adulau

adulau, 4 months ago to opensource

The @misp project's extensive knowledge base, available at misp-galaxy.org, now features an interactive and dynamic graph. This new addition showcases graph relationships, enhancing your browsing experience with visible, dynamic connections. Plus, you can easily filter through these relationships to find exactly what you need.

#misp #threatintelligence #threatintel #threatactors #opensource #opendata

🔗 An example with the PROMETHIUM threat actor https://www.misp-galaxy.org/microsoft-activity-group/relations/5744f91a-d2d8-4f92-920f-943dd80c578f/
🔗 Threat actor galaxy https://www.misp-galaxy.org/threat-actor/

adulau, 4 months ago to music

"Hacker’s Paradise: Analysing music in a cybercrime
forum"

🎼 #cybercrime #music #paper #research

Remind me to add this functionality in @ail_project ;-)

🔗 https://api.repository.cam.ac.uk/server/api/core/bitstreams/646224d4-9d69-45ee-9892-a70b8bbd7024/content

adulau, 4 months ago to infosec

What happened to pastebin.com ? It has been down for the past 12 hours.

:blobcatpeekaboo:​

#pastebin #cti #infosec

adulau, 4 months ago to infosec

Recapping the state of vendors' VPN appliances:

• They don't maintain their software
• They accept money from their customer for maintenance
• They don't provide patch or update for their customer
• Don't proactively review the code

Yet organisations question open source?

#ivanti #vpnappliance #infosec #vulnerability

adulau, 5 months ago to opensource

I released a new version of the DomainClassifier python library with improved performance and built-in caching. Thanks to @terrtia for the contribution.

DomainClassifier is a simple Python library to extract and classify Internet domains/hostnames/IP addresses from raw unstructured text files following their existence, localization or attributes.

DomainClassifier can be used to extract Internet hosts from any free texts or collected unstructured information. It's for example used in @ail_project to guess all potential hostname/domain from any text.

#opensource #infosec #datamining #python #osint

🔗 https://github.com/adulau/DomainClassifier
🔗 PyPi https://pypi.org/project/DomainClassifier/

adulau, 5 months ago to random

Cyber Toufan was finally added in the @misp MISP galaxy as a threat-actor.

#threatintel #threatactors #cybertoufan #misp

Thanks to Mathieu Béligon for the recent contribution.

🔗 https://www.misp-galaxy.org/threat-actor/?h=cyber+toufan#cyber-toufan
🔗 if you want to contribute or update the thret-actor MISP galaxy https://github.com/MISP/misp-galaxy/blob/main/clusters/threat-actor.json

adulau, 5 months ago to opensource

I think the @jwz famous quote about regular expressions can be applicable to docker nowadays.

Some people, when confronted with a problem, think "I know, I'll use docker." Now they have two problems.

#docker #opensource #quote #unix

adulau, 5 months ago to opensource

In recent years, we have strived to update the MISP standard to ensure it remains stable, simple, and extensible. This effort benefits not only the MISP project but also other threat intelligence tools that utilise this format.

Our commitment is to maintain a stable long-term format that allows users to actively reuse the MISP standard without encountering disruptive changes. We are pleased to announce that our standard format is now being used by numerous software applications worldwide. Recently, we have made minor updates to various formats to incorporate necessary changes while ensuring that our current users are not adversely affected.

For more detailed information, please refer to the following links:

🔗 Core format https://www.misp-standard.org/rfc/misp-standard-core.html
🔗 Object template format https://www.misp-standard.org/rfc/misp-standard-object-template-format.html
🔗 Taxonomy format https://www.misp-standard.org/rfc/misp-standard-taxonomy-format.html
🔗 Galaxy format https://www.misp-standard.org/rfc/misp-standard-galaxy-format.html

🔗 For further details, visit our main website MISP standard website https://www.misp-standard.org/

The MISP standards are also published as I-Ds at the IETF for further dissemination.core, galaxy, object and taxonomy.

#threatintel #threatintelligence #opensource #openstandards #misp #infosec

@misp

adulau, 5 months ago to bbs

Nowadays those BBS are pretty neat with 2.8TB of free space. In the early nineties, it was more 20MB of free space.

#bbs #oldbutnew

adulau, 5 months ago to fun

Always intriguing to witness conspiracy theorists diving into our open-source projects, weaving together connections that are more creative fiction than reality.

#fun #opensource #threatintel #threatintelligence

Drinking tea and watching the fun!

adulau, 6 months ago to opensource

Why many open source OSINT tools have this bad practice of outputting non parseable text with blinking or crappy ANSI character set? Is this because of TV series?

#opensource #osint

adulau, 6 months ago to privacy

“Nebula Genomics – First to offer consumer anonymous sequencing” when I saw it. I was wondering about it and then I saw the “Protected By” on their website. Ok forget about this.

#privacy #infosec #dna #leak

adulau, 6 months ago to opensource

It seems my old blog post from 2016 about OpenPGP - « OpenPGP really works » still stands the current discussions.

#openpgp #opensource #standards

https://www.foo.be/2016/12/OpenPGP-really-works

adulau, 6 months ago to llm

Extracting Training Data from ChatGPT

I’m wondering if OpenAI requested a CVE for the disclosure of this vulnerability.

#llm #llms #openai #vulnerability #chatgpt

🔗 https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html

🔗 https://arxiv.org/abs/2311.17035

adulau, 6 months ago to random

If you want to host a phishing website, don’t use a cheap ISP or cloud provider. They might take it down in less than 48 hours. Take Amazon, it’s up for more than two weeks. 🤦🏼‍♂️

adulau, 6 months ago to opensource

If you wrote scripts using tshark, there are some changes in version 4.2.0 of wireshark for the -e option...

🔗 https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html

#dfir #networkanalysis #wireshark #opensource

adulau, 6 months ago to random

A good summary in LaTeX about the illogical part of the TLP:CLEAR concept.

#tlp

adulau, 7 months ago to infosec

I finally updated the old @circl Passive DNS API to version 2.0. The idea is to have a backward compatible API with the standard Common Output Format which was designed years ago. The switch will take over next month in November. If you have an existing access, nothing will change (beside new features and fresher intelligence).

The key features of the new API include support for pagination, making it suitable for handling large data sets, and the ability to filter data based on DNS RR types. This ensures that legacy tools can continue to function seamlessly, while new ones can take advantage of pagination to access larger sets of passive DNS data.

Notably, the back-end infrastructure has also undergone significant changes, providing users with enhanced insights.

The streaming API for contributors will be available at a later stage via CocktailParty.

#passivedns #infosec #stream #threatintel #threatintelligence

Thanks to @gallypette for the collaboration and contribution in the new back-end infrastructure.

Feedback and ideas are more than welcome.

🔗 Draft documentation for version 2.0

adulau, 7 months ago to llm

You want to detect the probability if a text was generated by a LLM. ZipPy can help (it's fast).

https://github.com/thinkst/zippy

"ZipPy: Fast method to classify text as AI or human-generated"

A nifty tool presented by Jacob Torrey at @hack_lu 2023

@Jacob

#hacklu #llm #opensource #chatgpt

adulau, 7 months ago to random

Pretty and nifty nice tool and format to describe and visualize binary files/format by Corkami (Ange Albertini)

http://corkami.github.io/sbud/hexii.html

The output is in SVG format.

Presentation at @hack_lu cti summit

#infovis #reversing #visualization

adulau, 7 months ago to infosec

If you are registered to CTI summit and/or @hack_lu for next week, you should have received an email for proposing lightning talks. Don’t be shy and submit your proposal ;-)

See you there.

#conference #infosec #lightningtalks

adulau, 8 months ago to opensource

FIRST.org released the videos from Montreal FIRSTCON2023 including the presentation I did about @circl typosquatting-finder

Typosquatting finder Python library - https://github.com/typosquatter/ail-typo-squatting

Online version of the typosquatting-finder service: https://typosquatting-finder.circl.lu/

#opensource #typosquatting #infosec

cc @firstdotorg

Video: https://www.youtube.com/watch?v=s09VFkI4Fn0

adulau, 8 months ago to infosec

I maintain some notes about HTTP/2 ‘Rapid Reset’ DDoS attack - CVE-2023-44487

🔗 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

#rapidreset #http2 #infosec #ddos #vulnerability #CVE-2023-44487

adulau, 8 months ago to random

For 25BTC you can buy the complete dataset of

"General Directorate of Migration of the Dominican Republic"

I remember discussions about how safe are "biometrics data". A good example how unsafe it is.

#ransomware #biometrics #leak

https://www.ransomlook.io/screenshots/rhysida/General%20Directorate%20of%20Migration%20of%20the%20Dominican%20Republic.png

source: @Ransomlook

adulau, 8 months ago to random

"Using silent SMS to localize LTE users"

https://mandomat.github.io/2023-09-21-localization-with-silent-SMS/

#sms #lte #mobile #sigint