Get best of the week

Githabification Keamanan Informasi

Menuju model yang terbuka, mandiri dari vendor dan ramah komunitas untuk mempercepat pelatihan Keamanan Informasi


8 Desember 2019


John Lambert JohnLaTwC, Insinyur Terhormat, Pusat Intelijen Ancaman Microsoft


anotasi


Kombinasi Spesialis Keamanan Informasi dalam komunitas global mempercepat pelatihan khusus mata pelajaran.


, MITRE ATT&CK, , Sigma , Jupyter Notebooks, . .


, , , .


teks alternatif



" — , — ." —

. , . , 10 000 , . , — , , , . , , , — .


, ? , .


, , . , , . " ". : , . .



" , " —

. . - . , — . .


, , MITRE ATT&CK. , . " Windows" T1015. , , , .


teks alternatif
teks alternatif
teks alternatif


MITRE ATT&CK :


  • . ATT&CK , , , ( , , ).
  • . ATT&CK . , MITRE. ATT&CK , ( ), , .
  • . ATT&CK , ATT&CK , , , . .

. :



, MITRE ATT&CK — , , .



" " — .

— , . . . , " ". MITRE ATT&CK.


T1015, , , . cmd.exe, , , winlogon.exe SYSTEM (). .


, , , . (SIEM/LM ) .


: Splunk Search Processing Language (SPL), ElasticSearch — Domain Specific Language (DSL), Microsoft Defender ATP — Keyword Query Language (KQL). , Yara Snort ...


Sigma, , . Sigma — , (@cyb3rops) (@blubbfiction), ("") . , Sigma , Splunk, ElasticSearch, QRadar . SOC Prime - https://uncoder.io/, Sigma, . Sigma Sigma . Sigma .


teks alternatif


Sigma ATT&CK T1015, ? :


teks alternatif


Sigma, ? :


  • Sigma , ( , , MITRE ATT&CK ..). Sigma , , . , , .
  • . Sigma SIEM/LM , . . Sigma , (, , ). , Red Teaming, Sigma, Purple Teaming.
  • , , . Sigma Yara Snort.

MITRE ATT&CK , , Sigma , , - . , , .



" . ." — , " "

, , . , . . ? , ? - , ? , ?


. , - , . Jupyter Notebook.


Jupyter?


Jupyter — , , . :


  • — Notebook. , , . . Notebook , , . Notebook Python ( ) , Pandas. , Notebook . Jupyter — GitHub 5 Notebook.
  • Notebook . , . GitHub, . - Notebook, . . Notebook — , .
  • Jupyter Notebook . Jupyter Notebook - "", — , Notebook ( Python, .NET ) . Notebook Windows, Linux, Mac . , , .

Jupyter Notebook


Notebook . — , , . : PowerShell, . , Magic Unicorn, . Notebook , Base64 , . CyberChef :


teks alternatif


PowerShell, :


teks alternatif


Base64, :


teks alternatif


, :


teks alternatif


API, :


teks alternatif


, Windows API (InternetConnectA, HttpSendRequestA, ..) , (VirtualAlloc), : "Magic Unicorn — PowerShell Downgrade Attack ". — (Dave Kennedy, @HackingDave).


, Notebook, . , (Roberto Rodriguez) , Jupyter Notebook . ThreatHunterPlaybook Project Jupyter . Netscylla , Notebook . Notebook, GitHub, binder:


teks alternatif


Jupyter , , , , . , Jupyter . Jupyter Notebook .



. , , . MITRE ATT&CK , , ( Office 365), .


teks alternatif


Office 365 MITRE ATT&CK:


teks alternatif


, (Swetha Prabakaran).


(Florian Roth, @cyb3rops) Sigma GitHub. , "Pull request" — . Pull Request Sigma:


teks alternatif


Open Security Collaborative Development (OSCD) — . 2019 , Sigma MITRE ATT&CK. Sigma 40%:


teks alternatif


.



, . , . , MITRE ATT&CK. Sigma. Jupyter Notebook.


, , CERT, , , . , , . , .


? :


  • , .
  • , — "Pull Request"
  • GitHub.com, . , GitHub, — .

teks alternatif



, , , , .


, ? :


, :



:



:



:


  • -, ATT&CK, Sigma Jupyter Notebook
  • Python Jupyter Notebook
  • , MITRE ATT&CK, Sigma Jupyter Notebook

CERT , :


  • Sigma
  • MITRE ATT&CK


(Freddy Dezeure, @FDezeure), (Florian Roth, @cyb3rops), (Thomas Patzke, @blubbfiction), (Leah Lease, @LeahLease), (Tim Burrell, @TimbMsft), (Ian Hellen, @ianhellen) (Roberto Rodriguez, @Cyb3rWard0g) , , , , (@denisbalan), (@noesall), (@zinint), (@MazahakaJay), , - (@SuslikDaRete), (@l1c3t), (@AlienJolka), Oleg Chepurchenko, Michael Tyomkin, Sveta Gaivoronski, Fanta Orr, (@yugoslavskiy) .





, . , .


ATT&CK


  • Sigma Yara
  • , TTP, MORDOR
  • ,

Sigma


  • , , (join), ;
  • ( , , "process_creation", Sysmon Event ID 1 Windows Event ID 4688)

Jupyter


  • Python
  • :
  • (IP-, , ..)
  • , ,

Source: https://habr.com/ru/post/undefined/

More articles:


All Articles