Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • External Analysis with VirusTotal Digital Forensics & Incident Response
  • OSINT for Missing Persons (Part 1 – Intro) Open-Source Intelligence
  • TraceLabs Missing Persons 11th of April 2020 Open-Source Intelligence
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Building a MISP Threat Feed Aggregator Blog
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting Frameworks
  • [Part 1] Building a Threat Integration and Testing Lab Build
  • Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks. Digital Forensics & Incident Response

Month: September 2020

What is Cyber Threat Intelligence?

Posted on September 5, 2020 By A.McHugh No Comments on What is Cyber Threat Intelligence?

Intelligence is the enrichment of data or information, its classification and publication by experts within a field. The resultant output is ordinarily a qualitative assessment backed by quantitative metrics, or absolutes which formed part of the data or information it was derived from.

In terms of Cyber Threat Intelligence, this goes beyond the extraction of IOCs, strings, and the generation of cryptographic hashes, and fuzzy hashing – this is the correlation of events, actors, methods, and motives to generate Threat Intelligence which aims to describe the objectives, motives, capability and perhaps the identity of a threat actor.

Read More “What is Cyber Threat Intelligence?” »

Blog

Building a MISP Threat Feed Aggregator

Posted on September 5, 2020 By A.McHugh 1 Comment on Building a MISP Threat Feed Aggregator

Over the last few months I have been working away on several work tasks which have had me hunting for threats within an immensely complex environment. Part of this hunt has involved the analysis and selection of threat feeds for incorporation into other tools to hunt known bad indicators. In this post I will be talking through the deployment of MISP to enable aggregation of threat indicators, and the generation of exports which may be ingested into other platforms.

Read More “Building a MISP Threat Feed Aggregator” »

Blog

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • OSINT for Threat Intelligence Blog
  • Implementing Elastic Cloud and using Elastic Security Build
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting Frameworks
  • Building CCCS’ AssemblyLine for Static Analysis Static Analysis
  • Building a Cuckoo Sandbox Build
  • Using the workflow taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • OSINT for Missing Persons (Part 1 – Intro) Open-Source Intelligence
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme