how an ioc can lead to another
play

HOW AN IOC CAN LEAD TO ANOTHER? Sad Kadhi TheHive Project Automate - PowerPoint PPT Presentation

Jan 26, 2024 •356 likes •443 views

BEERUMP 17 / 2017-06-22 TLP:WHITE HOW AN IOC CAN LEAD TO ANOTHER? Sad Kadhi TheHive Project Automate bulk observable analysis through a REST API Can be queried Web UI Analyzers can be developed in any programming language that

  1. BEERUMP 17 / 2017-06-22 TLP:WHITE HOW AN IOC CAN LEAD TO ANOTHER? Saâd Kadhi 
 TheHive Project

  2. ▸ Automate bulk observable analysis through a REST API ▸ Can be queried Web UI ▸ Analyzers can be developed in any programming language that is supported by Linux ▸ Two-way MISP integration ▸ While originally created for Blue Teams, Cortex can be useful for Red Teams too

  3. ARCHITECTURE CORTEX FRONTEND BACKEND REST 
 HTTP HTTP REST 
 APIS APIS A A A A ANALYZERS STORAGE

  4. 23 ANALYZERS (AND MORE ARE COMING) FORTIGUARD URL PASSIVETOTAL HIPPOCAMPE MAXMIND SPLUNK SEARCH CATEGORY GOOGLE SAFE CIRCL PSSL CIRCL PDNS JOE SANDBOX CUCKOO BROWSING MISP SEARCH VIRUSTOTAL DNSDB VMRAY MCAFEE ATD DOMAINTOOLS ABUSE FINDER YARA IRMA FIREHOL PHISHING FILEINFO NESSUS FAME WHOISXMLAPI INITIATIVE OUTLOOK MSG OTXQUERY PHISHTANK INTELMQ FIREEYE AX PARSER HYBRID ANALYSIS

  5. Alert Alert Sources 
 Feeders (SIEM, email, …) Raise alerts Analyze observables s e s a c s t t r n o e p v x e E l l o P Enrich events Additional analyzers Search observables within MISP events Analyzers Expansion Modules

  6. LET’S GET TO WORK ▸ In February, numerous Polish FIs were infected after visiting the Polish Supervision Authority (www[.]knf[.]gov[.]pl) -> Watering hole attack -> Custom EK with exploits stolen from Neutrino & RIG ▸ Later on, it was found that other websites were used to carry the same attack: Comisión Nacional Bancaria y de Valores (MX), Banco República (UY) ▸ https://badcyber.com/several-polish-banks-hacked- information-stolen-by-unknown-attackers/

  7. HOW CAN AN IOC LEAD TO ANOTHER? ▸ IOC = www[.]knf[.]gov[.]pl ▸ How can we pivot to find other IOCs (that are less brittle maybe?) knf[.]gov[.]pl MISP Search 1 event hxxp://knf.gov.pl/DefaultDesign/Layouts/ knf[.]gov[.]pl VirusTotal KNF2013/resources/accordian-src.js? ver=11 d4616f9706403a0d5a2f9a872 VirusTotal 47/61 6230a4693e4c95c58df5c753c cc684f1d3542e2 Galaxy Lazarus Group, Target sap[.]misapor[.]ch MISP Search Finance

  8. GET THE SOFTWARE ▸ Cortex is available under an AGPL license ▸ Can be installed using RPM, DEB, Docker image, binary package or built from the source code ▸ Pre-requisites: Linux with JRE 8+, Chrome, Firefox, IE (11), and a decent computer ▸ https://thehive-project.org/

Recommend

Lead Abatement for Workers Course 1 Learning Objectives In this section you will learn:

Lead Abatement for Workers Course 1 Learning Objectives In this section you will learn:

Chapter 1 Lead Abatement for Workers Course 1 Learning Objectives In this section you will learn: What lead is Why lead was used Where lead is found today How you can be exposed to lead About the lead paint problem in the

1.07k views • 103 slides
Arranger, Organising Participant & Joint Lead Manager Joint Lead Manager Joint Lead Manager

Arranger, Organising Participant & Joint Lead Manager Joint Lead Manager Joint Lead Manager

SKYCITY Offer of Fixed Rate Entertainment Seven Year Bonds Group Limited August 2015 Arranger, Organising Participant & Joint Lead Manager Joint Lead Manager Joint Lead Manager Joint Lead Manager Important Information A Product

449 views • 25 slides
Ad-Hoc Networking Project PM Liaison: Mathilde Technical Lead: Jim Research Lead: Megan Design

Ad-Hoc Networking Project PM Liaison: Mathilde Technical Lead: Jim Research Lead: Megan Design

Ad-Hoc Networking Project PM Liaison: Mathilde Technical Lead: Jim Research Lead: Megan Design Lead: Jordan Document Lead: Whitney Last Time Excited to move ahead Meeting with Ko Brainstorming Session Picking an area to work with and

434 views • 16 slides
Preventing Elevated Blood Lead Levels High Level of Lead in Sindoor in Children Tests find more

Preventing Elevated Blood Lead Levels High Level of Lead in Sindoor in Children Tests find more

Lead in the News Preventing Elevated Blood Lead Levels High Level of Lead in Sindoor in Children Tests find more lead in products Funded by the New Jersey Department of Health Physicians 2 -year old son poisoned by lead in their home

143 views • 13 slides
Keep Lead from Keep Lead from Lurking Lurking Lead Testing and Lead Testing and Healthy

Keep Lead from Keep Lead from Lurking Lurking Lead Testing and Lead Testing and Healthy

Keep Lead from Keep Lead from Lurking Lurking Lead Testing and Lead Testing and Healthy Healthy Homes to Help Prevent Childhood Lead Poisoning Homes to Help Prevent Childhood Lead Poisoning Oct 30, 2019 Recharge for Resilience Conference

397 views • 20 slides
Association between childrens blood lead levels lead Association between children s blood lead

Association between childrens blood lead levels lead Association between children s blood lead

Association between childrens blood lead levels lead Association between children s blood lead levels, lead service lines, and water disinfection, Washington, DC, 1998 - 2006 MJ Brown J Raymond D Homa C Kennedy T Sinks MJ Brown, J Raymond,

192 views • 16 slides
Ad-Hoc Networking Project PM, Liason: Mathilde Technical Lead: Jim Research Lead: Megan Design

Ad-Hoc Networking Project PM, Liason: Mathilde Technical Lead: Jim Research Lead: Megan Design

Ad-Hoc Networking Project PM, Liason: Mathilde Technical Lead: Jim Research Lead: Megan Design Lead: Jordan Document Lead: Whitney The Project Create revolutionary applications/services for ad-hoc car networks Demonstrate and prototype the

379 views • 9 slides
Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio

Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio

1 Childhood Lead Poisoning in Ohio 2 Objectives Overview of childhood lead poisoning in Ohio Provide an overview of the Public Health Lead Investigation Process Bring awareness to funding resources for lead hazard control 3

1.35k views • 71 slides
Lead Localization J U L Y 3 R D 2 0 1 2 MARIANA MOSCOVICH Introduction According to our

Lead Localization J U L Y 3 R D 2 0 1 2 MARIANA MOSCOVICH Introduction According to our

Lead Localization J U L Y 3 R D 2 0 1 2 MARIANA MOSCOVICH Introduction According to our protocol and the University of Florida: All DBS lead locations and lead entry angles were meticulously measured on high-resolution, one-month

419 views • 10 slides
Lead Program Summary Regulation No. 19 The Control of Lead Hazards Rick Fatur Aaron Gutierrez /

Lead Program Summary Regulation No. 19 The Control of Lead Hazards Rick Fatur Aaron Gutierrez /

Lead Program Summary Regulation No. 19 The Control of Lead Hazards Rick Fatur Aaron Gutierrez / Rick Coffin January 14, 2014 1 Childhood Lead Poisoning Lead poisoning is the #1 preventable environmental health threat to children today

761 views • 45 slides
Enhancing Person-Centred Care Co-Lead Very Poor Very Good 2 Co-Lead Co-Lead What is

Enhancing Person-Centred Care Co-Lead Very Poor Very Good 2 Co-Lead Co-Lead What is

Enhancing Person-Centred Care Co-Lead Very Poor Very Good 2 Co-Lead Co-Lead What is person-centredness? care that is respectful of and responsive to individual patient preferences, needs and values, ensuring that patient values guide

468 views • 17 slides
HOW 1. Why I attended today. 2. One thing I want to get out of I LEAD todays workshop. 3. One

HOW 1. Why I attended today. 2. One thing I want to get out of I LEAD todays workshop. 3. One

Network Share with three people: HOW 1. Why I attended today. 2. One thing I want to get out of I LEAD todays workshop. 3. One Way I Lead. 2 logos / url social Follow us! AGENDA 8:45AM HOW I LEAD 9:30AM New Hampshire Women in

1.11k views • 52 slides
Inspecting for Lead-based Paint Chapter 1 Course Overview Lead Inspector Chapter 1

Inspecting for Lead-based Paint Chapter 1 Course Overview Lead Inspector Chapter 1

Inspecting for Lead-based Paint Chapter 1 Course Overview Lead Inspector Chapter 1 Course Overview Course Purpose To train inspectors to identify lead in paint (lead-based paint inspections) dust and soil (clearance

1.97k views • 158 slides
Water Quality Update HIST ORY, RU LES, A ND WAT ER SYST EM RESPONSE Health Effects of Lead

Water Quality Update HIST ORY, RU LES, A ND WAT ER SYST EM RESPONSE Health Effects of Lead

Water Quality Update HIST ORY, RU LES, A ND WAT ER SYST EM RESPONSE Health Effects of Lead Lead serves no useful purpose in the human body, and its presence can lead to toxic effects. In children, lead exposure can result in: Behavior

314 views • 9 slides
Preparing Travel Managers to Lead the Change Becky Kopidlansky, Change Champion Lead Andi

Preparing Travel Managers to Lead the Change Becky Kopidlansky, Change Champion Lead Andi

Preparing Travel Managers to Lead the Change Becky Kopidlansky, Change Champion Lead Andi Smetana, Project Manager Tom Thieding, Communication Lead Agenda Change Transition and Reactions Individual Commitment Curve Communicating Change

335 views • 31 slides
A movement for a better future. The he lead lead-up up to 2012 to 2012 was as chaotic.

