Monday, August 27, 2018

Active Directory (AD) Security audit tool - PingCastle

PingCastle:

   is a free, Windows-based utility to audit the risk level of your AD infrastructure and check for vulnerable practices.

How its Works :

 


You can run it on an ad-hoc basis to generate a detailed HTML report, but that's just the tip of the iceberg. It can be used to schedule reports and email them (or push them to webdav shares), create spreadsheets, or even automatically create PowerPoint presentations of the data.


PingCastle AD Security Maturity Model:







It's a simple zipped download that you can just run as a normal domain user, no install required.




 https://www.pingcastle.com/PingCastleFiles/PingCastle_2.5.1.0.zip

How to Execute / Run :

https://www.pingcastle.com/download/command-line-mode/
Posted by at
Labels: , , , ,

Tuesday, August 14, 2018

Free Indicators of Compromise (IOC) Tools - FireEye

IOC Finder

FireEye Indicators of Compromise (IOC) Finder is a free tool for collecting host system data and reporting the presence of IOCs. IOCs are open-standard XML documents that help incident responders capture diverse information about threats.


The IOC Finder features:
  • Collection of full data, sufficient for general IOC matching requirements
  • Usage of a portable storage device for collection from multiple hosts
  • IOC hit reporting in simple text, full HTML and full MS Word XML formats
  • Generation of reports for specific hosts or all hosts

Download Link : https://www.fireeye.com/services/freeware/ioc-finder.html

IOC Editor

 
FireEye Indicators of Compromise (IOC) Editor is a free tool that provides an interface for managing data and manipulating the logical structures of IOCs. IOCs are XML documents that help incident responders capture diverse information about threats, including attributes of malicious files, characteristics of registry changes and artifacts in memory.

The IOC Editor includes:
  • Manipulation of the logical structures that define the IOC
  • Application of meta-information to IOCs, including detailed descriptions or arbitrary labels
  • Conversion of IOCs into XPath filters
  • Management of lists of “terms” used within IOCs
 Download Link : https://www.fireeye.com/services/freeware/ioc-editor.html

IOC Writer

IOC Writer provide a python library that allows for basic creation and editing of OpenIOC objects.

Provide a python library that allows for basic creation and editing of OpenIOC objects. It supports a basic CRUD (Create, Read, Update, Delete) for various items.
Items do not have built in Read operations, since all items can be accesed with built in ElementTree syntax or the use of XPATH to select portions of the IOC.

Download Link : https://github.com/mandiant/ioc_writer























































Posted by at
Labels: , , , , , , , ,

Friday, August 10, 2018

Packet Capture ( PCAP ) File Analysis Tools

PacketTotal:

                  allows you to upload a PCAP, or packet capture, file and have it automatically analyzed and parsed against BRO IDS and Suricata signatures in order to provide information on what may have been detected in the capture file.

                         


URL : https://packettotal.com/

Microsoft Message Analyzer:

 is the successor to Microsoft Network Monitor. It is helpful in capturing, displaying, and analyzing protocol messaging traffic and other system messages. It is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well.
                  




              

Message Analyzer can certainly be used to analyze .pcap files.  The tool is generic and not specific to Microsoft, but certainly more focus is put on the Windows scenarios so Microsoft related parsers are kept up to date.  However, you can analyze virtually any kind of data, going beyond network captures like EVT, ETW, CSV and many more.

Tools -> Options -> Parsing

Download Link : https://www.microsoft.com/en-in/download/details.aspx?id=44226

CapAnalysis:

               is a web visual tool for information security specialists, system administrators and everyone who needs to analyze large amounts of captured network traffic.



                      

CapAnalysis performs indexing of data set of PCAP files and presents their contents in many forms, starting from a list of TCP, UDP or ESP streams/flows, passing to the geo-graphical representation of the connections.

CapAnalysis is Open Source.

Download Link : https://www.capanalysis.net/ca/#download 

 Tcpdump

                a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

                 

Its a premier network analysis tool.

Download Link : http://www.tcpdump.org/#latest-releases


PCAP Analyzer:

  is a fully graphical tool that has been developed by Daniel Botterill as part of his MSc Computer Security degree, it has been designed to take in a PCAP capture file and report back any malicious behaviour identified.
It includes the following major features:

  • Displaying of packets with support for major protocols
  • Reassembly of TCP/UDP streams and HTTP response/reply streams
  • Detection of ICMP IPV4/IPV6 address sweeps
  • Importable blacklists with settable formats
  • Detection of denial of service attacks
  • Detection of domain name fluxing & similar domains detection
  • Detection of downloaded files with support for file identifier and virus scanner input
  • Detection of port scans & port knocks
  • Detection of single fast fluxing domains & multiple IP usage domains
  • Automated parsing of Snort log for PCAP files
  • Detection of various traffic patterns: constant HTTP requests, multiple Host User-Agent Referer requests and TCP/UDP similar messages
  • Draggable and filterable network map displaying computers, connections and malicious behaviour
  • Malware release automation (Windows Only)
  • Malicious behaviour summary & uncategorised traffic


Posted by at
Labels: , , , , ,
Subscribe to: Posts (Atom)