This is a list of data sources that may be useful to cyber security. We are documenting these sources as part of an ongoing project, Stucco.

I am an independent security analyst providing cyber threat intelligence and network traffic associated with malware infections. I am located in the Albany, New York area.
All domains and URLs listed on this website should be considered as dangerous and could cause damage to your computer. We do not provide clickable active hyperlinks to these sites.

Use this website at your own risk!

Open Source project for finding the Threats on Proxy or Web Server Logs with Emerging Threats Open rules

It's a production ready version, all feedback is welcome.

David Sharpe from GE-CIRT. So, mature CIRTs are supposed to have people hunting for APT, right? Don’t have a hunt team yet? Don’t know what to hunt for, or how or where to hunt? You are not alone. This talk will cover a range of effective and practical techniques that have worked over the years for finding targeted intrusions.

Hackmiami Conference 2016

I periodically experiment on the Internet with different interests: freelancing, organizing a pseudo-company, collecting and analyzing various kinds of data related to information security, launching a small project or service, self-written or on the basis of some ready-made solution.

Cisco Services for IPS protects and enhances the effectiveness of the Cisco Intrusion Prevention System. Supported by the Cisco Global Security Intelligence organization, Cisco Services for IPS delivers continuously updated, comprehensive, and accurate detection technology to identify and block fast-moving and emerging threats.

FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.

A bit of my life. You can try to reach me: zen @ either fish2.com or trouble.org. I sometimes jot things down at trouble.

Threat hunting is a popular topic these days, and there are a lot of people who want to get started but don’t know how. What should they hunt for? How should they perform the hunts? What data will they need to collect?

On the other hand, there are a lot of individuals out there who have written blog posts, conference presentations or whatever that detail some of their favorite hunting procedures. The problem is that these procedures are scattered all over the Internet, and are sometimes hard to find.

That’s why the ThreatHunting Project exists. Here you will find links to a number of different published hunting procedures. It my hope that this will give you some concrete starting points, or if you are an experienced hunter, help you find additional techniques to add to your repertoire.

Various Security Technical Implementation Guides

In this chapter, you learn about the following topics:

Fundamental concepts in network security, including identification of common vulnerabilities and threats, and mitigation strategies
Implementation of a security architecture using a lifecycle approach, including the phases of the process, their dependencies, and the importance of a sound security policy

Threat modeling is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. Threat modeling is not an approach to reviewing code, but it does complement the security code review process. The inclusion of threat modeling in the SDLC can help to ensure that applications are being developed with security built-in from the very beginning.

This website is dedicated to internetworking documentation with FOSS.

It contains articles, guides, labs and presentations which can be used as
teaching or self learning material

As the documents have to be maintained over years, static web pages are the
most suitable way to publish them

This blog post looks at the final part of creating secure software: shipping it to users in a safe way. It explains how to use transport security and package signatures to achieve this goal.

Presentation video: Reverse-engineering CPUs for fun and profit

IBM® QRadar® Security Intelligence Platform provides a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics, incident response, and configuration and vulnerability management.

Click on a link below to visit the page for each product version.

Below is a list of known issues in RSA Security Analytics 10.6, including those listed in the Release Notes. Please click on the links to go directly to the articles.

The following is an alphabetical list of supported event sources that are available in RSA NetWitness Logs.

Web property of Monterey Technology Group, Inc. devoted to spreading knowledge and understanding of Windows Security, IT Audit and Compliance with exclusive content from Randy Franklin Smith.