A movement for a better future. The he lead lead-up up to 2012 to 2012 was as chaotic.

A movement for a better future. The he lead lead-up up to 2012 to 2012 was as chaotic. haotic. Ho How d w do o we tac e tackle kle the str the stress, ess, anx anxiety iety and depression of todays busy life? Spot the ear Spot

448 views • 25 slides
Lead-ins and refrains Telugu songs lead into the refrain in many ways K. V. S. Prasad

Lead-ins and refrains Telugu songs lead into the refrain in many ways K. V. S. Prasad

Lead-ins and refrains Telugu songs lead into the refrain in many ways K. V. S. Prasad Co-authors: Miki Nishioka and Prasanth Kolachina Singer: K. Sumana Prasad SALA-35 @ Paris 29 October 2019 . . . . . . . . . . . . . . . . .

589 views • 19 slides
Drive the Cost Per Lead Down Standing Out from the Crowd Increase Lead Generation Phil

Drive the Cost Per Lead Down Standing Out from the Crowd Increase Lead Generation Phil

Critical Success Factors Drive the Cost Per Lead Down Standing Out from the Crowd Increase Lead Generation Phil DaPipeline VP of Marketing Startupz.com Executive Page LTD -Leads -Traffic -Differentiation Happier person To

383 views • 25 slides
LEAD SOURCES OF EXPOSURE: Lead-based paint Contaminated soil Water service pipes and fixtures

LEAD SOURCES OF EXPOSURE: Lead-based paint Contaminated soil Water service pipes and fixtures

LEAD SOURCES OF EXPOSURE: Lead-based paint Contaminated soil Water service pipes and fixtures Other sources The Roman author Vitruvius reported the health dangers of lead in the first century BC. Hodge, Trevor, A. (October 1981).

701 views • 31 slides
Leaded Vehicular Fuel and the Global Effort to Eliminate Lead Poisoning: Factors constraining the

Leaded Vehicular Fuel and the Global Effort to Eliminate Lead Poisoning: Factors constraining the

The Lead Education and Abatement Design Group Working to eliminate lead poisoning globally and to protect the environment from lead in all its uses: past, current and new uses ABN 25 819 463 114 Leaded Vehicular Fuel and the Global Effort to

590 views • 8 slides
Introduction This course aims to support those who lead (or who hope to lead) research teams. It

Introduction This course aims to support those who lead (or who hope to lead) research teams. It

Introduction This course aims to support those who lead (or who hope to lead) research teams. It applies ideas from some of the classic management texts to the research context. It forms one of a group of three resources:- Motivating

518 views • 23 slides
STEP 2: OPTIMIZE THE LEAD MAGNET 1 Lead Magnet Whats your number? 2 Tripwire

STEP 2: OPTIMIZE THE LEAD MAGNET 1 Lead Magnet Whats your number? 2 Tripwire

STEP 2: OPTIMIZE THE LEAD MAGNET 1 Lead Magnet Whats your number? 2 Tripwire Want to get coffee? 3 Core Offer Can I take you to dinner? 4 Profit Maximizer Will you marry me? 5 Return Path (Flowers, date

586 views • 27 slides
Get the Lead Out: Testing for and Removing Lead in School Water Systems JULY 17, 2017

Get the Lead Out: Testing for and Removing Lead in School Water Systems JULY 17, 2017

Get the Lead Out: Testing for and Removing Lead in School Water Systems JULY 17, 2017 Presenters Dr. Lauren Gambill, Pediatrician, UC Davis John Rumpler, Clean Water Program Director, Environment America Dr. Larry Nyland, Superintendent,

382 views • 37 slides
SMART GOVERNMENT INVOICING: INVOICE PROCESSING PLATFORM LEAD. TRANSFORM. DELIVER LEAD. TRANSFORM.

SMART GOVERNMENT INVOICING: INVOICE PROCESSING PLATFORM LEAD. TRANSFORM. DELIVER LEAD. TRANSFORM.

SMART GOVERNMENT INVOICING: INVOICE PROCESSING PLATFORM LEAD. TRANSFORM. DELIVER LEAD. TRANSFORM. DELIVER LEAD. TRANSFORM. DELIVER LEAD. TRANSFORM. DELIVER LEAD. TRANSFORM. DELIVER LEAD. TRANSFORM. DELIVER Introductions Presenter Organization

752 views • 35 slides

More recommend