Posts

Showing posts with the label hacking blog

RITA v1.1.1: Real Intelligence Threat Analytics

Image
Real Intelligence Threat Analytics (RITA) is an open source framework for network traffic analysis. The framework ingestsBro Logs, and currently supports the following analysis features: Beaconing Detection: Search for signs of beaconing behaviour in and out of your networkDNS Tunneling Detection Search for signs of DNS based covert channelsBlacklist Checking: Query blacklists to search for suspicious domains and hostsURL Length Analysis: Search for lengthy URLs indicative of malwareScanning Detection: Search for signs of port scans in your networkChangelog v1.1.1 Changes: Make some commands periodically check for program updates #255Update Mongo version to 3.6 #248

maltrail v0.11.10 releases: Malicious traffic detection system

Image
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware). Architecture Maltrail is based on the Traffic -> Sensor <-> Server <-> Client architecture. Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine …