ThreatMiner is designed to be an analyst's first portal to visit when doing threat research and here's why.

Threat intelligence and intrusion analysts who regularly perform research into malware and network infrastructure often find the need to rely on mutliple websites that individually holds a small piece of the larger puzzle.

Furthermore, it is often the case where pivoting directly from an open source research report is unavailable and that it is sometimes difficult to remember if an indicator has alredy been reported and/or attributed. All these small but frustrating obstacles distract an analyst from what they do best: analyse.

We are a group of people from various parts of the world, who like to experiment with computers. We hope that we can provide some information back to the public and support the ongoing process of learning. Our group is involved in various research and projects such as Hardware Hacking, BackTrack, Exploit Development, Online Information Security Training, and various other aspects of network security.

Cisco's SenderBase.org provides a view into real-time threat intelligence across web and email. SenderBase is powered by Cisco Talos, the industry-leading threat intelligence organization dedicated to providing protection before, during, and after cybersecurity threats. The data is made up of over 100TB of daily security intelligence across over 1.6 million deployed Web, Email, Firewall and IPS appliances. Talos detects and correlates threats in real time using the largest threat detection network in the world spanning web requests, emails, malware samples, open source data sets, endpoint intelligence, and network intrusions. SenderBase is able transform some of Talos's data into actionable threat intelligence and tools to improve your security posture.

urlQuery is a free online service for testing and analyzing URLs, helping with identification of malicious content on websites. The main focus of urlQuery is to find and detect suspicious and malicious content on webpages, to help improve the security industry and make the internet a safer place.

Welcome to the 'Scan of the Month' challenge. The purpose of these challenges are to help the security community develop the forensic and analysis skills to decode real attacks. It can be difficult finding real attacks that you can analyze and share your results with the community. These challenges address that problem. This is done by taking attacks we have captured in the wild and challenging the security community to decode them. Unfortunately, due to resource limitations, we can no longer provide a new challenge every month.

After doing hundreds of security code reviews for companies ranging from small start-ups to large banks and telcos, and after reading hundreds of stack overflow posts on security, I have composed a list of the top 10 crypto problems I have seen.

This package contains sample Python code that demonstrates how to use the QRadar REST API. The API is accessed by sending specially crafted HTTP requests to specific URLs on the QRadar console. These URLs, known as "endpoints", each perform a specific function. Some endpoints perform different functions depending on whether you send a GET, POST, or DELETE request. By linking together calls to these endpoints you can implement you own custom business processes or integrate QRadar data with external systems.

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis we have decided to gather all of them for you in an available and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.

Github: https://github.com/ytisf/theZoo

"CERT" is a registered trademark owned by Carnegie Mellon University. Computer security incident response teams (CSIRTs) that share our commitment to improving the security of networks connected to the internet may apply for authorization to use the "CERT" mark in their names.

The following CSIRTs have been approved to use "CERT."

IBM X-Force Exchange Threat Feed Manager

Introducing threat feed manager: you can now view external sources of threat intelligence within XFE.

IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers.

Browse, Download, Use. qRadar extensions verified for a better security.

The Ariel Query Language (AQL) is a structured query language that you use to communicate with the Ariel databases. Use AQL to query and manipulate event and flow data from the Ariel database.

WebPulse contains a database of over 15 million entries and is growing every day. It provides URL identification to the PacketShaper via requests to WebPulse service points located across the globe. Each service point is periodically pinged in order to ensure that category, application, and operation IDs are provided from the fastest service point.

NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

NVD is a product of the NIST Computer Security Division, Information Technology Laboratory and is sponsored by the Department of Homeland Security’s National Cyber Security Division.

The two visualizations on this page are simple graphs which provide different views of how the assignment of vulnerability types has changed over time.

At its core, the Common Weakness Enumeration (CWE™) is a list of software weaknesses types. Creating the list is a community initiative aimed at creating specific and succinct definitions for each common weakness type. By leveraging the widest possible group of interests and talents, the hope is to ensure that item in the list is adequately described and differentiated.he community using this information.

The main purpose of the site is to promote "slightly skeptical" approach to IT, to stimulate critical thinking about system administration and software development as professions. To increase resistance to media brainwashing. Skepticism is generally any questioning attitude towards knowledge, facts, or opinions/beliefs stated as facts, or doubt regarding claims that are taken for granted elsewhere.

Directory with qRadar documentation.

Welcome to the IBM® Security QRadar® product documentation, where you can find information about how to install, maintain, and use these products.

Browse through our Knowledge Base