An Introduction of the Kobra, a Client for the Badger Version 2.0, Providing Tactical Situational Awareness, Physical Tampering Protection and Automatic Process Mitigation

Explore a conference talk that introduces Kobra, a client for Badger Version 2.0, designed to enhance tactical situational awareness, provide physical tampering protection, and enable automatic process mitigation. Delve into the security shortcomings addressed by this tool, examining concepts such as weird machines, TCP dump data analysis, reverse lookup processes, and IP address handling. Learn about the directory structure, destination list management, and process correlation techniques employed by Kobra. Gain insights into kernel-level operations, handle table manipulation, and debugging capabilities. Discover how to effectively stop processes, manage connectivity, and facilitate data exchange. Conclude with an overview of the project's GitHub presence, ontology, and contact information for further engagement with the Kobra development community.

Intro
Welcome
Security has many shortcomings
Weird machines
Formula
TCP Dump
TCP Dump Data
Reverse Lookup Data
IP Addresses
Directory Structure
Destination List
Process correlator
Kernel
Handle Table
Debugger
Response
Stop a process
How to stop a process
Connectivity
Data Exchange
Github
Ontology
Contact