011 00101111 } SEC. //10. _COMMUNITIES TO ENGAGE SEC. //11. _BECOME A THREAT HUNTER

{ 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01110010 01100101 01100100 01100100 01101001 01110100 00101110 01100011 01101111 01101101 00101111 01110010 00101111 01101000 01100001 01100011 01101011 01101001 01101110 COMMUNITIES 01100111 } BECOME A TO ENGAGE THREAT HUNTER Cybersecurity is an exciting field that continues to rapidly evolve. Because of this, there is also a shortage of professionals trained

Information Information Carbon Black in cybersecurity. If you liked learning about cybersecurity and are Security Security User Exchange User Exchange Peerlyst interested in learning more about developing your career into a role in cybersecurity, a great next step is to watch the free 4-part series on Becoming a Threat Hunter. You’ll develop critical introductory skills, The largest community of cybersecurity A community of more than 20,000 A community of information security professionals on LinkedIn (almost security professionals who share best experts and enthusiasts who discuss learn to identify four common threats, and how to hunt them using the 400K members). Topics include practices and threat intelligence to security topics, connect with peers and latest in cybersecurity software. compliance, encryption, anti-virus, improve their security posture and build their personal brands. malware, cloud security, data help combat threats. protection, hacking, network security, virtualization, and more.

Cybersecurity Forum - Some communities are worth paying MORE PLACES POWERSHELL TO CONNECT for, and that’s what attracts serious security people to this EMPIRE community. Check out the blog, then decide if these are the Information Security Network - A LinkedIn group dedicated to topics you want to discuss with fellow professionals. 01 information security professionals who want to network with other information security professionals. Reddit: r/security - An active forum of over 67K computer DRIDEX security professionals to have friendly, professional discussion Security Industry Group - An international LinkedIn group for on computer security topics. 02 companies and professionals from within the security industry: Reddit: r/cybersecurity - An active forum of just over 40K manufacturers, integrators, installers, vendors, consultants and APT10 security managers. cybersecurity professionals. Cybrary Op3n Blog + Community - A user contributed Reddit: r/hacking - A subreddit of 653K subscribers dedicated to 03 cyber security knowledge base that brings together content hacking and hackers. Constructive collaboration and learning highlighting the latest tools, exploits, technologies and insights about exploits, industry standards, grey and white hat hacking, QUASARRAT in the industry. Featuring tutorials, op-eds, research papers, user new hardware and software hacking technology, sharing ideas guides, cheat sheets, product reviews and more; The Open Blog and suggestions for small business and personal security. 04 provides the cyber security community a growing resource of Reddit: r/netsec - A community for technical news and content that can help professionals at all levels in their careers. discussion of information security and closely related topics. Reddit: r/pwned - An interactive news forum on organizations getting pwned by hackers. SEC. //12. REFERENCES SEC. //13. _APPENDICES

REFERENCES APPENDICES Here are the primary sources were used to research the facts and definitions included in this paper:

01_ https://en.wikipedia.org/ History of Cybersecurity 1981_ First Outbreak - Elk Cloner 02_ https://www.techopedia.com High School student, Richard Skrenta creates a ATTACKER HISTORY 03_ https://www.dictionary.com/ program called Elk Cloner as a prank. Written for 04_ https://devops.com/ 1971_ First Virus - The Creeper Apple II systems, which was particularly vulnerable due to the storage of its operating system on a 05_ https://niccs.us-cert.gov/about-niccs/glossary/ BBN engineer, Bob Thomas created the first program floppy disk, Elk Cloner is attributed as the first to move across a network as part of a research 06_ https://searchwindevelopment.techtarget.com/definition/ large-scale computer virus outbreak. 07_ https://www.sentinelone.com/blog/history-of-cyber-security/ project. He designed it to travel between Tenex terminals on the early ARPANET, printing the message 08_ https://www.thepcinsider.com/who-invented-antivirus-history-timeline-evolution/ 1984_ Thompson Finds First Backdoor “I”M THE CREEPER: CATCH ME IF YOU CAN.” 09_ https://digitalguardian.com/blog/history-data-breaches/ Ken Thompson published his seminal paper, Reflections on Trusting Trust, in which he described 10_ https://www.forbes.com/sites/quora/2015/12/31/the-top-10-security-breaches-of-2015/ 1974_ Rabbit Virus Makes Copies how he modified a C compiler to insert a backdoor The Rabbit virus made multiple copies of itself on 11_ https://www.crn.com/slide-shows/security/300083246/the-10-biggest-data-breaches-of-2016.htm/ into the login command, and when used to compile a single computer (and was named "Rabbit" for 12_ https://blog.malwarebytes.com/cybercrime/2017/12/the-seven-most-colossal-data-breaches-of-2017/ itself, it inserted the backdoor insertion code, even the speed at which it did so) until it clogged the 13_ https://www.businessinsider.com/data-hacks-breaches-biggest-of-2018-2018-12/ if neither the backdoor nor the backdoor insertion system, reducing system performance, before finally code were present in the source code. 14_ https://www.forbes.com/sites/forbestechcouncil/2018/10/10/how-three-waves-of-cyber-security- reaching a threshold and crashing the computer. innovation-led-us-here/ 15_ https://online.norwich.edu/academic-programs/resources/who-are-cyber-criminals/ 1975_ First Trojan - ANIMAL 16_ https://www.telegraph.co.uk/news/2017/04/04/six-types-cybercriminals-identified-bae/ John Walker created ANIMAL for UNIVAC 1108 1986_ First IBM Virus & Military Attack 17_ https://www.malwarebytes.com/cryptojacking/ which asked a number of questions of the user in The Brain boot sector virus is responsible for the first an attempt to guess the type of animal that the IBM PC epidemic. The virus was created in Lahore, user was thinking of, while the related program Pakistan by 19-year-old Pakistani programmer, Basit PERVADE would create a copy of itself and ANIMAL Farooq Alvi, and his brother, Amjad Farooq Alvi. Also in every directory to which the current user had this year, hacker Marcus Hess hacked an internet access. Though non-malicious, "Pervading Animal" gateway in Berkeley and piggybacked into ARPNET. represents the first Trojan in the wild. There he hacked 400 military computers, including Pentagon mainframes, with the intent of selling secrets to the KGB. SEC. //13. _APPENDICES

