BTS - MISP and Threat Intelligence Introduction
From 9:30 to 12:00 CET (a small break is foreseen)
Short url: https://tinyurl.com/BTS-MISP2
Agenda
- MISP Introduction and history
- MISP data model
import uuid | |
from pprint import pprint | |
import json | |
import requests | |
# https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide | |
# https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/ |
From 9:30 to 12:00 CET (a small break is foreseen)
Short url: https://tinyurl.com/BTS-MISP2
adulau@maurer:~$ curl -w "@curl-format.txt" -o /dev/null -s "https://services.nvd.nist.gov/rest/json/cpes/2.0/?resultsPerPage=20&startIndex=0"
time_namelookup: 0,120529s
time_connect: 0,225630s
time_appconnect: 0,386989s
time_pretransfer: 0,387033s
time_redirect: 0,000000s
time_starttransfer: 5,810461s
\documentclass[a4paper]{article} | |
\pagestyle{plain} | |
\usepackage{calc} | |
\usepackage[top=0.25in,bottom=0.75in,left=0.5in,right=0.5in]{geometry} | |
\usepackage{tikz} | |
\newlength{\wholeboxwd} | |
\setlength{\wholeboxwd}{0.99\textwidth} | |
\newlength{\wholeboxht} | |
\setlength{\wholeboxht}{0.95\textheight} |
I hereby claim:
To claim this, I am signing this object:
{ | |
"identity": "recursive-5003", | |
"qname": "www.aboil.info.", | |
"rrtype": "A", | |
"query-ip": "127.0.0.1", | |
"query-port": 34882, | |
"response-ip": "127.0.0.1", | |
"response-port": 5003, | |
"latency": 0.027, | |
"message": "CLIENT_RESPONSE", |
It's using the index and the gzip member file to seek to the exact record in the HTTP request.
Hash=HASHVALUE
) (it's the hex representation of MD5);psql hkp
select rfingerprint from keys where md5 in ('HASHVALUE');
http://95.107.48.115:80/announce | |
http://agusiq-torrents.pl:6969/announce | |
http://asnet.pw:2710/announce | |
http://fxtt.ru:80/announce | |
http://grifon.info:80/announce | |
http://mgtracker.org:2710/announce | |
http://mgtracker.org:6969/announce | |
http://ns349743.ip-91-121-106.eu:80/announce | |
http://open.acgnxtracker.com:80/announce | |
http://pt.lax.mx:80/announce |
List of services which are giving access to Tor network and especially Tor hidden services
via web interface. We keep track of potential injection or abuse from such service (the column Scam
).
Url | Status | Domain | Log | Techno | Scam |
---|---|---|---|---|---|
https://onion.re/ | UP | onion.re | full | custom | no |