Skip to content

Discover essential features of CSIRT Forum presentations on GitHub. This repository features analytics, tools, and automation techniques discussed in the 2023 and 2024 sessions. Explore in-depth insights into malware operations, IoCs, TTPs, and sandboxing.

Notifications You must be signed in to change notification settings

crocodyli/BR-Forum-CSIRTs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 

Repository files navigation

BR-Forum-CSIRTs 2023 and 2024

Refer: https://forum.cert.br/

In the year 2023:

The presentation focused on a detailed analysis of the LockBit ransomware, highlighting its operations, significant events, Indicators of Compromise (IoC), and Tactics, Techniques, and Procedures (TTPs) as per the MITRE ATT&CK framework. It also discussed the automation of IoC collection from Malicious Actors in Open Sources, utilizing Python and the MISP platform's REST API for data input. This study was presented as part of the supporting materials for the CSIRT Forum in Brazil.

Imagem do WhatsApp de 2024-06-18 à(s) 16 11 52_5c24f528 Image captured during the 2023 Forum presentation

In the year 2024:

The presentation centered around the creation of an internal Sandbox with automation using the Cuckoo Sandbox tool. It demonstrated how such an environment can be used for automated malware analysis within organizations, integrating with various sources such as MISP, ElasticSearch, and others. It also emphasized supporting privacy activities, managing security incidents, investigating advanced threats, and automating threat sharing. This content was also part of the supporting materials for the CSIRT Forum in Brazil.

5-Workshop-MISP2 Image captured during the 2024 Forum presentation

logo-site

About

Discover essential features of CSIRT Forum presentations on GitHub. This repository features analytics, tools, and automation techniques discussed in the 2023 and 2024 sessions. Explore in-depth insights into malware operations, IoCs, TTPs, and sandboxing.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published