Monday, September 17, 2018

Free / Open Source Compromise Assessment Tools

OTX ( Open Threat Exchange ):

 

                                     AlienVault provides OTX Endpoint Threat Hunter and its free, fast, and simple.


AlienVault threat hunting service delivers as much threat intelligence power as OTX Endpoint Threat Hunter. It is the Open & free service that natively uses the community-powered threat intelligence of OTX to scan your endpoints for known indicators of compromise (IOCs).

OTX Endpoint Threat Hunter uses the same agent-based approach as expensive endpoint security tools and DIY open source agents without the expense, complexity, or guesswork. 


How It Works
  • OTX Endpoint Threat Hunter is available to any registered Open Threat Exchange (OTX) user. It’s free to join OTX.
  • To get started, download and install the AlienVault® Agent on the Windows or Linux devices you want to monitor. The AlienVault Agent is immediately ready to find threats.
  • You can launch a query on any endpoint from OTX by selecting a pre-defined query that looks for IOCs in one or more OTX pulses.
  • Once launched, the AlienVault Agent executes the query, and the results of the query display on a summary page within OTX.


CERTitude:

 

       is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioral patterns described in IOC (Indicator of Compromise) files. The tool is currently composed of two main components:
  • The Python Flask-based web interface, used to configure the scans and visualize their results;
  • The scanner that connects to remote targets and runs the search for IOCs.
CERTitude is an open-source tool developed by the CERT-Wavestone. It is brought to you freely, but user support is only provided on a best-effort basis.

Compatibility

CERTitude is compatible with a wide range of target Windows operating systems, from XP / 2003 to Windows 10 / Server 2016. Though CERTitude can be run from a Linux host, it is only fully supported on Windows as some features may not be implemented on Linux.

Features:

  • Ability to scan hosts in a way that prevents the target workstation from knowing what the investigator is searching for
  • Ability to retrieve some pieces of data from the hosts
  • Multiple scanner instances (for IOCs and/or hash scans) can be run at the same time for parallel scanning
  • Built with security considerations in mind (protected database, secure communications with hosts using IPSec)


 

 


Monday, September 10, 2018

Free and open-source threat intelligence Feeds / Tools / Frameworks

GOSINT:
              framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).

GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.

Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend.



 Download Link : https://github.com/ciscocsirt/gosint / https://gosint.readthedocs.io/en/latest/index.html

Threatfeeds.io:

                           It's a another Free and open-source threat intelligence feeds.


Ref Link : https://threatfeeds.io/

Yeti:
       is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it.  


Quick install (the command we all love)
$ curl https://raw.githubusercontent.com/yeti-platform/yeti/master/extras/ubuntu_bootstrap.sh | sudo /bin/bash 

 Ref Link : https://yeti-platform.github.io/

TC ( Threat Connect ) Open: 

                                     is a completely free way for individual researchers to get started with threat intelligence. TC Open allows you to see and share open source threat data, with support and validation from our free community.



  • Access to 100+ open source intelligence feeds (OSINT)
  • Access to threat, incident, and adversary data
  • Ability to collaborate or consume active and historic indicators, incidents, and threats
  • Validate your findings with peers in the ThreatConnect Common Community
ThreatConnect wants as many cyber professionals to get into the habit of sharing threat data and intelligence with one another as possible. Together, we are much stronger and more likely to thwart adversaries. We created TC Open to be a completely free, non-threatening way to get started. It is perfect for individual researchers who are just starting and experienced professionals, alike.

Request Link : https://www.threatconnect.com/free/