SOAR (Security Orchestration Automation and Response)
SOAR — bu Security Orchestration Automation and Response iborasining qisqartmasi bo‘lib, muhitdagi xavfsizlik mahsulotlari va vositalarini bir-biri bilan integratsiyalashga imkon beradi. Bu SOC jamoasi a'zolarining vazifalarini soddalashtiradi. Masalan, SOAR SIEM alertidagi manba IP-ni VirusTotal orqali avtomatik ravishda tekshiradi va bu orqali SOC tahlilchisi ish yukini kamaytiradi.
Sanoatda keng qo‘llaniladigan ba'zi SOAR mahsulotlari:
Splunk Phantom
IBM Resilient
Logsign
Demisto
#BlueTeam #SOC #SOAR
SOAR — bu Security Orchestration Automation and Response iborasining qisqartmasi bo‘lib, muhitdagi xavfsizlik mahsulotlari va vositalarini bir-biri bilan integratsiyalashga imkon beradi. Bu SOC jamoasi a'zolarining vazifalarini soddalashtiradi. Masalan, SOAR SIEM alertidagi manba IP-ni VirusTotal orqali avtomatik ravishda tekshiradi va bu orqali SOC tahlilchisi ish yukini kamaytiradi.
Sanoatda keng qo‘llaniladigan ba'zi SOAR mahsulotlari:
Splunk Phantom
IBM Resilient
Logsign
Demisto
#BlueTeam #SOC #SOAR
Centralization (Kerakli hamma narsa uchun yagona platforma)
SOAR turli xavfsizlik vositalarini (sandbox, loglarni boshqarish, uchinchi tomon vositalari va boshqalar) birlashtiruvchi yagona dasturiy ta'minotni taqdim etadi. Ushbu vositalar SOAR yechimiga integratsiya qilinadi va bitta platformada ishlatilishi mumkin.
Playbooks
SOAR ichida turli vaziyatlar uchun yaratilgan playbooklar yordamida SIEM alertlarini osonlikcha tekshirishingiz mumkin. Agar barcha jarayonlarni bilmasangiz yoki eslay olmasangiz ham, playbooklarda ko‘rsatilgan bosqichlarni bajarib, tahlilni amalga oshirishingiz mumkin.
#BlueTeam #SOC #SOAR
SOAR turli xavfsizlik vositalarini (sandbox, loglarni boshqarish, uchinchi tomon vositalari va boshqalar) birlashtiruvchi yagona dasturiy ta'minotni taqdim etadi. Ushbu vositalar SOAR yechimiga integratsiya qilinadi va bitta platformada ishlatilishi mumkin.
Playbooks
SOAR ichida turli vaziyatlar uchun yaratilgan playbooklar yordamida SIEM alertlarini osonlikcha tekshirishingiz mumkin. Agar barcha jarayonlarni bilmasangiz yoki eslay olmasangiz ham, playbooklarda ko‘rsatilgan bosqichlarni bajarib, tahlilni amalga oshirishingiz mumkin.
#BlueTeam #SOC #SOAR
LeakIX — это мощная платформа для поиска и мониторинга утечек данных, которая активно используется специалистами по информационной безопасности и OSINT-исследователями
https://leakix.net/
#OSINT #TOOLS #LEAKIX
https://leakix.net/
#OSINT #TOOLS #LEAKIX
29 Addresses to Analyze Malware Faster
Anlyz
Any.run
Comodo Valkyrie
Cuckoo
Hybrid Analysis
Intezer Analyze
SecondWrite Malware Deepview
Jevereg
IObit Cloud
BinaryGuard
BitBlaze
SandDroid
Joe Sandbox
AMAaaS
IRIS-H
Gatewatcher Intelligence
Hatching Triage
InQuest Labs
Manalyzer
SandBlast Analysis
SNDBOX
firmware
opswat
virusade
virustotal
malware config
malware hunter team
virscan
jotti
#BlueTeam #Malware #Analys
Anlyz
Any.run
Comodo Valkyrie
Cuckoo
Hybrid Analysis
Intezer Analyze
SecondWrite Malware Deepview
Jevereg
IObit Cloud
BinaryGuard
BitBlaze
SandDroid
Joe Sandbox
AMAaaS
IRIS-H
Gatewatcher Intelligence
Hatching Triage
InQuest Labs
Manalyzer
SandBlast Analysis
SNDBOX
firmware
opswat
virusade
virustotal
malware config
malware hunter team
virscan
jotti
#BlueTeam #Malware #Analys
👍3
Registrlar Windows operatsion tizimlarida ma'lumot saqlash uchun ishlatiladigan ierarxik ma'lumotlar bazalaridir. Ularni hujumchilar ma'lumot o'g'irlash va davomiylikni ta'minlash kabi maqsadlarda ishlatishadi.
Windows operatsion tizimi ishga tushirilganda ishlashi kerak bo'lgan dasturlarni ba'zi registr kalitlarida saqlaydi. Hujumchilar operatsion tizimning bu xususiyatidan foydalanib, o'z zararli dasturlarini bu registr kalitlariga qo'shib, davomiylikni ta'minlashni reja qiladilar.
Ba'zi registr kalitlari quyidagilar:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Registrlar normal jarayonlar tomonidan ham ko'p ishlatiladi, shuning uchun ayniqsa zararli dastur(Malware) jarayonlari tomonidan qilingan registr o'zgarishlarini tekshirish kerak.
Zararli dastur registrlarga qilgan o'zgarishlarini aniqlash uchun Regshot nomli dasturdan foydalanishingiz mumkin.
https://sourceforge.net/projects/regshot/
#BlueTeam #SOC #Regedit
Windows operatsion tizimi ishga tushirilganda ishlashi kerak bo'lgan dasturlarni ba'zi registr kalitlarida saqlaydi. Hujumchilar operatsion tizimning bu xususiyatidan foydalanib, o'z zararli dasturlarini bu registr kalitlariga qo'shib, davomiylikni ta'minlashni reja qiladilar.
Ba'zi registr kalitlari quyidagilar:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Registrlar normal jarayonlar tomonidan ham ko'p ishlatiladi, shuning uchun ayniqsa zararli dastur(Malware) jarayonlari tomonidan qilingan registr o'zgarishlarini tekshirish kerak.
Zararli dastur registrlarga qilgan o'zgarishlarini aniqlash uchun Regshot nomli dasturdan foydalanishingiz mumkin.
https://sourceforge.net/projects/regshot/
#BlueTeam #SOC #Regedit
SourceForge
regshot
Download regshot for free. Regshot is an open-source (LGPL) registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product.
Windowsda Startup nomli katalog mavjud. Malware o'zini davomiy ravishda avtomatik ishga tushishini ta'minlash uchun, o'zini Startup katalogiga ham nusxalashi mumkin. Ushbu kataloglarda bajarilgan faoliyatlarga e'tibor qaratish kerak.
Ushbu kataloglarga kirish uchun "Win + R" tugmalarini bosib, keyin quyidagi komandalarni yozishingiz mumkin:
shell:startup
shell:common startup
#BlueTeam #Dynamic_Malware_Analys #Startup
Ushbu kataloglarga kirish uchun "Win + R" tugmalarini bosib, keyin quyidagi komandalarni yozishingiz mumkin:
shell:startup
shell:common startup
#BlueTeam #Dynamic_Malware_Analys #Startup
https://docs.remnux.org/install-distro/get-virtual-appliance
Secure sandbox environment REMnux for Dynamic Malware Analys
#BlueTeam #Malware #Analys #Sandbox
Secure sandbox environment REMnux for Dynamic Malware Analys
#BlueTeam #Malware #Analys #Sandbox
🔥2
Oletools — bu MS OLE2 fayllarini (Structured Storage, Compound File Binary Format) va MS Office hujjatlarini tahlil qilish uchun Python vositalari to‘plami bo‘lib, u zararli dasturlarni tahlil qilish, forensika va debugging uchun ishlatiladi.
https://github.com/decalage2/oletools?tab=readme-ov-file
#BlueTeam #Malware #Analys
https://github.com/decalage2/oletools?tab=readme-ov-file
#BlueTeam #Malware #Analys
AnalyticsRelationships - Discover related domains and subdomains through Google Analytics IDs!
How it works:
- Extract Google Analytics IDs from a webpage.
- Query services like BuiltWith and HackerTarget to find domains and subdomains associated with those IDs.
- A simple yet effective tool for OSINT and reconnaissance!
🔗 Get the tool here: https://github.com/Josue87/AnalyticsRelationships
How it works:
- Extract Google Analytics IDs from a webpage.
- Query services like BuiltWith and HackerTarget to find domains and subdomains associated with those IDs.
- A simple yet effective tool for OSINT and reconnaissance!
