CSIRT TOOLS KIT
Computer Security Incident Response Teams (CSIRTs) are responsible for receiving and reviewing incident reports, and responding to them as appropriate. These services are normally performed for a defined constituency such as a corporation, institution, educational or government network, region or country, or a paid client. CSIRT services generally fall into three categories - reactive (e.g vulnerability alerts, incident handling); proactive (e.g. intrusion detection, auditing and information dissemination); and security quality management (e.g. risk analysis, disaster recovery planning, and education and training)

Incident handling information
IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets and log files using a message queuing protocol.

Security Incident Response Platform
The Hive is a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner.

Network forensics
NfSen allows you to keep all the convenient advantages of the command line using nfdump directly and gives you also a graphical overview over your netflow data.

Operational intelligence
Use Elastic to search, monitor, analyze and visualize machine data.

The Open Source Security Platform
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Lightweight shipper for network data
Packetbeat is a lightweight network packet analyzer that sends data from your hosts and containers to Logstash or Elasticsearch.

Next tools in progress….
More tools will be added soon
https://csirt-kit.org/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

The “SPEED” SIEM Use Case Framework
SimPle and EffectivE Detection

http://correlatedsecurity.com/content/images/2020/04/SPEED%20Use%20Case%20Framework%20v1.1.pdf


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Microsoft Windows 11 Leaked
Build 21996.1

Download
magnet:?xt=urn:btih:209922c98ec03a2cbf0eebe631f9c1d577795645&dn=21996.1.210529-1541.co_release_CLIENT_CONSUMER_x64FRE_en-us.iso


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

New research finds that ransomware attackers are increasingly shifting from using emails as an intrusion route to purchasing access from other cybercriminal enterprises that have already infiltrated major targets.
Read: https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Blue Team Techniques
1. Identify the attack paths in BloodHound breaking your AD tiering😁
https://github.com/improsec/ImproHound
2. Process Ghosting - New Executable Image Spoofing Attack
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
]-> https://github.com/hasherezade/process_ghosting


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Mitre Att&ck Matrix

Community Threats

https://github.com/scythe-io/community-threats

https://github.com/threat-punter/community-contributions

https://github.com/MISP/MISP

https://github.com/MISP/threat-actor-intelligence-server

https://github.com/MISP/misp-galaxy

https://github.com/mitre/cti

https://gist.github.com/MSAdministrator/5d152ef57e4021c4ffa242aa02e0fb37

https://github.com/Azure/Azure-Sentinel

Tools and Plugin - Free and Commercial

https://github.com/guardicore/monkey

https://github.com/center-for-threat-informed-defense/caldera_pathfinder

https://github.com/mitre/emu

https://www.scythe.io/adversary-emulation

https://github.com/redcanaryco/invoke-atomicredteam

https://github.com/uber-common/metta

https://github.com/NextronSystems/APTSimulator

https://github.com/endgameinc/RTA

https://www.encripto.no/en/downloads-2/tools/

https://github.com/TryCatchHCF/DumpsterFire

https://github.com/jymcheong/AutoTTP

https://mitre.github.io/unfetter/

https://github.com/fugawi/mate

https://github.com/praetorian-inc/purple-team-attack-automation

https://github.com/splunk/attack_range

https://github.com/Telefonica/ATTPwn

https://github.com/mvelazc0/PurpleSharp

https://github.com/timfrazier1/AdversarySimulation

https://github.com/redhuntlabs/RedHunt-OS

https://github.com/Cyb3rWard0g/Invoke-ATTACKAPI

https://github.com/SadProcessor/SomeStuff/blob/master/PoSh_ATTCK.ps1

https://github.com/OTRF/ATTACK-Python-Client

https://github.com/JimmyAstle/Atomic-Parser

https://www.cobaltstrike.com/

https://www.immunityinc.com/services/adversary-simulation.html

https://www.safebreach.com/SafeBreach-Labs-Presenting-New-Hacking-Techniques-and-Adversary-Simulation

https://simspace.com/products-components/

https://attackiq.com/platform/#how-firedrill-works

https://www.picussecurity.com/offensive-manager.html

https://docs.microsoft.com/pt-br/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide

https://tearsecurity.com/index.html

https://www.xmcyber.com/why-haxm/

TTPs Creator

https://mitre-attack.github.io/attack-navigator

https://exploitpack.com/

https://www.metasploit.com/

https://i.blackhat.com/USA-19/Wednesday/us-19-Nickels-MITRE-ATTACK-The-Play-At-Home-Edition.pdf


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.26

Analytics
#5G_Network_Security
AT&T Cybersecurity Insights Report:
"5G and the Journey to the Edge", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

What they see:
CISO , Senior this, Senior that, …

What they don’t see:
The struggle. The figuring it out.

It took me over 15 years to be where I am today. And I feel like I‘ve just started. So much more to learn and grow. So much more to come.

It has not been easy.
And it will probably never be easy.

So if you‘re looking for a career in cybersecurity or any other field -

Please know that everyone is struggling.
Everyone is figuring it out.

And that‘s okay. 🙂


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

Malware analysis
1. Guide to a new Fivehands ransomware variant
https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant
2. Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure

Threat Research
EIP Stack Group OpENer information disclosure vulnerability (PoC for CVE-2021- 21777)
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1234
// information disclosure vulnerability in EIP Stack Group OpENer’s Ethernet/IP UDP handler


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

Whitepaper
A SANS 2021 Report:
"Making Visibility Definable and Measurable", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

Telegram and Psiphon VPN users in #Iran are being targeted by new spyware from Ferocious Kitten—a covert surveillance APT group that's been in play for six years.
Details: https://thehackernews.com/2021/06/a-new-spyware-is-targeting-telegram-and.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

https://docs.microsoft.com/en-us/learn/roles/security-engineer?WT.mc_id=Security%20_Twitter-wwl


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

Offensive security
Compromising Triager Zoom Account (PoC)
https://rakesh-thodupunoori.medium.com/part-1-dive-into-zoom-applications-d70f3de53ec5

Blue Team Techniques
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

این است که اگر کسی را دوست میداری، ـبسیار دوست میداریـ بی حساب دوست بدار اما حساب دوست داشتنت را داشته باش، گاهی.
کسی در کاسه چینی طلا پیشکش نمیکند به در خانه همسایه، که خجل شود از نداری و بهراسد و بگریزد و در خانه بر روش خویش ببندد.


-از کتاب عین عاشقی-


Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

-بدانيم-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.27

Research
"Cryptanalysis of the GPRS Encryption Algorithms GEA-1/GEA-2", 2021.

// GPRS-era mobile data encryption algorithm GEA/1 was 'weak by design', still lingers in today's phones...


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28

Research Report:
"Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries", 2021.


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28

Practical Windows Forensics
Experiments and Forensic Artifacts Windows Registry, Event Logs Analysis Email Forensics And Practical Examples


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28

مثل انرژي گرفتن و لبخند
كمك به يكديگر سرشار از ورودي هاي خاص و متحير كننده✌🏼❤️🙏👍🏽😇
مي شود ساخت گرچه يك دانه گندم در مزرعه🤓


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28

در سازمان شما طبقه بندي اطلاعات انجام شده!؟دارايي ها وزن دارند!؟ انباشت دارايي هاي مهم، اطلاعات و داده مشخص شده!؟

ريسك هاي آن چطور!؟

مسير هاي جلوگيري از نشت اطلاعات و يا دسترسي هاي غير مجاز به دارايي هاي طبقه بندي شده بواسطه ابزار و تكنولوژي مسدود و مديريت شده است!؟


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28

Your platform for software quality management
The best toolbox for building better software. From continuous integration, and continuous analysis to empowering human code reviews with code intelligence
جذاب و كارا
https://scrutinizer-ci.com/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.28