A recipe for both
- Scott J Roberts
- Instructor: SANS FOR578 Cyber Threat Intelligence
- Author: Intelligence Driven Incident Response
- Metaphor Warning!!!
Scott J. Roberts sroberts
sroberts
/ ingest.storm
Last active
June 10, 2022 15:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for ($fqdn, $ipv4) in $rows { | |
| [ inet:dns:a = ( $fqdn, $ipv4 ) +#ioc +#adversary.nsogroup +#infrastructure ] | |
| } |
sroberts
/ cti-and-ramen.md
Last active
September 22, 2021 23:21
My outline for my Cyber Threat Intelligence & Ramen: A Recipe for Both presentation
sroberts
/ keybase.md
Created
December 5, 2017 13:19
I hereby claim:
- I am sroberts on github.
- I am sroberts (https://keybase.io/sroberts) on keybase.
- I have a public key ASCkaqzoKIRjKiuUTpAnkRKZtNSZ2G-7D7VMh5w8QlVi2wo
To claim this, I am signing this object:
Here is an overview of my past (and sometimes upcoming) speaking opportunities.
- Mind The Sec: TBD
- SANS DFIR Summit: Japanese Manufacturing, Killer Robots, & Effective Incident Handling
- SANS Leadership Summit: Crisis Communication for Incident Response
- ArchC0n: Chasing Shiny Objects: InfoSec budget decisions in a hype driven world
- SANS DFIR Summit: Responding @ Scale - osquery for Mass Incident Detection & Response (Slides)
sroberts
/ keybase.md
Created
February 9, 2016 01:51
I hereby claim:
- I am sroberts on github.
- I am sroberts (https://keybase.io/sroberts) on keybase.
- I have a public key ASBN2JRFuuB8vzXzq06VSCrmaXjHU9q0LR4K6aM6UUujkgo
To claim this, I am signing this object:
sroberts
/ transform-setup.py
Created
March 3, 2015 00:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set up your Transform object. This is the basis for returning results. | |
| trx = MaltegoTransform() |
sroberts
/ transform-returnOutput.py
Created
March 3, 2015 00:13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This returns the transform as an XML representation that Maltego | |
| # uses to update the graph. | |
| trx.returnOutput() |
sroberts
/ transform-imports.py
Created
March 3, 2015 00:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Import MaltegoTransform-Python library | |
| # from MaltegoTransform import MaltegoEntity | |
| from MaltegoTransform import MaltegoTransform |
sroberts
/ transform-exception.py
Last active
August 29, 2015 14:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a Maltego Transform Exception | |
| trx.addException("We're out of gummy bears!!! Abort.") | |
| # ThrowExceptions returns the errored transform. | |
| trx.throwExceptions() |
sroberts
/ transform-addEntity.py
Last active
August 29, 2015 14:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # For a 1-1 transform, so we create one location entity based | |
| # on the geolocation data. | |
| trx.addEntity("maltego.Location", "New York, NY") | |
| # This can also be placed in a loop and will result in multiple entities. | |
| locations = ["New York", "Washington DC", "San Francisco"] | |
| for location in locations: | |
| trx.addEntity("maltego.Location", location) |
NewerOlder