You can now browse the @misp playbooks on GitHub Pages: https://misp.github.io/misp-playbooks/ . The playbooks are automatically converted into easy-to-navigate HTML pages. Dive in and explore!
=> More informations about this toot | View the thread
Further enhance phishing investigations with @MISPProject playbooks! 'URL Remediation' streamlines finding abuse contacts via AbuseFinder, LookyLoo , @firstdotorg , and RDAP, while reporting malicious sites to MSRC, Google Safe Browsing and Netcraft. https://github.com/MISP/misp-playbooks/blob/main/misp-playbooks/pb_url_remediation-with_output.ipynb
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
New conversion scripts bridge @misp playbooks and CACAO ( @oasisopen
) security playbooks. Still an initial version but significantly simplifies integration between both formats. https://github.com/MISP/misp-playbooks/blob/main/documentation/MISP_CACAO.md #CTI #automation #soar
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
I'm working on "Proving the Value of Cyber Threat Intelligence," to support demonstrate the impact of #CTI in organisations. Early work, and open to feedback and suggestions for improvement! https://github.com/cudeso/proof-value-cti
=> View attached media | View attached media
=> More informations about this toot | View the thread
I created a small script to extract unique hostnames and domains from the DDoSia configuration objects shared via @misp . Post at https://www.vanimpe.eu/2024/10/08/extract-hostnames-and-domains-from-ddosia-misp-object/ ; Script: https://github.com/cudeso/tools/blob/master/ddosia-extract/parse_ddosia.py #DDOS #DDOSIA
=> View attached media | View attached media
=> More informations about this toot | View the thread
There's a new @misp playbook waiting for you! Search in @TimesketchProj for MISP indicators. Plot the results in a graph, create a saved search in Timesketch, report sightings in MISP, and send a summary to Mattermost. #cti #automation #playbooks https://github.com/MISP/misp-playbooks/blob/main/misp-playbooks/pb_timesketch_search_query_sightings-with_output.ipynb
=> View attached media | View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
Honeypot technology may seem old, but it’s still very much in play. @ncsc is exploring honeypots & honeytokens as part of cyber defence strategy "Building a nation-scale evidence base for cyber deception". Opportunities @circl #D4 and @shadowserver https://www.ncsc.gov.uk/blog-post/building-a-nation-scale-evidence-base-for-cyber-deception
=> View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
Earth Baku, tied to APT41, is expanding operations into Europe. Targeting public-facing IIS servers, using Google & Cloudflare for C2, and possibly exfiltrating via MEGA. @TrendMicro https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html Indicators in botvrij.eu https://www.botvrij.eu/data/feed-osint/739fc559-c1ea-427b-9dd6-4999276f537c.json
=> View attached media | View attached media | View attached media
=> More informations about this toot | View the thread
=> This profile with reblog | Go to cudeso@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini