darklightcyber.com
Cybersecurity Tower of Babel
https://www.darklightcyber.com/blog/cybersecurity-tower-of-babel
Company and Industry News. Cybersecurity Tower of Babel. Cybersecurity Tower of Babel. Fa icon="clock-o"] Jul 14, 2016 3:30:00 AM. Fa icon="user"] Ryan Hohimer. If you think there is an easy solution to the complex problems of cybersecurity and cyber defense, you need to think again. There is no easy button for cybersecurity; no quick solution for cyber defense. Is no different, if you want to be proficient in cyber, you have to learn the culture and languages. You have to have a unified and holistic app...
maecproject.github.io
AnalysisType | MAEC Project Documentation
http://maecproject.github.io/data-model/4.1/maecPackage/AnalysisType
Getting Started with Python. MAEC 4.1 (current release). MAEC 5.0 Roadmap. MAEC 5.0 Working Calls. AnalysisType MAEC Package Schema. Provides a way of capturing the information associated with the analysis of a malware instance, such as the subject, authors, start datetime, and other relevant data. The required id field specifies a unique ID for this Analysis. The type field specifies the type of malware analysis being performed. The method field specifies the analysis method used in the analysis. The Co...
maecproject.github.io
Documentation | MAEC Project Documentation
http://maecproject.github.io/documentation
Getting Started with Python. MAEC 4.1 (current release). MAEC 5.0 Roadmap. MAEC 5.0 Working Calls. This document provides a detailed introduction to the Malware Attribute Enumeration and Characterization (MAEC ) Language, an overview of the MAEC data models, a discussion of high-level use cases, requirements for the MAEC Language, and a discussion of open issues and challenges. Specification documents are available for the MAEC data models. Utilities and Developer Resources. Various utilities and other d...
ir3e.com
Go Get it on the Web Links - Incident Response and Computer Forensics, 3rd Edition
https://ir3e.com/web-links
Darr; Skip to Main Content. Incident Response and Computer Forensics, 3rd Edition. Find Evil. Solve Crime. Appendix A – Answers to Questions. Appendix B – Incident Response Forms. Chapter 6 – Extra Scenario. Chapter 8 – DC3dd Compile. Chapter 8 – EnCase Walkthrough. Chapter 8 – FTK Imager Walkthrough. Chapter 10 – SMTP. Chapter 14 – Additional IM Clients. Chapter 14 – Other Applications. Chapter 15 – Setting Up A Virtual Environment. Chapter 9 Scenario PCAPs. Go Get it on the Web Links. YARA Articles and...
stixproject.github.io
CourseOfActionType | STIX Project Documentation
http://stixproject.github.io/data-model/1.2/coa/CourseOfActionType
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. CourseOfActionType Course of Action Schema. Represents a single STIX Course of Action. STIX 1.1.1. STIX 1.0.1. Specifies a globally unique identifier for this COA. Specifies a globally unique identifier of a COA specified elsewhere. When idref is specified, the id attribute must not be specified, and any instance of this COA should not hold content. Specifies the relevant STIX-COA schema version for this content. This field is implemented through the x...
stixproject.github.io
Sample Walkthrough | STIX Project Documentation
http://stixproject.github.io/getting-started/sample-walkthrough
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. This walkthrough will look at a simple STIX document and look through it piece by piece to help describe basic STIX concepts. Specifically, we’ll look at a watchlist for IP addresses to see how STIX can be used to describe indicators of malicious activity. Page and reading through the whitepaper and other materials linked from there. First, download the IP Watchlist sample. Attribute to use the online schemas so you can validate it without a local copy...
stixproject.github.io
IncidentType | STIX Project Documentation
http://stixproject.github.io/data-model/1.2/incident/IncidentType
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. Represents a single STIX Incident. STIX 1.1.1. STIX 1.0.1. Specifies a globally unique identifier for this cyber threat Incident. Specifies a globally unique identifier for a cyber threat Incident specified elsewhere. When idref is specified, the id attribute must not be specified, and any instance of this Incident should not hold content. Specifies the relevant STIX-Incident schema version for this content. External ID 0.n. Short Description 0.n.
stixproject.github.io
IndicatorType | STIX Project Documentation
http://stixproject.github.io/data-model/1.2/indicator/IndicatorType
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. Represents a single STIX Indicator. STIX 1.1.1. STIX 1.0.1. If possible, an indicator should include the following fields:. Either Observable, Observable Composition, or Indicator Composition to represent the detectable pattern. Indicated TTP, even if pointing to a very simple TTP with just a title. Creating pattern observables for indicators. Specifies a unique ID for this Indicator. Specifies a reference to the ID of an Indicator specified elsewhere.
stixproject.github.io
Getting Started | STIX Project Documentation
http://stixproject.github.io/getting-started
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. For Analysts and Managers. The Analysts and Manager tutorial track will walk you through understanding the STIX data model and how content is expressed in it at a high level. You won't have to deal with XML or Python at all. The STIX Whitepaper explains why STIX was developed, what problems it solves, and how it solves those problems. It also goes into detail on the individual components of STIX and how they fit together. Python STIX Getting Started.
stixproject.github.io
Authoring Tutorial | STIX Project Documentation
http://stixproject.github.io/getting-started/authoring-tutorial
Getting Started with Python. STIX 1.1.1. STIX 1.0.1. This authoring tutorial will walk you through how to create a simple STIX indicator that looks for a file hash and, if that file hash is found, points to a piece of malware that might be present. You can think of it as a correlary to the sample walkthrough. While that takes an existing piece of content and explains what it means, this will walk through how to actually author content. If you’re using the Python API, the Your First STIX Application.