Search the Community

Italian luxury automaker Ferrari has been hacked by an unknown threat actor who has demanded a ransom in exchange for certain client contact details. Ferrari made the announcement of the “cyber incident” on its website recently, stating that its wholly-owned Italian subsidiary was contacted by a threat actor with a ransom demand related to certain client contact details. While Ferrari has refused to pay the ransom as a policy, it has informed its clients of the potential data exposure and the nature of the incident. The company takes the confidentiality of clients seriously and understands the significance of the incident, as its clients most likely represent some of the world's wealthiest individuals given the typical cost of a Ferrari. The attack has highlighted the fact that ransomware is not just a problem, but a major data loss issue as well, as sensitive data, including client names, addresses, email addresses, and telephone numbers, has been exposed. Cybersecurity firm Halcyon's CEO and Co-founder, Jon Miller, has emphasized that the focus for ransomware operators is to cause as much pain as possible to victim organizations in order to extract the highest payment possible. This means that even if the victim organization pays the ransom, the attackers still have the data and can sell or expose it, or come back to the victim organization and ask for even more money. Ferrari has immediately started an investigation in collaboration with a leading global third-party cybersecurity firm, once they became aware of the hacker's demands. The automaker has assured its clients that the breach has had no impact on its operations. Even though Ferrari did everything right regarding securing the data and incident response measures, ransomware gangs are intent on stealing data to force victims into paying the ransom demand, causing collateral damage to entities whose sensitive data is exposed. Miller has urged organizations to defeat the attack before hackers can exfiltrate data and disrupt operations to make these attacks unprofitable. In October, Ferrari was hit by a ransomware attack, losing 7GB of data to threat actors.

Description: In recent years, a considerable amount of effort has been devoted to cyber-threat protection of computer systems which is one of the most critical cybersecurity tasks for single users and businesses since even a single attack can result in compromised data and sufficient losses. Massive losses and frequent attacks dictate the need for accurate and timely detection methods. Current static and dynamic methods do not provide efficient detection, especially when dealing with zero-day attacks. For this reason, big data analytics and machine intelligence-based techniques can be used. This book brings together researchers in the field of big data analytics and intelligent systems for cyber threat intelligence CTI and key data to advance the mission of anticipating, prohibiting, preventing, preparing, and responding to internal security. The wide variety of topics it presents offers readers multiple perspectives on various disciplines related to big data analytics and intelligent systems for cyber threat intelligence applications. Technical topics discussed in the book include: Big data analytics for cyber threat intelligence and detection Artificial intelligence analytics techniques Real-time situational awareness Machine learning techniques for CTI Deep learning techniques for CTI Malware detection and prevention techniques Intrusion and cybersecurity threat detection and analysis Blockchain and machine learning techniques for CTI [Hidden Content] [hide][Hidden Content]]

This tool, called "ThreatHound," is a powerful and versatile tool written in Python (with a new C version available for Linux-based systems) that helps with IR & Threat Hunting & CA. With ThreatHound, you can drop your event log file and analyze the results easily. It now supports Windows through the ThreatHound.exe, making it even more accessible. The latest release of ThreatHound has several new features that make it even more useful. For example, you can now save results in JSON format or print them on the screen by using the "print" argument. If you want to save results in JSON format, you can set the argument to "no." If you prefer to print the results on the screen, you can set the argument to "yes." You can give ThreatHound a single EVTX file, a Windows event logs folder, or multiple EVTX files separated by commas using the "-p" argument. You can also give Sigma rules path using the "-s" argument. ThreatHound also has multithreading capabilities, which significantly improves its running speed. It is an agent-based tool, which means you can push it to multiple servers and run it easily. ThreatHound has many useful features, including automation for Threat hunting, Compromise Assessment, and Incident Response for the Windows Event Logs. It downloads and updates Sigma rules daily from the source and has more than 50 detection rules included. With support for more than 1500 detection rules for Sigma, it can detect a wide range of threats. One of the best things about ThreatHound is that you can easily add your own detection rules to it. It also allows you to add new event log source types to mapping.py easily, making it even more flexible. Overall, ThreatHound is a powerful and useful tool for anyone working in the IR, Threat Hunting, or CA fields. Its ability to detect a wide range of threats, combined with its flexibility and ease of use, make it an invaluable addition to any security toolkit. Here is github link: [Hidden Content] Hope it helps, Happy Hunting!

Description Just because an organization opts to spend a fortune on cybersecurity doesn’t mean that it’s immune to an attack. While properly configured technology can stop most of today’s cyber-attacks, hackers have become experts at evading detection. In this course, information security expert Michael Wylie gives you an introduction to threat hunting: a core skill for any cybersecurity professional tasked with detecting and isolating the most advanced, hard-to-find security threats. Explore the key differences between proactive and reactive cybersecurity strategies as you learn to articulate the value of creating your own threat hunting program. Upon completing this course, you’ll be prepared to leverage some of the most important threat hunting methodologies and frameworks, including anomaly-based hunting, statistical modeling, hypothesis-driven hunting, the threat hunting lifecycle, MITRE ATT&CK, and Cyber Kill Chain. [Hidden Content] [hide][Hidden Content]]

APT-Hunter is a Threat Hunting tool for windows event logs which made by the purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity. This tool will make good use of the windows event logs collected and make sure to not miss critical events configured to be detected. If you are a Threat Hunter, Incident Responder, or forensic investigator, I assure you will enjoy using this tool, why? I will discuss the reason in this article and how it will make your life easy just it made mine. Kindly note this tool is heavily tested but still a beta version and may contain bugs. if you are using APT-Hunter you will have : uncover any suspicious activity you don’t know about before it turns to a big incident . Detect APT movements in the system based on events from previous discovered APT attacks. Make a good use of the windows event logs you collected . faster attack detection which will decrease the response time in order to quickly contain and eradicate the attacks. Output configured to be compatible with timesketch so you can do time line analysis . With the important 60 use cases configured in one place you will invest your time in other data sources . Faster investigating multiple servers in short amount of time . it will help you in cases you don’t have much time to do deep investigation . Free Open source tool that will serve you without any limitation . Personally i used it in many incident and helped me uncover events i missed out and allowed me finish the investigations faster . Turn millions of events into hundreds with severity you can use as a filter. Changelog v3.0 New use cases based on new attacks and incidents. More statistics and detection for new log sources (Group Policy , SMB Client , SMB Server) Rebuilt with Multiprocessing to utilize available resources. Specify start and end date to focus on specific time period. lightning-fast Regex Hunt that go through tons of logs in minutes . New Object Access Report. New Process Execution Report. New Summary of Detection Results. New statistics sheet that include the unique powershell commands executed in the systems. New Statistics sheet for RDP client events with events SID automatically resolved to users. New Statistics sheet for executed powershell commands. Now you don’t need to bruteforce EventID 1029 hash to get username . WinRM events SID now automatically resolved to user name. New collected SID report that will provide you all the discovered SID with their user name. New scoring system for powershell detection to let you focus on important events. APT-Hunter now can handle any number or size of windows event logs. Hunting module now allow you to include specific event ID to search. Hunting module now allow you to provide a file with a list of regex [hide][Hidden Content]]

What you’ll learn To be an excellent threat hunter, you’ll need the right mentality and talents. How to carry out simple threat hunting How to set up environments for threat hunting, from the most basic to the most advanced. Recognize the different techniques for danger hunting. Recognize the Threat Hunting Loop and the Threat Hunting Products. Requirements The student must have a basic understanding of network and information security. A basic grasp of programming or scripting-querying abilities is required. Description This course is about Learn how to build the skills and mentality needed to become a professional danger hunter in the field of cybersecurity. Description Are you attempting to make a career change in IT or cybersecurity? Then this course will help you choose a cybersecurity field in which you can further your knowledge. This training is also good for people who already work in cybersecurity and want to get a better idea of what threat hunting is all about. Because you will gain skills that may help a business become more secure in its operations, this course can help you enhance your chances of securing your first cybersecurity job. This course is intended for aspiring or entry-level cybersecurity professionals. What you’ll learn Section-1: What is threat hunting and what is its main goal? What is the purpose of threat hunting? Do you know what danger hunting pose? What is the purpose of Threat Hunting? Characteristics of a Successful Threat Hunter What does it take to track down a threat? Threat hunting terms are defined as Loop of Threat Hunting What Does It Take to Be a Successful Threat Hunter? Successful Hunting Techniques for What makes threat hunting so successful? Threat hunting is a method of detecting threats. Hypothesis Testing and Hypothesis Sources 7 Tips for Successful Threat Hunting Section-2: Threat Identification Tools and Products for Threat Hunting Demonstrate a potential danger in a hunting situation. Threat Attack Indicators (IoC) A system monitor and an event viewer are used to demonstrating a basic threat search. Section 3 The next stages are in honing your threat-hunting abilities. Who this course is for: This course is for those who are already knowledgeable about cybersecurity and wish to specialize in threat hunting. This course is also intended for regular IT professionals who wish to get a basic grasp of what goes into high-level threat hunting. [Hidden Content] [hide][Hidden Content]]