🔗 Get the tool here: https://github.com/Josue87/AnalyticsRelationships
📖 The Art of Auditing
✨ What it offers:
The first community-driven resource consolidating thousands of hours of expertise from top industry professionals. Ideal for security auditors, researchers, and enthusiasts, this comprehensive guide is a must-read.
🔗 Explore it here: https://web3-sec.gitbook.io/art-of-auditing
✨ What it offers:
The first community-driven resource consolidating thousands of hours of expertise from top industry professionals. Ideal for security auditors, researchers, and enthusiasts, this comprehensive guide is a must-read.
🔗 Explore it here: https://web3-sec.gitbook.io/art-of-auditing
web3-sec.gitbook.io
Preface | Art Of Auditing
Bugun OSINT qilish uchun foydalaniladigan yangi toollarni ko'rib chiqdim va ularning orasidan eng yaxshi natija beradigan va xatosiz ishlaydiganini tanlab oldim.
EarthKit Agent — bu geolokatsiya va tasdiqlash vazifalarini optimallashtiradigan ko'p modulli AI vositasi bo'lib, real vaqt ma'lumotlarini integratsiyalash va o'rganish imkoniyatlarini birlashtiradi. U Overpass Turbo so'rovlarini yaratish, ko'cha ko'rinishlari va sun'iy yo'ldosh tasvirlarini tahlil qilish, shuningdek, dastlabki geo-taxminlarni amalga oshirish kabi jarayonlarni avtomatlashtiradi, bu esa geospaik tekshiruvlarni yanada samarali va soddalashtirilgan qiladi.
https://agent.earthkit.app
#OSINT #GEONIT
EarthKit Agent — bu geolokatsiya va tasdiqlash vazifalarini optimallashtiradigan ko'p modulli AI vositasi bo'lib, real vaqt ma'lumotlarini integratsiyalash va o'rganish imkoniyatlarini birlashtiradi. U Overpass Turbo so'rovlarini yaratish, ko'cha ko'rinishlari va sun'iy yo'ldosh tasvirlarini tahlil qilish, shuningdek, dastlabki geo-taxminlarni amalga oshirish kabi jarayonlarni avtomatlashtiradi, bu esa geospaik tekshiruvlarni yanada samarali va soddalashtirilgan qiladi.
https://agent.earthkit.app
#OSINT #GEONIT
🔥2👏1
Forwarded from white2hack 📚
HTB - Active Directory Penetration Tester Path 2024.7z
349.1 MB
Active Directory Penetration Tester by HTB Academy, 2024
Using TLDFinder with the Netlas Module 🔍
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
👉 Read now: https://netlas.io/blog/tldfinder_and_netlas/
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
👉 Read now: https://netlas.io/blog/tldfinder_and_netlas/
netlas.io
Using TLDFinder with Netlas - Netlas Blog
This article will look at using the TLDFinder tool to find top level domains and subdomains using the Netlas integration.
👍1
Further reading
The following are important resources to improve technical skills and be well-prepared to start as a
bug hunter:
Books
OWASP testing guide: https://www.owasp.org/index.php/OWASP_Testing_Project
OWASP mobile testing guide: https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide
Writeups
Hackerone Hacktivity: https://hackerone.com/hacktivity
Google VRP Writeups: https://github.com/xdavidhu/awesome-google-vrp-writeups
Blogs and articles
Hacking articles: https://www.hackingarticles.in/
Vickie Li blogs: https://vickieli.dev/
Bugcrowd blogs: https://www.bugcrowd.com/blog/
Intigriti blogs: https://blog.intigriti.com/
Portswigger blogs: https://portswigger.net/blog
Capture the flag (CTF)
Hacker 101: https://www.hackerone.com/hackers/hacker101
Pico CTF: https://picoctf.org/
Try Hack Me: https://tryhackme.com/ (premium/free)
Hack the Box: https://www.hackthebox.com/ (premium)
VulnHub: https://www.vulnhub.com/
Hack This Site: https://hackthissite.org/
CTF Challenge: https://app.hackinghub.io/
Pentester Lab: https://pentesterlab.com/pro
Online labs
PortSwigger Web Security Academy: https://portswigger.net/web-security
OWASP Juice Shop: https://owasp.org/www-project-juice-shop/
XSS Game: https://xss-game.appspot.com/
Bug Bounty Hunter: https://www.bugbountyhunter.com/ (premium)
W3Challs: https://w3challs.com/
Offline labs
DVWA: https://github.com/digininja/DVWA
bWAPP: https://www.itsecgames.com/
Metasploitable 2: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
