MISP VS CyberChef

MISP is an open-source solution to streamline the acquisition, retention, distribution, and collaborative exchange of critical cybersecurity indicators and threats. Timely-Lychee-5204 considers it "a threat intelligence platform for gathering, sharing, storing, and correlating indicators of compromise."

MISP https://www.misp-project.org/

It sounds like you want to jump into game development before learning how to write "Hello, world!". Try using any of the open source tools that already do this and sign up for some "free" threat intel tools and learn the lay of the land. https://www.misp-project.org/ https://github.com/OpenCTI-Platform/opencti https://iplists.firehol.org/ https://www.greynoise.io/

Yes but … the frontend/ui is still trying to check the health of each process by checking in /proc/{PID} like in previous and shows that the process maybe start but it couldn’t check if it’s alive or not. An issue was created and we’re waiting for the patch to be integrated in a future version.

You could use MISP to collect events and IOCs about threat actors and map their activity using Mitre ATTAC&K. Once you start building a knowledge base you can mainly focus on Threat actors who are interested in your sector.

Is it possible to feed MISP with CrowdSec’s IOC lists?

Also forgot to include this, for the blog post - yeah it should go up there soon. Until then it's to be found here: https://github.com/MISP/MISP/releases/tag/v2.4.160

Then we take the encrypted text and use CyberChef to decrypt it.

Let's go to CyberChef and insert our pieces of evidence.

A parameter was changed from '2AMBCgIQBg' to 'CgIIAdgDAQ%3D%3D' which is just the correct base64 encoding they should have been using the entire time.

I don't think this was a hostile action by Google, I think someone just added better input validation for security reasons and it accidently broke the bad requests they were sending.

https://gchq.github.io/CyberChef/#recipe=URL_Decode()From_Ba...

❗This is indeed the flag, but the text is encrypted with Base64. Usually, the presence of padding character "=" indicates that's Base64 type of encoding (but that's only one of the hints). To decrypt it, we can use CyberChef. Copy-paste the text and we either:

It uses a combination of magic bytes (like the `file` command), entropy analysis and character frequency detection to determine whether an output is likely to be of interest to the user.

The file type mechanism is written here[0]. There's a list of all signatures we detect here[1].

[0] https://github.com/gchq/CyberChef/blob/master/src/core/lib/F...

I think this can be deciphered using CyberChef...