BTS - MISP and Threat Intelligence Introduction
From 9:30 to 12:00 CET (a small break is foreseen)
Short url: https://tinyurl.com/BTS-MISP2
Agenda
- MISP Introduction and history
- MISP data model
Alexandre Dulaunoy adulau
adulau
/ ms_threat_actor_taxonomy_to_misp_format.py
Last active
April 20, 2023 15:05
— forked from botlabsDev/ms_threat_actor_taxonomy_to_misp_format.py
Microsoft threat actory taxonomy to misp format converter
View ms_threat_actor_taxonomy_to_misp_format.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import uuid | |
| from pprint import pprint | |
| import json | |
| import requests | |
| # https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide | |
| # https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/ |
View bts-misp.md
adulau
/ time-to-query-api-nvd.md
Created
January 1, 2023 10:34
Time to query the API v2.0 of NVD NIST
View time-to-query-api-nvd.md
Getting CPEs
adulau@maurer:~$ curl -w "@curl-format.txt" -o /dev/null -s "https://services.nvd.nist.gov/rest/json/cpes/2.0/?resultsPerPage=20&startIndex=0"
time_namelookup: 0,120529s
time_connect: 0,225630s
time_appconnect: 0,386989s
time_pretransfer: 0,387033s
time_redirect: 0,000000s
time_starttransfer: 5,810461s
adulau
/ cornell-notes-template.tex
Created
December 31, 2022 10:08
Cornell notes template in LaTeX based on https://tex.stackexchange.com/questions/70570/cornell-notes-a-lyx-or-latex-solution-needed
View cornell-notes-template.tex
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| \documentclass[a4paper]{article} | |
| \pagestyle{plain} | |
| \usepackage{calc} | |
| \usepackage[top=0.25in,bottom=0.75in,left=0.5in,right=0.5in]{geometry} | |
| \usepackage{tikz} | |
| \newlength{\wholeboxwd} | |
| \setlength{\wholeboxwd}{0.99\textwidth} | |
| \newlength{\wholeboxht} | |
| \setlength{\wholeboxht}{0.95\textheight} |
adulau
/ keybase.md
Created
November 29, 2022 09:41
View keybase.md
Keybase proof
I hereby claim:
- I am adulau on github.
- I am adulau (https://keybase.io/adulau) on keybase.
- I have a public key whose fingerprint is 6BB5 6353 1D99 F112 4C00 8C4F 815D 4786 1ECB 73D5
To claim this, I am signing this object:
adulau
/ sample-dnstap-decoded.json
Created
August 13, 2022 13:59
View sample-dnstap-decoded.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "identity": "recursive-5003", | |
| "qname": "www.aboil.info.", | |
| "rrtype": "A", | |
| "query-ip": "127.0.0.1", | |
| "query-port": 34882, | |
| "response-ip": "127.0.0.1", | |
| "response-port": 5003, | |
| "latency": 0.027, | |
| "message": "CLIENT_RESPONSE", |
View commoncrawl.md
Seek in archive
It's using the index and the gzip member file to seek to the exact record in the HTTP request.
adulau
/ hockeypuck-key-removed.md
Created
May 27, 2022 07:59
How to remove keys from Hockeypuck OpenPGP key server
View hockeypuck-key-removed.md
How to remove keys from Hockeypuck OpenPGP key server
- First find the Hockeypuck hash of the key(s) to be removed via the web search of your key server instance;
- On the index, copy the hash value (
Hash=HASHVALUE) (it's the hex representation of MD5); - Connect to the PostgreSQL interface of your Hockeypuck server;
psql hkp- Find the corresponding keys from their hash value;
select rfingerprint from keys where md5 in ('HASHVALUE');- This will return the corresponding fingerprints;
- Then delete the associated sub-keys;
View trackers.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://95.107.48.115:80/announce | |
| http://agusiq-torrents.pl:6969/announce | |
| http://asnet.pw:2710/announce | |
| http://fxtt.ru:80/announce | |
| http://grifon.info:80/announce | |
| http://mgtracker.org:2710/announce | |
| http://mgtracker.org:6969/announce | |
| http://ns349743.ip-91-121-106.eu:80/announce | |
| http://open.acgnxtracker.com:80/announce | |
| http://pt.lax.mx:80/announce |
View tor2web-list.md
Tor2web and tor proxies public list
List of services which are giving access to Tor network and especially Tor hidden services
via web interface. We keep track of potential injection or abuse from such service (the column Scam).
List
| Url | Status | Domain | Log | Techno | Scam |
|---|---|---|---|---|---|
| https://onion.re/ | UP | onion.re | full | custom | no |
NewerOlder