Open Source project for finding the Threats on Proxy or Web Server Logs with Emerging Threats Open rules

It's a production ready version, all feedback is welcome.

I periodically experiment on the Internet with different interests: freelancing, organizing a pseudo-company, collecting and analyzing various kinds of data related to information security, launching a small project or service, self-written or on the basis of some ready-made solution.

In this video we review the setup requirements for installing and deploying TinyNuke.

Threat hunting is a popular topic these days, and there are a lot of people who want to get started but don’t know how. What should they hunt for? How should they perform the hunts? What data will they need to collect?

On the other hand, there are a lot of individuals out there who have written blog posts, conference presentations or whatever that detail some of their favorite hunting procedures. The problem is that these procedures are scattered all over the Internet, and are sometimes hard to find.

That’s why the ThreatHunting Project exists. Here you will find links to a number of different published hunting procedures. It my hope that this will give you some concrete starting points, or if you are an experienced hunter, help you find additional techniques to add to your repertoire.

This website is dedicated to internetworking documentation with FOSS.

It contains articles, guides, labs and presentations which can be used as
teaching or self learning material

As the documents have to be maintained over years, static web pages are the
most suitable way to publish them

Ldap Admin is a free Windows LDAP client and administration tool for LDAP directory management. This application lets you browse, search, modify, create and delete objects on LDAP server. It also supports more complex operations such as directory copy and move between remote servers and extends the common edit functions to support specific object types (such as groups and accounts).

You can use it to manage Posix groups and accounts, Samba accounts and it even includes support for Postfix MTA. Ldap Admin is free Open Source software distributed under the GNU General Public License.

Cisco Services for IPS protects and enhances the effectiveness of the Cisco Intrusion Prevention System. Supported by the Cisco Global Security Intelligence organization, Cisco Services for IPS delivers continuously updated, comprehensive, and accurate detection technology to identify and block fast-moving and emerging threats.

FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.

Various Security Technical Implementation Guides

In this chapter, you learn about the following topics:

Fundamental concepts in network security, including identification of common vulnerabilities and threats, and mitigation strategies
Implementation of a security architecture using a lifecycle approach, including the phases of the process, their dependencies, and the importance of a sound security policy

David Sharpe from GE-CIRT. So, mature CIRTs are supposed to have people hunting for APT, right? Don’t have a hunt team yet? Don’t know what to hunt for, or how or where to hunt? You are not alone. This talk will cover a range of effective and practical techniques that have worked over the years for finding targeted intrusions.

Hackmiami Conference 2016

Continuing TinyNuke Explained - part I, we review the available features of TinyNuke through the control panel, deploy a bot to our client machine, and perform attacks against our client.

A bit of my life. You can try to reach me: zen @ either fish2.com or trouble.org. I sometimes jot things down at trouble.

Our hands-on method teaches you all the skills you need to become a data scientist or data analyst.

Learn by writing code, working with data, and building projects in your browser.

Threat modeling is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. Threat modeling is not an approach to reviewing code, but it does complement the security code review process. The inclusion of threat modeling in the SDLC can help to ensure that applications are being developed with security built-in from the very beginning.

Nuclear or TinyNuke is a full fledged banking trojan its main features are:

• Formgrabber and Webinjects for Firefox, Internet Explorer and Chrome. Can inject x86 as well as x64 browsers.
• Reverse SOCKS 4
• HVNC like Hidden Desktop
• Trusteer Bypass
• ~32kb binary with obfuscated strings ~20kb without