Using and abusing MISP to track campaigns
Action | Key |
---|---|
Play / Pause | K or space |
Mute / Unmute | M |
Select next subtitles | C |
Select next audio track | A |
Show slide in full page or toggle automatic source change | V |
Seek 5s backward | left arrow |
Seek 5s forward | right arrow |
Seek 10s backward | shift + left arrow or J |
Seek 10s forward | shift + right arrow or L |
Seek 60s backward | control + left arrow |
Seek 60s forward | control + right arrow |
Decrease volume | shift + down arrow |
Increase volume | shift + up arrow |
Decrease playback rate | shift + comma |
Increase playback rate | shift + dot or shift + semicolon |
Seek to end | end |
Seek to beginning | beginning |
Share this media
Download links
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
The security landscape evolves very fast and every day comes a new report about a brand new attacker, scarier than the day before and we have short memory so we tend to forget about what happened a few month ago.
As of now, MISP is mostly a repository for incident responders where you can easily add new events and correlate them efficiently but not much work has been put into grouping the events together following different indicators (type of target, technical indicators in the binaries, …) after the fact.
We already presented our initial findings at Troopers a few month ago. We will investigate further on that topic and present the tools we developed in order to make the life of the analyst easier.
Marion Marschalek
Marion Marschalek is a Principal Malware Researcher at G DATA Advanced Analytics, focusing on the analysis of emerging threats and exploring novel methods of threat detection. Marion started her career within the anti-virus industry and also worked on advanced threat protection systems where she built a thorough understanding of how threats and protection systems work and how both occasionally fail. Next to that Marion teaches malware analysis at University of Applied Sciences St. Pölten and frequently contributes to articles and papers. She has spoken at international conferences around the globe, among others Blackhat, RSA, SyScan, hack.lu and Troopers. Marion came off as winner of the Female Reverse Engineering Challenge 2013, organized by RE professional Halvar Flake. She practices martial arts and has a vivid passion to take things apart.
Raphaël Vinot
Raphaël is a CERT operator at CIRCL, the CERT for the private sector, communes and non-governmental entities in Luxembourg. His main activity is developing or participating to the development of tools (Github personnal account, work account, MISP account, write a MISP module) to improve and ease the day-to-day incident response capabilities of the CSIRT he works for but also for other teams doing similar activities. Another big part of his activities is to administrate the biggest MISP instance in Europe (information on how to get access to the platform) with >250 companies, 600 users and more than 300.000 attributes. This is the source used in this research project.
Other media in the channel "Sécurité"
- 82 viewsMOWR, A virustotal-like service for web malwaresAugust 7th, 2016
- 273 viewsMIG: Investigate 1,000 endpoints in 10sAugust 8th, 2016
- 59 viewsComplex malware & forensics investigationAugust 7th, 2016
- 18 viewsBuilding A Poor man’s Fir3Ey3 Mail ScannerAugust 8th, 2016
- 16 viewsHands-on security for DIY projectsAugust 7th, 2016
- 17 viewsLightning talk about Server Side TLSAugust 7th, 2016