Professional Documents
Culture Documents
Automated NOC
Detection
, Head of GCHQ NAC
, Senior Network Analyst, CSEC NAC
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
Challenge
SDC 2009 Challenged the Network
Analysis community to automate the
detection of Network Operations
Centres
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
SSH
TELNET/VTY
SNMP
SYSLOG
DNS
TACACS
RADIUS
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306 (non-sec) or email infoleg@gchq
T STRAP 2
AL
SURGE
SNAPSHOT SLIDE 2
disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
uests to GCHQ on 01242 221491 x30306 (non-sec) or email infoleg@gchq
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306 (non-sec) or email infoleg@gchq
RET STRAP 2
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306 (non-sec) or email infoleg@gchq
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GC
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ
The fact that login was successful for both examples means the
following:
From TCP Port 23
To IP address is Network Management Terminal (in the
NOC ?)
To TCP Port 23
From IP address is Network Management Terminal (in
the NOC ?)
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCH
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
Mobile Networks in
World
Head of GCHQ NAC
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
Analyst Desktop X 10
Un-attributable internet X 10
JTRIG Desktop
HIGHNOTE CNE Toolsuite
COPPERHEAD CNE Attack box
NEXUS (BSS Desktop)
CADDIS (SIS Desktop)
NRT Tipping Display
65 VTC/Collaborative Monitor and Projector
Virtual Whiteboarding tool and Whiteboard
Secure telpehony / storage
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
IR21 extractions
Website research domains visited from target gateway IPs
TDI harvesting
Identified owners of TDIs / finding new potential targets
Identified the FTP service
User agent analysis
Laptop identification
Mail server analysis
SSL research
GRX analysis
Dedicated resources
Priority tasking of access
Priority utilisation of CNE Operator resources
Priority utilisation of CNE Developer resources
Priority use of enabling community (GTE, GTAC, JTRIG)
Priority time of legalities bodies
In MyNOC:
CNE Access to BELGACOM MERION ZETA 6 endpoints into
Engineer/support staff IP range
2 endpoints into BELGACOM DMZ (from prep VA work)
Optimal Bearers identified providing good access to BELGACOM proxy.
Post MyNOC:
Optimal Bearers continue to allow QI against BELGACOM engineers/proxy
Internal CNE access continues to expand getting close to access core
GRX Routers currently on hosts with access
NAC continue to support with Network Analysis
of internal networks, network understanding
research on credentials and identification of
engineers/system administrators and their
specific roles.
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ on
IRASCIBLE HARE
IRASCIBLE RABBIT
IRASCIBLE MOOSE
IRASCIBLE EMITT
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ
This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under ot her UK information
legislation. Refer disclosure requests to GCHQ o
Support page
Contents
1 How should the file system be rendered?
2 How do you want to search the file system?
3 How do you want to get tasked by
customers?
4 What should appear on the summary pages?
What about summary pages for a Project or
Implant?
5 Embedded Comments
6 What would CNE need from Network
diagrams?
7 What input is most important
(ipconfig/netstat/dns/arps/....) ?
8 Scripts
9 Visualising non-DareDevil logs
10 Add a new section here!
STARGATE
User Guide
Bugs & Feedback
Deployments
CNE Requirements
Surgery
Support
Administration
User Management tool
Plugins
VORPAL SWORD
User Guide
Bugs & Feedback
Development
Version history
CLOTHO 2
Interface from ROYAL MANTLE
Architecture
Connectivity
ERIDANUS
CHEYENNE MOUNTAIN
CHEYENNE MOUNTAIN2
AQUILA
CNE on the BIG BUS
Iterations
Iteration 7 Feedback
Iteration 6 Feedback
Iteration 5 Feedback
Dev Team