Personal tools

Davix

From 25C3 Public Wiki

Jump to: navigation, search


Contents

[edit] DAVIX Visualization Bootcamp

[edit] Date

Day 2 - 13:00--15:00 (Berlin time) - Sun - 2008-12-28

[edit] Website

http://davix.secviz.org

[edit] About the Project

Need help understanding your gigabytes of application logs or network captures? Your OS performance metrics do not make sense? Then DAVIX, the live CD for visualizing IT data, is your answer! To simplify the analysis of vast amounts of security data, visualization is slowly penetrating the security community. There are many free tools available for analysis and visualization of data. To simplify the use of these tools, the open source project DAVIX was put to life.

[edit] The Workshop

At this "Bring Your Own Laptop" workshop we will introduce you to DAVIX and show you how to visualize data. The workshop starts with an introduction to the live CD, the tools and the integrated manual. Then we will do several visualizations of sample data to show you how you can make graphs with ease. We will show how you can convert a PCAP into a linked graphs. We will also be looking into ways to data mine for interesting behavior. Be prepared for pretty and meaningful pictures!

[edit] What you need

For you to be able to participate in the analysis part of the workshop, you should bring an Intel or AMD x86 based notebook with at least 1GB of memory and a wireless LAN adapter. To avoid problems with the Wireless card setup we strongly recommend that you run DAVIX in VMware Player or VMware Fusion in NAT mode. The DEFCON edition DAVIX 1.0.1 ISO image (Size: 590'401'411 Bytes, MD5: 6c4c4ac5d7bcf84d8395fabed36e141a) should be downloaded before the workshop. It contains all the necessary tools and sample data for the workshop. For setup assistance see DAVIX Manual chapter 6.1.1 and 6.1.2. The SLAX module with the scripts for analyzing the DEFCON capture file can be found here: .

[edit] Workshop Files

[edit] Visualization Contest - Terms and Conditions

  • Task: Modify existing workshop script 004_activity_connections_volume.sh and AfterGlow configuration color2.properties such that 1) the shape of the nodes represent attacking nodes and 2) the type of attack is visible in the linked graph. The best submission, which has solved both parts of the task , wins a copy of Raffael Marty's "Applied Security Visualization" book. You may use additional tools found on the Live CD to help your task. The referred script and config file can be found in the additional SLAX module downloadable in the Workshop Files section.
  • Deliverable: Result submissions must include a shell script that generates the graph.
  • Deadline: January 6, 2009 23:59 UTC
  • Submit to: jan dot monsch ├Ąt iplosion dot com
  • Legal recourse is excluded.