attack-stix-data
sigma
attack-stix-data | sigma | |
---|---|---|
58 | 41 | |
284 | 7,649 | |
2.8% | 2.0% | |
4.1 | 9.8 | |
12 days ago | 1 day ago | |
Python | Python | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
attack-stix-data
- Mitre ATT&CK: knowledge base of adversary tactics and techniques
-
Mitre attack framework
It mentions it but doesn't dig into the minutiae. If you want to learn about it, visit https://attack.mitre.org/
-
PT and VA, how to do it practically?
Start here: https://attack.mitre.org
-
"The Case for Memory Safe Roadmaps" CIA, FBI & Global Cyber Security agencies pan C/C++
We do have a good idea about what sort of attacks are common. There is a whole framework for how ATP's operate and there are lists of which attack methods they currently prefer to use. https://attack.mitre.org/
-
CTF Challenges: Reconnaissance
At first, I had a difficult time understanding the problem. It had too many acronyms that I wasn't familiar with, so I decided to click on the hint: https://attack.mitre.org.
-
Ask HN: Transitioning from game development to cybersecurity. Tips or advice?
Some thoughts from someone who has been in the security biz for a while:
1. Security is more a mindset than anything else. Get used to finding the edge cases. Think "how can I break this..." or "how can I get around this restriction..." Many security folks I know started actually by exactly what you mentioned- figuring out how to bypass copy protection on games, how to bypass client-side checks in multi-player games, ... and so on.
2. Many pure security folks are very poor developers. You'll have a unique skillset here if you can apply it. Most security oriented folks use Python for quick scripts. If you already know python, great; otherwise, learn it and use that as a marketable skill.
3. I'm not sure about jumping head first into a consultancy. I'd recommend getting some experience in a security field first. It's hard to have credibility without some experience first.
4. Don't bother with security+. If you want creds, go and take your favorite cloud provider's security specialist exam. Cloud security is still relatively new, in high demand, and can get you immediate credibility with employers or clients.
5. I'm a big fan of real-world experience. Set up your own Linux server and try to attack it. Learn what some of the real world attacker techniques are. See some of the following:
Learn the Techniques, Tactics, and Procedures (TTPs) outlined in the MITRE ATT&CK matrix (https://attack.mitre.org/).
There are a LOT of "Capture the Flag" (CTF) events and writeups out there. Search for ones in a subfield you find interesting. Security is a HUGE topic. You'll need to specialize. Do you want to reverse engineer code? Secure cloud applications? Help companies define their identity and access management strategy? There's a CTF for all of those and then some. Do some googling around.
I have a lot more tips, so if you're interested just reply to this comment with a way I can get in touch and I'll reach out.
- Frage an die IT Affinen: Welche Sicherheitssoftware (Virenschutz und Co) ist für PC und Android zu empfehlen?
- List of Every Cyber Attack
- Datto edr
- OWASP Top 10 Security, But For Individuals?
sigma
-
Sigma rules in real life
Sigma rules https://github.com/SigmaHQ/sigma its value, I get it. Here’s a post https://www.linkedin.com/posts/nasreddinebencherchali_detection-blueteam-sigma-activity-7104868070069817344-mn91?utm_source=share&utm_medium=member_desktop detailing that 31 Sigma rules from the Sigma repository are triggering on different stages of the attack as described here https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
-
Looking for feedback on a security-related project idea
Idea: A free and open-source web repository of Sigma detections where users can find, contribute, and suggest edits to detections. All user contributions will go through a StackExchange-style moderation queue. Built-in conversion from Sigma to the query language of your choice.
-
SOC SIEM Use Cases for First Internship
If you want more ideas/inspiration, or even just a starting point for baseline rule logic check out https://github.com/SigmaHQ/sigma https://github.com/SigmaHQ/sigma and look into the different rules folders there.
-
How do you actually threat hunt?
Agreed in general. But with stuff like SIGMA, I'd lean towards stuff should going into git. Better version control, your docs can be markdown and live right next to your threat library, you can strap on CI/CD (so you can deploy/run stuff as part of a pipeline). Confluence is a great start, but it doesn't scale well.
- Open Source SIEM Tools
-
Detection Engineering Source Websites
Have a look a sigma rules: https://github.com/SigmaHQ/sigma
- Scheduling query to look for whenever net group is ran.
- Scheduling querying that looks for anytime net group is ran.
-
3CX Customers suffering intrusions
Sigma: https://github.com/SigmaHQ/sigma/pull/4151/files Yara: https://github.com/Neo23x0/signature-base/blob/master/yara/gen\_mal\_3cx\_compromise\_mar23.yar source: https://twitter.com/cyb3rops/status/1641130326830333984?s=20
-
Any Suggestions On Creating A Detection Rule In Defender For CVE-2023-23397
I created a Defender Advanced Hunting query based of the Sigma rule https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_rundll32_webdav_client_susp_execution.yml
What are some alternatives?
PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Awesome-Hacking - A collection of various awesome lists for hackers, pentesters and security researchers
sysmon-config - Sysmon configuration file template with default high-quality event tracing
attack-flow - Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
fibratus - A modern tool for Windows kernel exploration and tracing with a focus on security
wazuh-ruleset - Wazuh - Ruleset
VECTR - VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
velociraptor - Digging Deeper....
heimdall2 - Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.
OpenSIEM-Logstash-Parsing - SIEM Logstash parsing for more than hundred technologies