Search: [intel] - Bookmarks

Fortiguard RSS Feeds https://www.fortiguard.com/rss-feeds

Wed 15 Jan 2025 01:17:39 PM PST

A large number of threat intel RSS feeds for the security community. Includes service detects and updates, new vulnerabilities, updates, and bad actor IP address updates.

MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing https://www.misp-project.org/

Mon 13 Jan 2025 12:41:40 PM PST

An open source threat intel and sharing platform. Lots of ad-hoc visualization methods are available to make sense of data. Includes lots of taxonomies to organize data and do some of the work for you.

You can store your IOCs in a structured manner, and thus enjoy the correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and synchronize to other MISPs. You can now leverage the value of your data without effort and in an automated manner. The primary goal of MISP is to be used. This is why simplicity is the driving force behind the project. Storing and especially using information about threats and malware should not be difficult. MISP is there to help you get the maximum out of your data without unmanageable complexity. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enabled collaborative analysis and prevents you from doing the work someone else already did before.

Threat Intelligence is much more than Indicators of Compromise. This is why MISP provides metadata tagging, feeds, visualization and even allows you to integrate with other tools for further analysis thanks to its open protocols and data formats. Having access to a large amount of Threat information through MISP Threat Sharing communities gives you outstanding opportunities to aggregate this information and take the process of trying to understand how all this data fits together telling a broader story to the next level. We are transforming technical data or indicators of compromise (IOCs) into cyber threat intelligence. MISP comes with many visualization options helping analysts find the answers they are looking for.

Github: https://github.com/MISP/

Of interest:

MISP/MISP is the core platform (the analytics and dashboard part)
MISP/misp-galaxy looks like the correlation engine
MISP/PyMISP is the supported Python module for interacting with the API
MISP/misp-taxonomies are used for organizing information
MISP/misp-galaxy does the work of clustering data points to find patterns
MISP/misp-modules are additional functional units (because of course there are)
MISP/misp-warninglists looks like sets of known false positives for cutting things down a bit.

There are more repos but I haven't gone through them yet.

chip-red-pill/MicrocodeDecryptor https://github.com/chip-red-pill/MicrocodeDecryptor

Tue 19 Jul 2022 02:59:29 PM PDT

At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode.

This is the tools they used to take it apart.

CrowdSec: the next-gen open source, crowd-powered & dynamic firewall https://github.com/CrowdSecurity/crowdsec

Sun 08 Nov 2020 04:54:56 PM PST

Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems. Its user friendly design and assistance offers a low technical barrier of entry and nevertheless a high security gain. Scans logs for signs of activity. Matches signs to local and crowdsourced attack signs. If a response agent is integrated with the service, it will react to the attack. Signs are also contributed back to the project to aid the community. Interactive setup and configuration. Designed not to need fine tuning to be effective.

GitHub - kitabisa/teler: Real-time HTTP Intrusion Detection https://github.com/kitabisa/teler

Tue 27 Oct 2020 03:48:39 PM PDT

teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community. Requires minimal configuration. Run your web server logs through it and see what it comes up with.

GitHub - public-apis/public-apis https://github.com/public-apis/public-apis

Fri 03 Apr 2020 03:43:44 PM PDT

A directory of free APIs for use in software and web development.

Free threat intelligence feeds - threatfeeds.io https://threatfeeds.io/

Sun 10 Nov 2019 06:09:51 PM PST

Free and open threat intel feeds. Reputation, malware identification, blacklists, known bad IP ranges, blocklists, and more.

GreyNoise-Intelligence/api.greynoise.io: Code + documentation for the public GreyNoise API https://github.com/GreyNoise-Intelligence/api.greynoise.io

Wed 28 Nov 2018 04:45:19 PM PST

GreyNoise is a system that collects and analyzes data on Internet-wide scanners. GreyNoise collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms.

The data is collected by a network of sensors deployed around the Internet in various datacenters, cloud providers, and regions.

OSINT http://www.onstrat.com/osint/

Tue 20 Mar 2018 02:24:33 AM PDT

A web portal linking to dozens of sources of freely available OSINT for anyone to make use of. Put the pieces together yourself, if you've a mind to.

coder32 edition | X86 Opcode and Instruction Reference 1.11 http://www.ref.x86asm.net/coder32.html

Tue 20 Mar 2018 12:08:00 AM PDT

An online reference for Intel 32-bit assembly language opcodes and mnemonics.

coder64 edition | X86 Opcode and Instruction Reference 1.11 http://ref.x86asm.net/coder64.html

Tue 20 Mar 2018 12:07:57 AM PDT

An online reference for Intel 64-bit assembly language opcodes and mnemonics.

Links per page

Filters