Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build
  • OSINT for Threat Intelligence Blog
  • Exporting Maltego Graphs to MISP Intelligence
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks. Digital Forensics & Incident Response
  • [Part 1] Building a Threat Integration and Testing Lab Build
  • Building a Cuckoo Sandbox Build
  • Building a parallel-analysis Cuckoo server Digital Forensics & Incident Response

Month: April 2022

Auto-updating Ubuntu 20.04 in less than 2 minutes

Posted on April 26, 2022April 26, 2022 By A.McHugh No Comments on Auto-updating Ubuntu 20.04 in less than 2 minutes

If you are like me and deploy lots of small instances of VMs all over the place for various functions, you will find applying updates to them all consistently and in a responsive manner a logistical issue. Fortunately, there is an auto-update function within Ubuntu which can be configured in a few minutes.

Read More “Auto-updating Ubuntu 20.04 in less than 2 minutes” »

Operate

Feeding Analysis Information Leak (AIL) Framework

Posted on April 24, 2022May 13, 2022 By A.McHugh No Comments on Feeding Analysis Information Leak (AIL) Framework

I have been playing with CIRCL’s AIL Framework recently (which I will be writing about in another blog post), but I have had an interest in monitoring Telegram channels for Threat Intelligence and Data Breach indicators.

AIL has a very capable framework to detect indicators within processed information using a suite of very comprehensive Yara rules – but unless you want to copy and paste Telegram messages into AIL all day, some level of automation is required.

There is where the feeders come into play!

Read More “Feeding Analysis Information Leak (AIL) Framework” »

AIL Framework

An Introduction to Threat Intelligence

Posted on April 16, 2022April 16, 2022 By A.McHugh No Comments on An Introduction to Threat Intelligence

You will have seen the advertisements as you’re browsing the Internet and will have seen the vendors at various conferences and trade shows spruiking Threat Intelligence as the way to detect the bad guys in your environment, or their product/service delivering highly enriched intelligence relevant to your organisation. But what is Threat Intelligence really? And just how well refined does it need to be?

Read More “An Introduction to Threat Intelligence” »

Threat Intelligence

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • [Part 1] Building a Threat Integration and Testing Lab Build
  • Loading Windows Event Logs to Elasticsearch Digital Forensics & Incident Response
  • OSINT for Threat Intelligence Blog
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Deploying (and using) TheHive4 [Part 1] Build
  • Hardening TheHive4 and Cortex for public deployment Build
  • Exporting Maltego Graphs to MISP Intelligence

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme