If you are like me and deploy lots of small instances of VMs all over the place for various functions, you will find applying updates to them all consistently and…
Feeding Analysis Information Leak (AIL) Framework
I have been playing with CIRCL's AIL Framework recently (which I will be writing about in another blog post), but I have had an interest in monitoring Telegram channels for…
An Introduction to Threat Intelligence
You will have seen the advertisements as you're browsing the Internet and will have seen the vendors at various conferences and trade shows spruiking Threat Intelligence as the way to…
Deploying MISP on DigitalOcean or Vultr Cloud Hosting
I have found myself deploying MISP on very small instances lately, mostly to function as a clearinghouse for intelligence I have been generating. So it begs the question - Does…
Building CCCS’ AssemblyLine for Static Analysis
System Requirements For this build, I will be deploying AssemblyLine on my bare-metal hypervisor exposed to the Internet. This is not always a good idea, however, my build will be…
Hardening TheHive4 and Cortex for public deployment
In this post, I talk about hardening TheHive and Cortex for an Internet-accessible deployment. This includes the application of TLS v1.2+ and the configuration of multi-factor authentication. Cortex can be…
[Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Within a…
Using the workflow taxonomy in MISP
In the context of MISP, intelligence handling usually requires a set of stages for that information to be handled effectively. This can be addressed procedurally through a workflow. Understanding how…
Using the Estimative Language Taxonomy in MISP
According to the MISP taxonomies listing for Estimative Language, this taxonomy is used to descrie the quality and credibility of the underlying information sources, data, and methodologies as described under…
Using the Data Classification Taxonomies in MISP
Data classification is broadly defined as the process of organising data by relevant categories so that it may be used and protected more efficiently. On a basic level, the classification…