1987_ Viruses Get Media Attention ended up with only minimal damage. Leandro & 2010-2014_ Keyloggers Get Bank Info DEFENDER HISTORY Leigh and Yale were both targeted with boot Kelly, Freddy Krueger and OneHalf all spread quickly Malware continued to advance in new ways to sector viruses that were named after them, during this time period. By the end of the early 1990’s steal data. SpyEye and Zeus viruses evolved to 1971 - The Reaper Beats The Creeper but were luckily stopped before they got into there were tens of thousands of known malware. attack mobile phone banking information and Ray Tomlinson, BBN co-worker of Bob Thomas, the wild. However, the first self-encrypting file popular websites with monetary transactions. wrote a new version of the Creeper, which 1995-1999_ Worms Expand to New Systems virus, Cascade, infected IBM Belgium; which Data breaches continued to escalate during this replicated itself as it moved across the network - triggered their development of antivirus solutions. A series of viruses came out in this period that time period with a large volume of data record the first worm. Then he wrote a program to remove Additionally, viruses like The Jerusalem virus targeted particular software or systems. Concept theft hitting Sony, Evernote, Living Social and it called the Reaper. which destroyed executable files on a particular was the first macro virus and was created to attack Yahoo. Anti-Spyware 2011 came out that disabled 1986_ Astronomer Defeats Military Attack date, created worldwide panic and the Vienna MS Word documents. Boza was designed specifically antivirus programs and prevented updates. Astronomer Clifford Stoll, detected the intrusion by virus made its first appearance. The year ended for Windows 95 files, Laroux was the first MS Excel Flame (aka FLamer, sKyWIper and Skywiper), an Marcus Hess on the US Government and deployed a with the first widely disruptive replicating network macro virus and Staog attacked Linux machines. 1999 incredibly sophisticated malware, was used for honeypot technique to remove Hess from the system. program, Christmas Tree EXEC, paralyzing several saw a host of worm activity with Happy99 attaching targeted cyber espionage. CryptoLocker was a to emails, Melissa attacking MS Word and Outlook, international computer networks. powerful ransomware that led to many copycats. 1987_ Brain & Vienna Neutralized by AV ExploreZip destroying MS Office documents and Kak Additionally, the first virus targeting the Internet of 1988_ Morris Worm Slows Internet worm exploiting a bug in Outlook Express. John McAfee’s PC was one of the computers Things (IoT), Linux Darlioz, went into effect. infected with the “Brain” virus. John figured out Robert Morris wanted to gauge the size of the internet. 2000-2004_ Nasty Worms Spread Quickly how to remove it and started travelling the country To do this, he wrote a program designed to propagate 2015-2019_ Breaches Made Us WannaCry to help others. Eventually, he decided to automate across networks, infiltrate Unix terminals using a With malware viruses exploding, it was inevitable Ransomware Locky spread throughout Europe and the virus detection and removal process by making known bug, and then copy itself. The Morris worm that some would hit on a large scale. Malware infected several million computers. Tiny Banker a software called VirusScan. Bernd Fix, a German replicated so aggressively that the early internet like Pikachu, which was the first virus to target Trojan (Tinba) infected more than two dozen security expert was accredited with the first slowed to a crawl, causing untold damage. This year children, and Anna Kournikova, which hit email major banking institutions, capturing customer removal of an “in-the-wild” computer virus called also saw the Ping-Pong virus hit the University of contacts, are likely the most memorable. But credentials. Mirai made headlines by infecting the Vienna virus. G DATA and ESET also released Turin in Italy, as well as the spread of CyberAIDS and let’s not forget about the ILOVEYOU worm which the Internet of Things to launch disruptive DDoS antivirus this year. Festering Hate viruses which were targeted at Apple infected millions of Windows computers worldwide attacks,which killed accessibility to websites such and is considered one of the most damaging worms ProDOS and were extremely destructive. as GitHub, Twitter, Reddit, Netflix and Airbnb. The 1988_ 5 Antivirus Programs Released ever. Also notable is the fastest spreading worm WannaCry ransomware attack spread globally 1989_ First Ransomware - AIDS of all time, the SQL Slammer worm (aka Sapphire With viruses becoming more public, antivirus during this time and reportedly caused up to $4 programs became the focus of many researchers. Several thousand floppy disks containing the AIDS worm or Helkern) which attacked vulnerabilities billion in damages. Kedi RAT, a remote access At least 5 new antivirus programs were released Trojan, the first known ransomware, are mailed to in MS SQL Server and caused massive internet Trojan, targeted Citrix users and evaded usual this year resulting in companies being established. subscribers of PC Business World magazine and a access disruptions worldwide just 15 minutes after system scanners. What was even more public and These were: Avira, Avast, AhnLab, Sophos and Dr. WHO AIDS conference mailing list. This DOS Trojan infecting its first victim. painful was the growing number and damage of Solomon’s Antivirus Toolkit. Additionally, after lay dormant for 90 boot cycles, then encrypted all data breaches. The most damaging breach was the Morris Worm, a nonprofit research center to filenames on the system, displaying a notice asking 2005-2009_ Data Theft Evolves Aadhaar, an identification system in India, that was protect the internet against systemic issues was for $189 to be sent to a post office box in Panama in This time period saw its share of destructive hacked for the bank info of 1.1B individuals. Other formed as the Computer Emergency Response order to receive a decryption program. malware like Nyxem, Storm Worm and Conficker. notable breaches included Marriott Starwood Team; which later became US-CERT. But it also saw the rise of viruses that logged Hotels, Equifax, Anthem, Yahoo, MySpace, Edmodo, 1990-1994_ Viruses Create Hysteria keystrokes to steal data like Zeus, Torpig and Uber and of course the highly publicized Facebook/ 1989_ Legacy AV is Born 1990 was the birth of a new series of viruses called Daprosy. Widespread data breaches were now a Cambridge Analytica. Eugene Kaspersky wrote his first virus removal tool the Chameleon family. Mark Washburn and Ralf reality for companies with the very public breaches to remove Cascade.1704 from his work computer. Burger analyzed Vienna and Cascade to come up of AOL, CardSystem Solutions, TK/TJ Maxx, the Friorik Skulason created F-PROT Anti-Virus and with polymorphic viruses. Later that year, the Form US Military and Heartland who each experienced Symantec developed the first antivirus product for virus was found in Switzerland and is attributed as data theft on the scale of 40M-130M records. 2005 the Macintosh. This is also the year that the SANS the most common virus in the wild with 20-50% of alone saw 136 data breaches occur according to the Institute was founded. reported infections. In 1992 Michelangelo created Privacy Rights Clearinghouse. hysteria with a digital apocalypse on March 6th that SEC. //13. _APPENDICES

