DetectionLab
APTnotes
| DetectionLab | APTnotes | |
|---|---|---|
| 31 | 5 | |
| 4,476 | 3,410 | |
| - | - | |
| 4.4 | 3.1 | |
| about 1 year ago | 4 months ago | |
| HTML | ||
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DetectionLab
-
Cyber Lab Design
I would tell someone they should use a cloud lab like Clong's "Detection Lab" which gives them not only the security aspect but the cloud and engineering aspects as well.
- Home Virtual SIEM Lab Suggestions?
- malware analysis
- Sandbox suggestions for VM isolation & investigations?
- I am kind a lost
-
Work setup
Detection Lab Link: https://github.com/clong/DetectionLab
-
learning splunk. is there a way to "play" with it?
Not sure what your goal with splunk is but I'd recommend Detection lab! Once you get the pre reqs setup, building and tearing down is super easy and you get a pre-baked ad environment to generate logs for you. https://github.com/clong/DetectionLab
-
Tool that automatically generates a realistic office scenario of vms?
I found a great starting point at the repo of DetectionLab : https://github.com/clong/DetectionLab
-
I'm a noob with expensive equipment
While it's true what most are saying, that you don't need a powerful system to learn hacking....... You DO have a valid point that a powerful system enables things a weaker system may not. For example with 64GB of RAM you can run a full network lab simulation such as https://github.com/clong/DetectionLab additionally a solid high end graphics card will let you run things like hashcat a lot faster. In theory you could make a rainbow table. You still need a lot of time to understand all the basics but yeah there's a few cool things you can do with more power it's not ENTIRELY unneeded. I wish I knew about the local defcon group long ago. They're welcoming and some have capture the flags you can play. Understand the various job roles there are in security and figure out which one you like. You get paid to do specific things not just learn about hacking.
-
where does one get experience with SIEM tools
Github DetectioLab
APTnotes
-
Ask HN: What Happened with the Grugq Article?
>with case studies and getting as niche on specific things as possible.
Then definitely you can touch on APT marketplace, unlike the usual zeroday ones, those are -as the name implies, advanced, and mostly are state sponsored, you can find some of these in this sheet [1], or other sources [2] or older ones [3]. Now, for other zero day exploits, you can dig into your typical threat intelligence feeds to have an idea, some of these are daily updated [4] [5] [6] among a lot more of other resources, there are also underground databases for zero day and even APT updated as of yesterday, and also online marketplaces for those where you can buy/sell compromised RDP servers / webmail / cPanels / etc., or even services like smtp-sms for phishing among others, unfortunately, I can’t and won’t list any of these in here for obvious reasons, however, if you dig a little deeper definitely you will find something, just don’t use the usual search engines and normal channels, and get the usual security precautions like sandbox/vpns/etc. when access any of these sites, preferably in an isolated OS too.
And thanks, not expert enough for sure!
[1] https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_S...
[2] https://gist.github.com/Neo23x0/c4f40629342769ad0a8f3980942e...
[3] https://github.com/kbandla/APTnotes
[4] https://bazaar.abuse.ch/browse/
[5] https://www.exploitalert.com/browse-exploit.html
[6] https://threatfox.abuse.ch/browse/
-
Seeking Datasets on Malware
I trained up this repo in my privateGPT - https://github.com/kbandla/APTnotes
- Le Burkina Faso
-
Cybersecurity Repositories
APT Notes
- Les ressortissants russes en France reçoivent en ce moment sur leurs numéros de téléphone russe des demandes pour l'enrôlement dans l'armée en vue de la guerre avec l'Ukraine
What are some alternatives?
DetectionLabELK - DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
data - APTnotes data
vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
ThreatHunter-Playbook - A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.
security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
Adaz - :wrench: Deploy customizable Active Directory labs in Azure - automatically.
osx-and-ios-security-awesome - OSX and iOS related security tools
DVWA - Damn Vulnerable Web Application (DVWA)
awesome-adversarial-machine-learning - A curated list of awesome adversarial machine learning resources
HELK - The Hunting ELK
awesome-iocs - A collection of sources of indicators of compromise.