Using Visualization in security…

Visualization as mentioned is the art of ploting any complex series of events on to simple graph for ease of understanding.

Taking the concept of Visualization on to Information security where complex structures of exploits,  malaware,  traffic of bot-nets etc. can be mapped to simple and comprehendable graphs. Looking it from the other perspective Security visualization could be used for to make business sense like for making threat maps for an organization as a part of VA and executing them in the Pen-test or making a tree map for various compliance. On the lighter and practical side these methods could be used to ease down the burden of reporting.

Recently when I was working on a project of nepenthesfe I stumbled upon afterglow a perl based tool afterglow to make graphs from CSV files (using some tweek up ) and to my daze i found it can take in any sort of data let it be pcap files (in CSV form) to binaries or even logs and convert the output to the mapped link-graph.It firstly creates a .dot file which can be used to convert to jpg or png file using graphviz. And using graphviz u can create various types of layout namely twopi, circo, dot and neato. Ya all sound greek/ geek.

Firstly i started out making simple bash based script to test making some simple graphs but later while goin in depth of the rabbit hole, I found that a simple tcpdump can be used to generate graph based on variour parameters like source, dest, port, count, traffic, usage etc etc (using the simple play of regex). But as the rabbit hole of afterglow grew more  deeper i found that it would be easier to find unique attack vectors for a log analysis and detailed mapping of logs is possible based on count.  Lastly the most amazing one was use of pefile to convert a detials of binary to csv file and then make a map of the binary. Moreover afterglow structure can be modified just by changing the file based on the type of input required.

And all this using just one single command.

cat csvfile.csv | perl /pathtoafterglow/ | neato -Tjpg -o outputfile.jpg

( Provided the csv file has valid data )

(have been tested on Ubuntu with graphiz package as a preqreuisite)

Adios for now as getting my head on Treemap (JAVA my nightmare )


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: