Merge pull request #49 from hslatman/hs_july_additions

Additions for July
2024-12-18 18:36:11 +00:00 · 2016-07-26 21:29:11 +02:00 · 2016-07-26 21:29:11 +02:00 · 46e4282da4
commit 46e4282da4
parent c265635596 d7a957ac91
3 changed files with 82 additions and 2 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -4,4 +4,4 @@ rvm:
 before_script:
    - gem install awesome_bot
 script:
-    - awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/
+    - awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/
--- a/README.md
+++ b/README.md
@ -19,6 +19,14 @@ Some consider these sources as threat intelligence, opinions differ however.
 A certain amount of (domain- or business-specific) analysis is necessary to create true threat intelligence.

 <table>
+    <tr>
+        <td>
+            <a href="https://www.autoshun.org/" target="_blank">AutoShun</a>
+        </td>
+        <td>
+            A public service offering at most 2000 malicious IPs and some more resources.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a>
@ -140,6 +148,14 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
            VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of malicious code. Access to the site is granted via invitation only.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://github.com/Yara-Rules/rules" target="_blank">Yara-Rules</a>
+        </td>
+        <td>
+            An open source repository with different Yara signatures that are compiled, classified and kept as up to date as possible.
+        </td>
+    </tr>
 </table>

 ## Formats
@ -226,6 +242,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari
            AbuseHelper is an open-source framework for receiving and redistributing abuse feeds and threat intel.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://www.fidelissecurity.com/resources/fidelis-barncat" target="_blank">Barncat</a>
+        </td>
+        <td>
+            Fidelis Cybersecurity offers free access to Barncat after registration. The platform is intended to be used by CERTs, researchers, governments, ISPs and other, large organizations. The database holds various configuration settings used by attackers. 
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://github.com/csirtgadgets/bearded-avenger" target="_blank">Bearded Avenger</a>
@ -333,6 +357,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari
            OpenTAXII is a robust Python implementation of TAXII Services that delivers a rich feature set and a friendly Pythonic API built on top of a well designed application.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://github.com/Ptr32Void/OSTrICa" target="_blank">OSTrICa</a>
+        </td>
+        <td>
+            An open source plugin-oriented framework to collect and visualize Threat Intelligence information.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://www.alienvault.com/open-threat-exchange" target="_blank">OTX - Open Threat Exchange</a>
@ -357,6 +389,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari
            The PassiveTotal platform offered by RiskIQ is a threat-analysis platform which provides analysts with as much data as possible in order to prevent attacks before they happen. Several types of solutions are offered, as well as integrations (APIs) with other systems.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://soltra.com/" target="_blank">Soltra Edge</a>
+        </td>
+        <td>
+            The basic version of Soltra Edge is available for free. It supports a community defense model that is highly interoperable and extensible. It is built with industry standards supported out of the box, including STIX and TAXII.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="http://stoq.punchcyber.com/" target="_blank">stoQ</a>
@ -423,6 +463,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
            ActorTrackr is an open source web application for storing/searching/linking actor related data. The primary sources are from users and various public repositories. Source available on <a href="https://github.com/dougiep16/actortrackr" target="_blank">GitHub</a>.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://github.com/1aN0rmus/TekDefense-Automater" target="_blank">Automater</a>
+        </td>
+        <td>
+            Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://github.com/exp0se/bro-intel-generator" target="_blank">bro-intel-generator</a>
@ -463,6 +511,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
            Multithreaded threat intelligence hunter-gatherer script.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://github.com/BinaryDefense/goatrider" target="_blank">GoatRider</a>
+        </td>
+        <td>
+            GoatRider is a simple tool that will dynamically pull down Artillery Threat Intelligence Feeds, TOR, AlienVaults OTX, and the Alexa top 1 million websites and do a comparison to a hostname file or IP file.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://github.com/exp0se/harbinger" target="_blank">Harbinger Threat Intelligence</a>
@ -535,6 +591,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
            Simple IOC and Incident Response Scanner.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://bitbucket.org/ssanthosh243/ip-lookup-docker" target="_blank">LookUp</a>
+        </td>
+        <td>
+            LookUp is a centralized page to get various threat information about an IP address. It can be integrated easily into context menus of tools like SIEMs and other investigative tools.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://github.com/HurricaneLabs/machinae" target="_blank">Machinae</a>
@ -600,6 +664,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
            A host investigations tool that can be used for, amongst others, IOC analysis.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://github.com/blackhillsinfosec/RITA" target="_blank">RITA</a>
+        </td>
+        <td>
+            RITA is inteded to help in the search for indicators of compromise in enterprise networks of varying size.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://test.taxiistand.com/" target="_blank">TAXII Test Server</a>
@ -640,6 +712,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
            Threatelligence is a simple cyber threat intelligence feed collector, using Elasticsearch, Kibana and Python to automatically collect intelligence from custom or public sources. Automatically updates feeds and tries to further enhance data for dashboards. Projects seem to be no longer maintained, however.
        </td>
    </tr>
+    <tr>
+        <td>
+            <a href="https://www.fidelissecurity.com/resources/fidelis-threatscanner" target="_blank">ThreatScanner</a>
+        </td>
+        <td>
+            ThreatScanner by Fidelis Cybersecurity runs a script to hunt for IOCs or YARA rules on a single machine and automatically generates a report that provides details of suspicious artifacts.
+        </td>
+    </tr>
    <tr>
        <td>
            <a href="https://github.com/michael-yip/ThreatTracker" target="_blank">ThreatTracker</a>
@ -740,7 +820,7 @@ All kinds of reading material about Threat Intelligence. Includes (scientific) r
    </tr>
    <tr>
        <td>
-            <a href="http://armypubs.army.mil/doctrine/DR_pubs/dr_a/pdf/atp2_01x3.pdf" target="_blank">Intelligence Preparation of the Battlefield/Battlespace</a>
+            <a href="docs/Intelligence Preparation for the Battlefield-Battlespace.pdf" target="_blank">Intelligence Preparation of the Battlefield/Battlespace</a>
        </td>
        <td>
            This publication discusses intelligence preparation of the battlespace (IPB) as a critical component of the military decisionmaking and planning process and how IPB supports decisionmaking, as well as integrating processes and continuing activities.
--- a/Battlefield-Battlespace.pdf
+++ b/Battlefield-Battlespace.pdf