Bug Bounty Hunter: https://www.bugbountyhunter.com/ (premium)
W3Challs: https://w3challs.com/
YouTube channels
IppSec: https://www.youtube.com/c/ippsec
Live Overflow: https://www.youtube.com/c/LiveOverflow
Pwn Function: https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
Bug Bounty Reports Explained: https://www.youtube.com/@BugBountyReportsExplained
Training
Udemy: https://www.udemy.com/courses/search/?src=ukw&q=bug+bounty
GPEN: https://www.giac.org/certifications/penetration-tester-gpen/
GWAPT: https://www.giac.org/certifications/web-application-penetration-tester-gwapt/
GXPN: https://www.giac.org/certifications/exploit-researcher-advanced-penetration-tester-gxpn/
OSCP: https://www.offsec.com/courses/pen-200/
OSWE: https://www.offsec.com/courses/web-300/
CEH: https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/
Congress
BlackHat: https://www.blackhat.com/
DefCON: https://defcon.org/index.html
RootedCON: https://www.rootedcon.com
#Pentest #Learn
The following are important resources to improve technical skills and be well-prepared to start as a
bug hunter:
Books
OWASP testing guide: https://www.owasp.org/index.php/OWASP_Testing_Project
OWASP mobile testing guide: https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide
Writeups
Hackerone Hacktivity: https://hackerone.com/hacktivity
Google VRP Writeups: https://github.com/xdavidhu/awesome-google-vrp-writeups
Blogs and articles
Hacking articles: https://www.hackingarticles.in/
Vickie Li blogs: https://vickieli.dev/
Bugcrowd blogs: https://www.bugcrowd.com/blog/
Intigriti blogs: https://blog.intigriti.com/
Portswigger blogs: https://portswigger.net/blog
Capture the flag (CTF)
Hacker 101: https://www.hackerone.com/hackers/hacker101
Pico CTF: https://picoctf.org/
Try Hack Me: https://tryhackme.com/ (premium/free)
Hack the Box: https://www.hackthebox.com/ (premium)
VulnHub: https://www.vulnhub.com/
Hack This Site: https://hackthissite.org/
CTF Challenge: https://app.hackinghub.io/
Pentester Lab: https://pentesterlab.com/pro
Online labs
PortSwigger Web Security Academy: https://portswigger.net/web-security
OWASP Juice Shop: https://owasp.org/www-project-juice-shop/
XSS Game: https://xss-game.appspot.com/
Bug Bounty Hunter: https://www.bugbountyhunter.com/ (premium)
W3Challs: https://w3challs.com/
Offline labs
DVWA: https://github.com/digininja/DVWA
bWAPP: https://www.itsecgames.com/
Metasploitable 2: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
Bug Bounty Hunter: https://www.bugbountyhunter.com/ (premium)
W3Challs: https://w3challs.com/
YouTube channels
IppSec: https://www.youtube.com/c/ippsec
Live Overflow: https://www.youtube.com/c/LiveOverflow
Pwn Function: https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
Bug Bounty Reports Explained: https://www.youtube.com/@BugBountyReportsExplained
Training
Udemy: https://www.udemy.com/courses/search/?src=ukw&q=bug+bounty
GPEN: https://www.giac.org/certifications/penetration-tester-gpen/
GWAPT: https://www.giac.org/certifications/web-application-penetration-tester-gwapt/
GXPN: https://www.giac.org/certifications/exploit-researcher-advanced-penetration-tester-gxpn/
OSCP: https://www.offsec.com/courses/pen-200/
OSWE: https://www.offsec.com/courses/web-300/
CEH: https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/
Congress
BlackHat: https://www.blackhat.com/
DefCON: https://defcon.org/index.html
RootedCON: https://www.rootedcon.com
#Pentest #Learn
owasp.org
OWASP Web Security Testing Guide | OWASP Foundation
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
SOC Analyst Roadmap for 2025: Your Step-by-Step Self-Study Guide
https://infosecwriteups.com/soc-analyst-roadmap-for-2025-your-step-by-step-self-study-guide-f302841f36a0?source=rss----7b722bfd1b8d---4
#BlueTeam #SOC
https://infosecwriteups.com/soc-analyst-roadmap-for-2025-your-step-by-step-self-study-guide-f302841f36a0?source=rss----7b722bfd1b8d---4
#BlueTeam #SOC
Medium
SOC Analyst Roadmap for 2025: Your Step-by-Step Self-Study Guide
{Updated} — This is an updated article with new resources and few more steps breakdowns
👍1