[MISC n°94] Références de l’article « Threat hunting 101 »

Retrouvez ci-dessous la liste des références qui accompagnent l’article « Threat hunting 101 », publié dans MISC n°94 :

[SANS] Incident Handler’s Handbook – https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

[F3EAD] The Targeting Process : D3A and F3EAD – http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf

[BANG] Two Bytes To $951M – http://baesystemsai.blogspot.ch/2016/04/two-bytes-to-951m.html

[JPCERT] Detecting Lateral Movement through Tracking Event Logs – http://blog.jpcert.or.jp/2017/06/1-ae0d.html

[GRR-HASH] Hashing : The Maslow’s Hammer of Forensics – http://grr-response.blogspot.ch/2015/05/hashing-maslows-hammer-of-forensics.html

[MISP] MISP – Malware Information Sharing Platform and Threat Sharing – Open Source TIP – http://www.misp-project.org/

[CORTEX] Powerful Observable Analysis Engine – https://github.com/CERT-BDF/Cortex

[YETI] Your Everyday Threat Intelligence – https://yeti-platform.github.io

[THEHIVE] Security Incident Response For The Masses – https://thehive-project.org

[FIR] Fast Incident Response – https://github.com/certsocietegenerale/FIR

[ELK] The Open Source Elastic Stack – https://www.elastic.co/products

[CUCKOO] Automated Malware Analysis – https://cuckoosandbox.org/

[FAME] FAME Automates Malware Evaluation – https://certsocietegenerale.github.io/fame/

[MIASM] Reverse engineering framework in Python – https://github.com/cea-sec/miasm

[VIRUSTOTAL] VirusTotal – https://www.virustotal.com/

[PASSIVETOTAL] PassiveTotal – http://passivetotal.org/

[GRR] GRR Rapid Response : remote live forensics for incident response – https://github.com/google/grr

[OSQUERY] Performant Endpoint Visibility – https://osquery.io/

[PAIN] The Pyramid of Pain – http://detect-respond.blogspot.ch/2013/03/the-pyramid-of-pain.html