The World’s First Truly Open Threat Intelligence Community Gain FREE access to over 19 million threat indicators contributed daily Collaborate with over 100,000 global participants to investigate emerging threats in the wild Quickly identify if your endpoints have been compromised in major cyber attacks using OTX Endpoint Security™. Share your threat research and subscribe to pulses from other OTX contributors to stay up to date with their threat research Leverage the latest OTX threat intelligence directly in your AlienVault USM™ or AlienVault OSSIM™ environment Synchronize OTX threat intelligence with your other security products using the OTX DirectConnect API [Hidden Content]

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au...). Detect Keywords in pastebin & in other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm...). Monitor malicious domain names (IPs, mail/MX records, web pages using TLSH). Detect suspicious domain names targeting your organisation, using dnstwist. Useful as a bundle regrouping threat hunting/intelligence automated features. Additional features Create cases on TheHive and events on MISP. Integrated IOCs export to TheHive and MISP. LDAP & Local Authentication. Email notifications. Ticketing system feeding. Admin interface. Advance users permissions & groups. [hide][Hidden Content]]

ThreatPursuit-VM Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly. Installed Tools Development, Analytics, and Machine Learning Shogun Tensorflow Pytorch Rstudio RTools Darwin Keras Apache Spark Elasticsearch Kibana Apache Zeppelin Jupyter Notebook MITRE Caret Python (x64) Visualisation Constellation Neo4J CMAP Triage, Modelling & Hunting MISP OpenCTI Maltego Splunk Microsoft MSTIC Jupyter and Python Security Tools MITRE ATT&CK Navigator Coretex Analyzer Greynoise API and GNQL threatcrowd API threatcmd ViperMonkey Threat Hunters Playbook MITRE TRAM SIGMA YETI Azure Zentinel AMITT Framework Adversarial Emulation MITRE Calderra Red Canary ATOMIC Red Team Mordor Re-play Adversarial Techniques MITRE Caltack Plugin APTSimulator FlightSim Information Gathering Maltego nmap intelmq dnsrecon orbit FOCA Utilities and Links CyberChef KeepPass FLOSS peview VLC AutoIt3 Chrome OpenVPN Sublime Notepad++ Docker Desktop HxD Sysinternals Putty [hide][Hidden Content]]

ACT | Semi-Automated Cyber Threat Intelligence ACT enables advanced threat enrichment, threat analysis, visualisation, process automation, lossless information sharing and powerful graph analysis. Its modular design and APIs facilitate implementing new workers for enrichment, analysis, information sharing, and countermeasures. Included in the platform is Scio, a component that ingests human-readable reports, like threat advisories and blog posts, and uses natural language processing and pattern matching to extract structured threat information to import to the platform. Our Github repositories also include support for information import and data enrichment from MISP, MITRE ATT&CK, VirusTotal, PassiveDNS, ShadowServer and Splunk, with more on the way. So why build yet another threat intelligence platform? In 2014 we set out to find a platform on the market to meet the needs of our SOC and threat intelligence team. Our requirements were not particularly unique: we needed a platform that would help us to collect and organise our knowledge of threats, facilitate analysis and sharing, and make it easy to retrieve that knowledge when needed. We spent too much time on manual processes, copy-pasting information between different systems. Much of our knowledge was in an unstructured form, like threat reports, that made it difficult and time consuming to figure out if we had relevant knowledge that could help us decide how to handle security alerts and security incidents. Sound familiar? After evaluating the existing platforms, we concluded they could not easily be adapted to meet our requirements. In speaking with our partners, customers and the security community, we saw we were not alone and decided to research and develop a new platform: ACT. This session will focus on threat analysis using the GUI to demonstrate how ACT can help SOC analysts, incident responders and threat analysts/hunters/researchers. ACT Virtual Appliance This image is a virtual appliance that can be installed in virtual box or vmware. The image contains a "clean" installation, with only the ACT data model. When booting the image it will start to bootstrap the image with feeds, workers, enrichment and optionally a repository of reports. The import of data should start immediately after booting the image, but it could take several days to import and enrich everything. Image content The image contains: Centos Apache Cassandra Elasticsearch Apache NiFI ACT Platform ACT Workers ACT SCIO ACT SCIO API ACT Datamodel ACT Frontend Requirements The minimum requirements for this image are: Virtual Box 6, with NAT network 10GB RAM 4 CPUs 60 GB disk It should also work to install the virtual appliance on vmware, but the port forwarding is not automatically set up after installation, so you will need configure that yourself after importing the image. Download [Hidden Content] More info [hide][Hidden Content]]