The Insider Threat Tactics, Techniques, and Procedures (TTP) Knowledge Base aims to advance our collective understanding of the technical mechanisms that insider threats have used. With this knowledge, Insider Threat Programs and Security Operations Centers will detect, mitigate, and emulate insider actions on IT systems to stop insider threats. Utilizing the Knowledge Base, cyber defenders across organizations will identify insider threat activity on IT systems and limit the damage. Capturing and sharing the Design Principles and Methodology for developing the Knowledge Base is a foundational step to establishing this community resource and enabling its broad adoption and ongoing development.
Github: https://github.com/center-for-threat-informed-defense/insider-threat-ttp-kb
Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence.
A blog that documents recent and ongoing system intrusions, with a focus on ransomware attacks.
The last S3 security document that we’ll ever need, and how to use it.
Threat models and tools for staying safe, private and informed while Online, used by the average person.
Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems. Its user friendly design and assistance offers a low technical barrier of entry and nevertheless a high security gain. Scans logs for signs of activity. Matches signs to local and crowdsourced attack signs. If a response agent is integrated with the service, it will react to the attack. Signs are also contributed back to the project to aid the community. Interactive setup and configuration. Designed not to need fine tuning to be effective.
Intelligence X differentiates itself from other search engines in these unique ways:
The search works with selectors, i.e. specific search terms such as email addresses, domains, URLs, IPs, CIDRs, Bitcoin addresses, IPFS hashes, etc.
It searches in places such as the darknet, document sharing platforms, whois data, public data leaks and others.
It keeps a historical data archive of results, similar to how the Wayback Machine from archive.org stores historical copies of websites.
You can use Intelligence X to perform any kind of open source intelligence. We deliver fast, high-quality results and make the deepest parts of the internet accessible with a few clicks. Intelligence X searches billions of selectors in a matter of milliseconds. Combined with our data archive this is a powerful new tool.
The Internet Storm Center has APIs for the threat feeds it collects and processes. Outputs XML, JSON, CSV, TSV, plain text, and PHP data structures.
Free and open threat intel feeds. Reputation, malware identification, blacklists, known bad IP ranges, blocklists, and more.
GreyNoise is a system that collects and analyzes data on Internet-wide scanners. GreyNoise collects data on benign scanners such as Shodan.io, as well as malicious actors like SSH and telnet worms.
The data is collected by a network of sensors deployed around the Internet in various datacenters, cloud providers, and regions.