Friday, August 21, 2020

Open Sources Tool - Stringlifier & Tripod

 Stringlifier:

                             a python based tool/module help to analyzing security and application logs, or when attempting to discover credentials that might have been accidentally exposed. 


Typical usage scenarios include:

  • Sanitizing application or security logs
  • Detecting accidentally exposed credentials (complex passwords or api keys)


It detects code/text that resembles a randomly generated string in any plain text. It uses machine learning to distinguish between normal and random character sequences. It can also be adapted for more fine-grained classifications (password, API key, hash, etc.). 


“1e32jnd9312”, “32189321-DEF3123-9898312”, “ADEFi382819312.” Do these strings seem familiar? They could be hashes, random generated passwords, API keys, or many other types of strings. You can usually spot them in logs, command lines, configuration files, and source code. Whether you are analyzing security and application logs or you are hunting for accidentally exposed credentials, they can, unfortunately, make your life a lot harder. This is because building a search pattern for something random is a particularly hard task.


Download Link : 

https://github.com/adobe/stringlifier


Tripod:

 is a tool/ML model for computing latent representations for large sequences. It has been used on source code and text and it has applications such as:

  • Malicious code detection
  • Sentiment analysis
  • Information/code indexing and retrieval
  • Anomaly Detection/ Unsupervised Learning

Monday, June 8, 2020

Open Source Microservices Tool - Istio

Istio 

        is an open platform that provides a uniform way to connect, manage, and secure microservices.



Istio provides the underlying secure communication channel, and manages authentication, authorization, and encryption of service communication at scale. With Istio, service communications are secured by default, letting you enforce policies consistently across diverse protocols and runtimes – all with little or no application changes.




Istio lets you connect, secure, control, and observe services.



While Istio is platform independent, using it with Kubernetes (or infrastructure) network policies, the benefits are even greater, including the ability to secure pod-to-pod or service-to-service communication at the network and application layers.

Ref Link : 


Download Link :




Sunday, May 31, 2020

Docker / Containers- Security Analysis and Vulnerability Assessment Tools

DockerScan: 

            A Docker analysis tools to detect vulnerabilities in Docker images and Docker registries.


Very quick install

> python3.5 -m pip install -U pip
> python3.5 -m pip install dockerscan

Show options:

> dockerscan -h

Docker Demo

Available actions

Currently Docker Scan support these actions:

  • Scan: Scan a network trying to locate Docker Registries.

  • Registry
    • Delete: Delete remote image / tag
    • Info: Show info from remote registry
    • Push: Push an image (like Docker client)
    • Upload: Upload a random file

  • Image
    • Analyze: Looking for sensitive information in a Docker image.
      • Looking for passwords in environment vars.
      • Try to find any URL / IP in the environment vars.
      • Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.

      • Extract: extract a docker image

      • Info: Get a image meta information

    • Modify:
      • entrypoint: change the entrypoint in a docker
      • trojanize: inject a reverser shell into a docker image
      • user: change running user in a docker image



Friday, May 15, 2020

DevSecOps Static Code Analysis Tool - Checkov

Checkov:

              It help to scans cloud infrastructure provisioned using Terraform, Cloudformation or kubernetes and detects security and compliance misconfigurations.




Simple and open-source


Checkov is written in Python and provides a simple method to write and manage codified, version-controlled policies.

Features

  • 100+ built-in policies cover security and compliance best practices for AWS, Azure & Google Cloud.
  • Scans Terraform and AWS CloudFormation configurations.
  • Scans for AWS credentials in EC2 Userdata, Lambda environment variables and Terrafrom providers
  • Policies support evaluation of variables to their optional default value.
  • Supports in-line suppression of accepted risks or false-positives to reduce recurring scan failures. Also supports global skip from using CLI.
  • Output currently available as CLI, JSON or JUnit XML.



                                         Image Source : https://www.checkov.io/





Monday, November 11, 2019

SIEMonster V4 - Free | Open Source Security Incident and Event Management (SIEM)

SIEMonster Security Information and Event Management (SIEM):

                                                                                              built on customizable, components. Included is UEBA, Bro, Suricata, The Hive, Cortex, Apache Ni-Fi, Kafka, MISP and Wazuh.


SIEMonster provides Community Edition is a single appliance or Virtual machine, for companies from 1-100 endpoints. It is completely free to use.



 SIEMonster is a collection of the best open source security tools and our own development as professional hackers to provide a SIEM for everyone. We showcase the latest and greatest tools for security professionals and our Community Edition v.4 Fully Loaded has it all. Designed for smaller organizations, charities, classrooms or even those who just want to check out our Fully Loaded SIEM. This edition is completely free, for the community and to be supported by the community.



Community Edition gives you the ability to monitor all network assets in an affordable scalable solution. This single server solution makes it easier for organizations who only have 1-100 endpoints. To access the Community Edition you will need to sign up to the Community Portal, which is available via the download button on our website. There you will also find all the resources you will need to help install and learn about SIEMonster. We have created an admin guide and videos for you. You are also encouraged to interact with other Community Edition users for support or just share how you are using the SIEM and even help out another user, after all that’s what Community is all about.

SIEMonster’s slogan is SIEM for everyone and this is why our prices are so affordable. Whether you are a small, medium or large enterprise we have the right product and licensing for you.

Pre Requisites :

You will need a minimum of 32GB RAM and 8 VCPU’s of power.

Note: Community edition will monitor up to 100 endpoints at 5,000 EPS as it’s designed to give you a taste and allow you to play with the product for as long as you like.

When you’re ready to get serious, let us know, and we’ll help you with our other editions.

Reference : Docs | Videos

https://siemonster.knowledgeowl.com/help

Download Link:

https://go.siemonster.com/Community-Edition

Sunday, November 3, 2019

Apache Metron - Open Source Big Data Security Analytics Framework

Apache Metron:

                           integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Metron provides capabilities for log aggregation, full packet capture indexing, storage, advanced behavioral analytics and data enrichment, while applying the most current threat intelligence information to security telemetry within a single platform.

Logical Architecture 

 Apache Metron can be used as a SIEM system. It offers a variety of options that make up a SIEM system. First, you can save data over a long period of time.

Some Features:

 
Because Apache Metron is designed as a big data solution, the open source solution can handle data lakes too. 



Simply put, data lakes are an in-house storage option for all data and sources. Business users can access and analyze the data based on their permissions. Usually the data in Data Lake is unmodified, so it will not be transformed. The Data Lake is accessed by various analysis tools, which convert the data for their own use. 

 Nice Intro Video 




Current Release: 0.7.1

 Download Link : 

https://archive.apache.org/dist/metron/

https://github.com/apache/metron


 

Wednesday, October 30, 2019

CloudSeeker - Free tool

CloudSeeker:

           A free tool that gives enterprises visibility into cyber exposure caused
 by the proliferation of cloud services and ability to tackle the visibility gap
 caused by unsanctioned IT.
 
 
 

Cofense CloudSeeker - free utility starts with a catalog of popular SaaS applications and checks each to see if a domain has been configured for use. Once the scan is complete, export the data for a better understanding of potential issues.

CloudSeeker Helps:

  • Give insight into which apps are in use

  • Uncover applications provisioned without IT’s knowledge

  • Uncover risks to your organization

    Link : https://cofense.com/cloudseeker/