1990-1994_ Influx of New Antivirus assets and coined the concept of security information MORE TWITTER FEEDS TO FOLLOW MORE BLOGS TO READ This period saw at least 7 major antivirus programs and event management systems (SIEMs). 01_ https://twitter.com/heinzarelli 01_ https://blog.trailofbits.com/ enter the market, likely as a result of the increase 2010-2014_ Endpoint Security Goes Deep in malicious activity. Panda Software released 02_ https://twitter.com/dakami 02_ https://www.grahamcluley.com/ Panda Anti-Virus, Trend Micro introduced their first Adversaries soon figured out how to defeat EPP 03_ https://twitter.com/hacks4pancakes 03_ https://danielmiessler.com/ product called PC-cillin, VirIT eXplorer came out solutions with fileless malware leveraging built-in 04_ https://twitter.com/aprilwright 04_ http://carnal0wnage.blogspot.com/ tools. All of a sudden, companies had a severe lack of Italy and Symantec launched Norton AntiVirus 05_ https://twitter.com/HoustonHackers 05_ http://www.mcgrewsecurity.com/ of resources with cybersecurity knowledge and a 1.0 thanks to their acquisition 1 year earlier of 06_ https://twitter.com/0xAmit 06_ https://blog.talosintelligence.com/ computer expert Peter Norton. Grisoft, which later hodge podge of tools that worked in isolation to 07_ https://twitter.com/DragosInc 07_ https://inteltechniques.com/blog/ became AVG and was acquired by Avast in 2016 solve different types of threats. The burden became launched their first product, Anti-Virus Guard too much to manage. In response, Carbon Black 08_ https://twitter.com/MarcoFigueroa 08_ http://spylogic.net/ (AVG). Dr. Web came out of Russia and Data Fellows developed Endpoint Detection and Response (EDR) 09_ https://twitter.com/_MelissaArcher 09_ http://taosecurity.blogspot.com/ came out of Finland. Additionally, innovation was to detect and investigate compromised endpoints. 10_ https://twitter.com/Serialgeist 10_ http://www.room362.com/ rampant at existing antivirus companies. Additionally, innovative cybersecurity vendors 11_ https://twitter.com/stefant 11_ http://blog.sipvicious.org/ 1995-1999_ Continued AV Innovation began to develop centralized cybersecurity 12_ https://twitter.com/k1k_ 12_ http://blog.portswigger.net/ platforms that leverage endpoint data collection The early 1990’s marked the influx of antivirus 13_ https://twitter.com/irongeek_adc 13_ http://pentestmonkey.net/blog/ and pattern-matching to identify deeper, more invention, which meant that much of the late 1990’s 14_ https://twitter.com/trompi 14_ http://blog.c22.cc/ pervasive threats. was spent forming corporations around the AV 15_ https://twitter.com/craiu 15_ http://www.skullsecurity.org/blog/ programs that were found useful by early adopters. 2015-2019_ Security Advances in the Cloud 16_ https://twitter.com/cesarcer 16_ http://blog.metasploit.com/ 2000-2004_ Antivirus is a Must-Have Cybersecurity is no longer a human-scale problem. It 17_ https://twitter.com/CyberSec__News 17_ http://www.darkoperator.com/ now requires a collaboration between humans and Thanks to the widespread reach of malware 18_ https://twitter.com/e_kaspersky 18_ http://blog.skeptikal.org/ innovative machine learning techniques to meet the and the absolute chaos it caused companies 19_ https://twitter.com/HackerHurricane 19_ http://www.tssci-security.com/ challenge of the latest cyber threats. Cybersecurity in lost productivity of their employees and 20_ https://twitter.com/Zer0Security 20_ http://www.gdssecurity.com/l/b/ innovators, like Carbon Black, go proactive by IT departments, antivirus software became a leveraging deep learning and specialized artificial 21_ https://twitter.com/nudehaberdasher 21_ http://websec.wordpress.com/ standard. Antivirus companies went all in with intelligence (AI) techniques, to continuously discover 22_ http://www.sensepost.com/blog/ development teams working feverishly to keep up and analyze the massive attack surface. Massive 23_ http://punter-infosec.com/ with all of the viruses being detected in the wild. cloud-based cybersecurity platforms remove 24_ http://www.securityninja.co.uk/ 2005-2009_ Rise of Endpoint Protection maintenance issues and centralize security info with 25_ http://securityandrisk.blogspot.com/ big data, leveraging the power of the larger threat By this time, the number of new malware samples 26_ http://esploit.blogspot.com/ hunting community to help IT teams scale. The goal found had grown to 5M yearly. Legacy antivirus 27_ http://www.pentestit.com/ couldn’t keep up and the first endpoint protection is to have comprehensive, predictive assessments of 28_ http://www.nullthreat.net/ platform was developed by Symantec which breach risk that prescribe and prioritize the correct introduced the use of signatures scanning for mitigating steps to avoid breaches. 29_ http://www.commonexploits.com/ “malware families” to look for malicious behaviors 30_ http://www.sensepost.com/blog/ instead of relying on signatures. Also in this time 31_ http://exploit.co.il/ period, Carbon Black developed application 32_ http://securityreliks.wordpress.com/ control, which uses a default-deny policy to stop 33_ http://www.madirish.net/ more advanced attacks like zero-day and targeted 34_ http://www.digininja.org/ attacks. Next-generation firewalls were developed 35_ http://www.securityweekly.com/ during this time to attempt to detect and block undesirable HTTP content. Additionally, Gartner 36_ https://slashdot.org/ researchers saw the need for centralized visibility of 37_ https://adsecurity.org/ SEC. //13. _APPENDICES