Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • Building a Cuckoo Sandbox Build
  • Security Orchestration with Shuffle.io Design
  • An Introduction to Threat Intelligence Threat Intelligence
  • Feeding Analysis Information Leak (AIL) Framework AIL Framework
  • Building a parallel-analysis Cuckoo server Digital Forensics & Incident Response
  • Building a Cuckoo Malware Analysis Server Digital Forensics & Incident Response
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build

Month: April 2021

[Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise

Posted on April 28, 2021 By A.McHugh 1 Comment on [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
  1. [Part 1] Building a Threat Integration and Testing Lab
  2. [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
  3. [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
  4. [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform

As a bake off for the Threat Lab and Incident Response capabilities, we will also be installing Splunk Enterprise. This will be in the 30 day trial mode, so it would be advisable to seek advice from your Splunk sales representative prior to using this installation in a production environment.

Read More “[Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise” »

Build

[Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)

Posted on April 28, 2021 By A.McHugh 1 Comment on [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
  1. [Part 1] Building a Threat Integration and Testing Lab
  2. [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
  3. [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
  4. [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform

You can potentially use a Cloud-hosted instance of Elastic Cloud Enterprise, however since I am trying to avoid putting this environment on the Internet, I will be building ECE in my home lab environment.

Read More “[Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)” »

Build

[Part 1] Building a Threat Integration and Testing Lab

Posted on April 28, 2021 By A.McHugh No Comments on [Part 1] Building a Threat Integration and Testing Lab
  1. [Part 1] Building a Threat Integration and Testing Lab
  2. [Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
  3. [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
  4. [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform

For this article and subsequent articles, I will be talking through the installation, configuration, and integration components in building an integrated threat and incident response lab. The primary purpose of this lab is to be able to replay malicious attack data into a SIEM environment (Splunk and Elastic will be used) and then generate appropriate alerts and actions within those SIEMs for an analyst to action. In addition, both SIEMS will be integrating MISP as a Threat Intelligence Platform to consume enriched intelligence and store and process newly generated intelligence from the lab.

Read More “[Part 1] Building a Threat Integration and Testing Lab” »

Build

Building Structured Threat Intelligence (STIX) from FBI notices

Posted on April 27, 2021 By A.McHugh No Comments on Building Structured Threat Intelligence (STIX) from FBI notices

Intelligence is pretty much everywhere in unstructured formats, and this can be in informal blog posts, tweets, and even within FBI or US Treasury documents. In this article, I am going to describe how to build a transferrable STIX object from the FBI’s Most Wanted website.

Read More “Building Structured Threat Intelligence (STIX) from FBI notices” »

MISP - Open Source Threat Intelligence Platform

Security Orchestration with Shuffle.io

Posted on April 24, 2021 By A.McHugh No Comments on Security Orchestration with Shuffle.io

For this post I will be talking through the deployment and configuration of Shuffler.io in a self-hosted configuration.
Shuffler.io is a Security Orchestration Automation and Response (SOAR) platform which allows integrations with a number of OpenAPI services (two-way) to better expedite mundane and mandrolic tasks within a Security Operations Centre.

In this implementation, I will talking through the basics of installation and configuration, and some very basic testing through it’s interface.

Read More “Security Orchestration with Shuffle.io” »

Design

Building a Cuckoo Malware Analysis Server

Posted on April 7, 2021 By A.McHugh No Comments on Building a Cuckoo Malware Analysis Server

I have written this guide a few times in the past, but here is a revised version with some notable inclusions based on more recent experiences with Cuckoo. I have some Github repositories too which aim to expedite the process, but have a read nonetheless and see just how easy and quick it can be…

Read More “Building a Cuckoo Malware Analysis Server” »

Digital Forensics & Incident Response

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • OSINT for Threat Intelligence Blog
  • Building a Cuckoo Sandbox Build
  • Using the Course of Action Taxonomies in MISP MISP - Open Source Threat Intelligence Platform
  • [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise Build
  • An Introduction to Threat Intelligence Threat Intelligence
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build
  • Using the Data Classification Taxonomies in MISP MISP - Open Source Threat Intelligence Platform
  • Threat hunting with Elasticsearch and Kibana (Part 1) Digital Forensics & Incident Response

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme