Jump to content


Active Members
  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by gigiRoman

  1. MISP - Malware Information Sharing Platform and Threat Sharing Latest Release Travis Gitter Twitter Contributors License MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs. MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are: An efficient IOC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence. Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis. attacks campaigns or analysis. Correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can be also enabled or event disabled per attribute. A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements. Built-in sharing functionality to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a flexible sharing group capacity and an attribute level distribution mechanisms. An intuitive user-interface for end-users to create, update and collaborate on events and attributes/indicators. A graphical interface to navigate seamlessly between events and their correlations. Advanced filtering functionalities and warning list to help the analysts to contribute events and attributes. storing data in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector. export: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), STIX (XML and JSON), NIDS export (Suricata, Snort and Bro) or RPZ zone. Many other formats easily added via the misp-modules. import: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV. Many other formats easily added via the misp-modules. Flexible free text import tool to ease the integration of unstructured reports into MISP. A gentle system to collaborate on events and attributes allowing MISP users to propose changes or updates to attributes/indicators. data-sharing: automatically exchange and synchronization with other parties and trust-groups using MISP. delegating of sharing: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization. Flexible API to integrate MISP with your own solutions. MISP is bundled with PyMISP which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes. Adjustable taxonomy to classify and tag events following your own classification schemes or existing classification. The taxonomy can be local to your MISP but also shareable among MISP instances. Intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events in MISP. Expansion modules in Python to expand MISP with your own services or activate already available misp-modules. Sighting support to get observations from organizations concerning shared indicators and attributes. Sighting can be contributed via MISP user-interface, API as MISP document or STIX sighting documents. STIX support: export data in the STIX format (XML and JSON). Additional STIX import and export is supported by MISP-STIX-Converter or MISP-Taxii-Server. Integrated encryption and signing of the notifications via GnuPG and/or S/MIME depending of the user preferences. Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others team or organizations who already analyzed a specific malware. A sample event encoded in MISP: Website / Support Checkout the website for more information about MISP software, standards, tools and communities. Information, news and updates are also regularly posted on the MISP project twitter account or the news page. Documentation MISP user-guide (MISP-book) is available online or as PDF or as EPUB or as MOBI/Kindle. For installation guide see INSTALL or the download section. Contributing If you are interested to contribute to the MISP project, review our contributing page. There are many ways to contribute and participate to the project. Please see our Code of conduct. Feel free to fork the code, play with it, make some patches and send us the pull requests via the issues. Feel free to contact us, create issues, if you have questions, remarks or bug reports. There is one main branch: 2.4 (current stable version): what we consider as stable with frequent updates as hot-fixes. and features are developed in separated branches and then regularly merged into the 2.4 stable branch. License This software is licensed under GNU Affero General Public License version 3 Copyright (C) 2012 Christophe Vandeplas Copyright (C) 2012 Belgian Defence Copyright (C) 2012 NATO / NCIRC Copyright (C) 2013-2018 Andras Iklody Copyright (C) 2015-2018 CIRCL - Computer Incident Response Center Luxembourg Copyright (C) 2016 Andreas Ziegler For more information, the list of authors and contributorsis available.
  2. Imagine you are sitting at your desk and come across a great command line tip that will assist you in your career as an information security professional, so you jot the tip down on a note, post-it, or scrap sheet of paper and tape it to your white board... now imagine you do this all the time until your white board is completely full of useful tips you've found and can use daily. That is the concept behind the SANS Pen Test Poster: White Board of Awesome Command Line Kung-Fu created by the SANS Pen Test Instructors. Each tip was submitted by the Pen Test Instructors and curated by SANS Fellow, Ed Skoudis. We are giving you a complete white board full of tips you can use to become a better InfoSec professional. This poster is the 2016-2017 SANS Pen Test Poster and the printed version has been given away at SANS Training Events, Information Security Conferences, and sent in the mail to thousands of SANS Alumni. Now it is available for you to download. Download PDF - PENT-PSTR-WHITEBOARD-V3-0118_web.pdf Additional Educational Posts based on the Poster: Python: "White Board" - Python - Python Debugger "White Board" - Python - Python Reverse Shell! "White Board" - Python - Pythonic Web Server "White Board" - Python - Raw Shell -> Terminal "White Board" - Python - Pythonic Web Client Bash: "White Board" - Bash - Useful IPv6 Pivot "White Board" - Bash - Encrypted Exfil Channel! "White Board" - Bash - What's My Public IP Address? "White Board" - Bash - Bash's Built-In Netcat Client "White Board" - Bash - Check Service Every Second "White Board" - Bash - Make Output Easier to Read "White Board" - Bash - Website Cloner "White Board" - Bash - Sudo... Make Me a Sandwich "White Board" - Bash - Find Juicy Stuff in File System CMD.exe: "White Board" - CMD.exe - C:\> netsh interface "White Board" - CMD.exe - C:\> wmic process PowerShell: "White Board" - PowerShell - Add a Firewall Rule "White Board" - PowerShell - Built-in Port Scanner! "White Board" - PowerShell - Get Firewall Rules "White Board" - PowerShell - One-Line Web Client "White Board" - PowerShell - Ping Sweeper! "White Board" - PowerShell - Find Juicy Stuff in the File System Desktop Wallpapers based on Poster: Bash, PowerShell, Python... https://pen-testing.sans.org/blog/2018/01/17/sans-poster-white-board-of-command-line-kung-fu-pdf-download/
  3. gigiRoman

    Ajutor program java

    Atributul static al unei clase este valabil pentru toate instantele clasei. Deci numele studentului nu are cum.
  4. gigiRoman

    Baze de date

  5. https://files.fm/u/d7x8hjpn
  6. gigiRoman

    Kali Linux

  7. gigiRoman

    Decompilare aplicatie Android

    Eu mi le decompilam online. https://www.google.ro/search?q=online+decompile+apk&oq=online+decompl&aqs=chrome.2.69i57j0l3.4300j0j7&client=ms-android-google&sourceid=chrome-mobile&ie=UTF-8
  8. gigiRoman

    [PYTHON] Beat the Roulette for fun !

    Cred ca tine de "teoria probabilitatilor" de la analiza matematica.
  9. gigiRoman

    Cum continui o bucla for daca s-a intrerupt ?

    De ce nu automatizezi cookieurile cu selenium? Prea mult lucru manual strica.
  10. gigiRoman

    Cum continui o bucla for daca s-a intrerupt ?

    Foloseste o stiva: cand ai nevoie de element faci pop, cand iti da eroare faci push inapoi in stiva si ceri iar cookieuri, principiul lifo. Mai poti folosi si queue, dar fifo e mai naspa. Bafta!
  11. gigiRoman

    AJUTOR: Decodare javascript ?

    Stringul se schimba? E one time? Care sunt pasii?
  12. gigiRoman

    Informatica la academia militara

    La atm daca faci 4 ani trebuie sa semnezi contract cu beneficiarul pentru 8 ani. Daca vrei sa pleci din sistem ai de platit 1000 € pentru fiecare an de contract nerespectat. Faci c++, java, asm. In principiu iesi destul de pregatit daca esti interesat. Leprele ies la fel cum intra. Eu am facut masterul la ei, cel de infosec, si am ramas placut surprins de calitatea oamenilor (cadre didactice si absolventi de licenta). Trebuie sa fii pregatit pentru niste ani grei. Repartita la serviciu dp licenta se face in functie de medii.
  13. gigiRoman

    JS Decode ?

    Pare a fi obfuscare de variabile.
  14. gigiRoman

    Facultate IT ID

    Daca faci la id nu scrie pe diploma.
  15. gigiRoman

    Activare Buton in Visual Studio

  16. gigiRoman

    Activare Buton in Visual Studio

    Da control+shift+f si scrie in casuta de find "Load", la options dai entire solution si dupa ce gasesti functia de load in corpul ei bagi ce a scris @Wav3
  17. gigiRoman

    Bitcoin is the greatest scam in history

    Asta nu e argument man, e ca la hainele cele noi ale imparatului. Care zice ca imparatul e in pula goala e prost. Cei mai buni profi din facultate stiau sa explice simplu si elegant. O minte slaba iti va zice mereu ca e prea complicat sa intelegi.
  18. gigiRoman

    Bitcoin is the greatest scam in history

    "When your taxi driver is telling you to buy stock, you know it's time to sell" Restul e cancan.
  19. gigiRoman

    Bitcoin is the greatest scam in history

    Asa zic si dependentii de jocuri de noroc. Asa ziceau si aia care bagau la caritas. Am un prieten care joaca la pariuri care mi-a zis asa: "inca doua milioane si sunt pe zero".
  20. gigiRoman

    parsare url cu xml Xamarin

    Uite ce zice Lori: https://forums.xamarin.com/discussion/46042/missing-assembly-reference-for-system-xml Bafta!
  21. gigiRoman

    parsare url cu xml Xamarin

    Il parsezi cu c#: https://stackoverflow.com/questions/55828/how-does-one-parse-xml-files
  22. gigiRoman

    [C#]Problema File.OpenRead

    Ii dai run as admin la visual studio la pornire? Sau cacaturile astea? https://stackoverflow.com/questions/2818179/how-do-i-force-my-net-application-to-run-as-administrator <requestedExecutionLevel level="asInvoker" uiAccess="false" /> OR <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> OR <requestedExecutionLevel level="highestAvailable" uiAccess="false" /> Si mai era chestia asta de adaugai un 21 la shortcut si facea treaba: https://stackoverflow.com/questions/2818179/how-do-i-force-my-net-application-to-run-as-administrator Bafta!
  23. https://stackoverflow.com/questions/12450510/why-is-it-so-easy-to-decompile-java-code Da o geana pe cartea asta: https://www.google.ro/url?sa=t&source=web&rct=j&url=https://repo.zenk-security.com/Virus-Infections-Detections-Preventions/Malware%20Analyst's%20Cookbook.pdf&ved=2ahUKEwjv-rrHsNXaAhWFKVAKHYG3Cj8QFjAAegQIBxAB&usg=AOvVaw1iBHiegWqnTGrAvuTxYf8T Nu strica.
  24. Incearca sa il urmaresti cu process monitor de la sysinternals.
  25. gigiRoman

    sms bomber