Merge branch 'main' of github.com:MISP/misp-training into main

0-misp-introduction-to-information-sharing/content.tex

@@ -5,10 +5,6 @@
 \titlepage
 \end{frame}
 
-\begin{frame}{Agenda}
-    \input{../includes/week_agenda.txt}
-\end{frame}
-
 \begin{frame}{Agenda}
     \input{../includes/agenda.txt}
 \end{frame}

attack-2020/build.sh

@@ -0,0 +1,3 @@
+export TEXINPUTS=::~/git/misp-training/themes/
+echo ${TEXINPUTS}
+pdflatex slide.tex

attack-2020/content.aux

@@ -0,0 +1,40 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {1}{1}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {2}{2}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {5}{5}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {6}{6}}}
+\@setckpt{content}{
+\setcounter{page}{7}
+\setcounter{equation}{0}
+\setcounter{enumi}{0}
+\setcounter{enumii}{0}
+\setcounter{enumiii}{0}
+\setcounter{enumiv}{0}
+\setcounter{footnote}{3}
+\setcounter{mpfootnote}{0}
+\setcounter{beamerpauses}{1}
+\setcounter{bookmark@seq@number}{0}
+\setcounter{lecture}{0}
+\setcounter{part}{0}
+\setcounter{section}{0}
+\setcounter{subsection}{0}
+\setcounter{subsubsection}{0}
+\setcounter{subsectionslide}{6}
+\setcounter{framenumber}{5}
+\setcounter{figure}{0}
+\setcounter{table}{0}
+\setcounter{parentequation}{0}
+\setcounter{theorem}{0}
+\setcounter{lstnumber}{1}
+\setcounter{section@level}{0}
+\setcounter{lstlisting}{0}
+}

attack-2020/content.tex

@@ -0,0 +1,58 @@
+% DO NOT COMPILE THIS FILE DIRECTLY!
+% This is included by the other .tex files.
+
+\begin{frame}
+\titlepage
+\end{frame}
+
+\begin{frame}
+  \frametitle{What changed since the last workshop?}
+  \begin{itemize}
+    \item ATT\&CK has been steadily on the rise
+    \item In cyber security MISP information sharing community, ATT\&CK is often attached on {\bf more than 70\%} of the events
+    \item The {\bf number of matrix-like galaxies increased} in MISP in addition to the ones published by MITRE
+        \begin{itemize}
+                \item Including {\bf Telecom} matrix (Bhadra framework), {\bf Election guidelines}, {\bf Misinformation patterns}, {\bf Segregation of Duties (LEA/CSIRT)}, {\bf Financial} (att4ck for fraud), {\bf Office 365} techniques.
+        \end{itemize}
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{MISP updates about ATT\&CK}
+  \begin{itemize}
+    \item Various improvements in ATT\&CK visualisations and export format such as {\bf attack-sightings}
+    \item {\bf ATT\&CK Sub-techniques} are now available MISP
+    \item MITRE ATT\&CK {\bf ICS} is available
+    \item Challenges with historical data and ATT\&CK techniques. Should MITRE provide UUID mapping tables for new and old/historical techniques?
+  \end{itemize}
+\end{frame}
+
+\begin{frame}
+  \frametitle{MISP event report}
+  \begin{itemize}
+        \item Event report\footnote{\url{https://www.misp-project.org/2020/10/16/MISP.2.4.133.released.html}} is a new convenient mechanism to edit, visualize and share Markdown reports in MISP
+        \item Standardise and {\bf extend the Markdown format} to support references to MISP attributes, objects, galaxies or ATT\&CK matrix:
+  \end{itemize}
+        \includegraphics[scale=0.2]{report.png}
+\end{frame}
+
+\begin{frame}
+  \frametitle{MISP event report}
+  \begin{itemize}
+        \item Overall goal is to provide a standard Markdown format for reports which can be combined with structured elements
+        \item The importance of {\bf fixed references in MITRE ATT\&CK is critical} for long-term accessibility to information
+        \includegraphics[scale=0.25]{view.png}
+  \end{itemize}
+
+\end{frame}
+
+
+\begin{frame}
+        \frametitle{Conclusion}
+        \begin{itemize}
+                \item Bridging the gap between structured and unstructured report is critical. Integrating tram\footnote{\url{https://github.com/mitre-attack/tram}} with MISP event report could be an option.
+                \item The matrix-like enhancement from the MISP galaxy format will be added in the default MISP galaxy standard format\footnote{\url{https://www.misp-standard.org/}}
+                \item ATT\&CK like matrices become more and more common and used, thanks the {\bf continuous work of the community}
+        \end{itemize}
+\end{frame}
+

attack-2020/slide.aux

@@ -0,0 +1,27 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\providecommand\BKM@entry[2]{}
+\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
+\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
+\global\let\oldcontentsline\contentsline
+\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
+\global\let\oldnewlabel\newlabel
+\gdef\newlabel#1#2{\newlabelxx{#1}#2}
+\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
+\AtEndDocument{\ifx\hyper@anchor\@undefined
+\let\contentsline\oldcontentsline
+\let\newlabel\oldnewlabel
+\fi}
+\fi}
+\global\let\hyper@last\relax 
+\gdef\HyperFirstAtBeginDocument#1{#1}
+\providecommand\HyField@AuxAddToFields[1]{}
+\providecommand\HyField@AuxAddToCoFields[2]{}
+\@input{content.aux}
+\providecommand \oddpage@label [2]{}
+\pgfsyspdfmark {pgfid1}{1398509}{16983341}
+\@writefile{nav}{\headcommand {\beamer@partpages {1}{6}}}
+\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{6}}}
+\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{6}}}
+\@writefile{nav}{\headcommand {\beamer@documentpages {6}}}
+\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {5}}}

attack-2020/slide.nav

@@ -0,0 +1,17 @@
+\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}
+\headcommand {\beamer@framepages {1}{1}}
+\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}
+\headcommand {\beamer@framepages {2}{2}}
+\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}
+\headcommand {\beamer@framepages {3}{3}}
+\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}
+\headcommand {\beamer@framepages {4}{4}}
+\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}
+\headcommand {\beamer@framepages {5}{5}}
+\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}
+\headcommand {\beamer@framepages {6}{6}}
+\headcommand {\beamer@partpages {1}{6}}
+\headcommand {\beamer@subsectionpages {1}{6}}
+\headcommand {\beamer@sectionpages {1}{6}}
+\headcommand {\beamer@documentpages {6}}
+\headcommand {\gdef \inserttotalframenumber {5}}

attack-2020/slide.tex

@@ -0,0 +1,25 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\definecolor{main}{RGB}{47, 161, 219}
+\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usepackage{adjustbox}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+%\usepackage[T1]{fontenc}
+%\usepackage[scaled]{beramono}
+\author{\small{\input{../includes/authors.txt}}}
+\title{MISP and ATT\&CK status}
+\subtitle{The golden age of matrix-like models}
+\institute{\includegraphics[scale=0.5]{misplogo.pdf}}
+\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
+
+\date{23th October 2020 - attack-community.org}
+\begin{document}
+\include{content}
+\end{document}
+

includes/agenda.txt

@@ -1,9 +1,4 @@
 \begin{itemize}
-    \item (13:00 - 13:45) Introduction to Information Sharing with MISP
-    \item (13:45 - 15:00) Usage 1
-    \item (15:00 - 15:15) break
-    \item (15:15 - 16:00) Usage 2
-    \item (16:00 - 16:30) Integration
-    \item (16:30 - 16:50) Best practices
-    \item (16:50 - 17:00) QA
+    \item (14:00 - 14:45) Introduction to Information Sharing with MISP
+    \item (14:45 - 16:00) Usage
 \end{itemize}

includes/location.txt

@@ -1 +1 @@
-Uniper training 2021
+CIISI-EU

mii.0-security/content.aux

@@ -0,0 +1,52 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {1}{1}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {2}{2}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {5}{5}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {6}{6}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {7}{7}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {8}{8}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {11}{11}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{12}{12/12}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {12}{12}}}
+\@setckpt{content}{
+\setcounter{page}{13}
+\setcounter{equation}{0}
+\setcounter{enumi}{0}
+\setcounter{enumii}{0}
+\setcounter{enumiii}{0}
+\setcounter{enumiv}{0}
+\setcounter{footnote}{11}
+\setcounter{mpfootnote}{0}
+\setcounter{beamerpauses}{1}
+\setcounter{bookmark@seq@number}{0}
+\setcounter{lecture}{0}
+\setcounter{part}{0}
+\setcounter{section}{0}
+\setcounter{subsection}{0}
+\setcounter{subsubsection}{0}
+\setcounter{subsectionslide}{12}
+\setcounter{framenumber}{11}
+\setcounter{figure}{0}
+\setcounter{table}{0}
+\setcounter{parentequation}{0}
+\setcounter{theorem}{0}
+\setcounter{lstnumber}{1}
+\setcounter{section@level}{0}
+\setcounter{lstlisting}{0}
+}

mii.0-security/content.tex

@@ -0,0 +1,132 @@
+% DO NOT COMPILE THIS FILE DIRECTLY!
+% This is included by the other .tex files.
+
+\begin{frame}[t,plain]
+\titlepage
+\end{frame}
+
+\begin{frame}[fragile]
+\frametitle{Reporting security vulnerabilities in MISP/Cerebrate}
+\begin{itemize}
+\item {\bf If you find security vulnerabilities (even minor ones) in MISP project, send an encrypted email} (info@circl.lu) with the details and especially how to reproduce the issues. Avoid to share publicly the vulnerability before a fix is available in MISP. PGP key fingerprint: CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5.
+\item We usually fix reported and confirmed security vulnerabilities in less than 48 hours.
+\item {\bf We will request a CVE number} if the reporters didn't ask for one (don't forget to mention how you want to be credited).
+\end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+\frametitle{CVE allocation at CIRCL}
+\begin{itemize}
+\item We request for NVD CVE via MITRE. The CVE request is sent only if the following has been done:
+        \begin{itemize}
+                \item If the bug is fixed (committed publicly)
+                \item The report acknowledgement is present and clear (even it's anonymous)
+                \item If the original reporter has been notified (and didn't ask for a CVE directly or via CNA)
+        \end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+\frametitle{CVE assigned and its publication}
+\begin{itemize}
+       \item When the CVE is published (available in the NVD database):
+        \begin{itemize}
+                \item Publish the vulnerability in the website of the project (example \footnote{\url{https://www.misp-project.org/security/}})
+                \item Make a software release (at least a tagged version) to track down which exact version is vulnerable
+                \item Send a reminder to existing users via different channels about the security vulnerability
+        \end{itemize}
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}[fragile]
+\frametitle{CVE allocation for MeliCERTes II}
+\begin{itemize}
+        \item We propose to use the same model (except if there is an objection or existing modules have their own vulnerability disclosure process)
+        \item If an organisation or author of a module used in MeliCERTes II cannot assign a CVE, we propose to take the lead for the CVE allocation (3 rules as described before)
+        \item To add in MeliCERTes/docs\footnote{\url{https://github.com/melicertes/docs}} repository a reference to each vulnerability disclosure process
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}
+        \frametitle{Some random practices from MISP}
+        \begin{itemize}
+                \item A series of random open source practices and workflow used by MISP
+                \item Maybe some could be reused or improved for MeliCERTes II
+        \end{itemize}
+\end{frame}
+
+
+
+\begin{frame}[fragile]
+\frametitle{Code of Conduct}
+\begin{itemize}
+\item The MISP project has a Contributor Covenant Code of Conduct\footnote{\url{https://github.com/MISP/MISP/code_of_conduct.md}}.
+\item The goal of the code of conduct is to foster an {\bf open, fun and welcoming environment}.
+\item Another important aspect of the MISP projects is to welcome different areas of expertise in information sharing and analysis. The {\bf diversity of the MISP community} is important to make the project useful for everyone.
+\end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+\frametitle{Reporting a bug, an issue or suggesting features}
+\begin{itemize}
+\item The most common way to contribute to the MISP project is to report a bug, issues or suggesting features.
+\item Each project (MISP core, misp-modules, misp-book, misp-taxonomies, misp-galaxy, misp-object or PyMISP) has their {\bf own issue management}.
+\item Don't forget that you can {\bf cross-reference issues} from other sub-projects.
+\item If you know an answer or could help on a specific issue, we welcome all contributions including {\bf useful comments to reach a resolution}.
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}[fragile]
+\frametitle{Automatic integration and testing}
+\begin{itemize}
+\item The majority of the repositories within the MISP GitHub organisation includes automatic integration with TravisCI or GitHub Actions.
+\item If you contribute and make a pull-request, {\bf verify if your changes affect the result of the tests}.
+\item Automatic integration is not perfect including Travis but it's a quick win to catch new bugs or major issues in contribution.
+\item When you do a pull-request, TravisCI is automatically called\footnote{\url{https://travis-ci.org/MISP}}.
+\begin{itemize}
+\item If this fails, no worries, {\bf review the output at Travis} (it's not always you).
+\end{itemize}
+\item We are working on additional automatic tests including unit testing for the MISP core software (contributors are welcome).
+\end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+\frametitle{JSON validation for MISP libraries}
+\begin{itemize}
+\item All JSON format ({\bf galaxy, taxonomies, objects or warning-lists}) are described in a JSON Schema\footnote{schema\_name.json}.
+\item The TravisCI tests are including JSON validation (via \emph{jq}) and validated with the associated JSON schema.
+\item How to contribute a JSON library (objects, taxonomies, galaxy or warning-list):
+\begin{itemize}
+\item If you update a JSON library, don't forget to run \emph{jq\_all\_the\_things.sh}. It's fast and easy. If it fails, review your JSON.
+\item Commit your code and make a pull-request.
+\end{itemize}
+\item Documentations (in PDF and HTML format) for the librairies are automatically generated from the JSON via asciidoctor\footnote{example \url{https://github.com/MISP/misp-galaxy/blob/master/tools/adoc_galaxy.py}}.
+\end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+\frametitle{Documentation}
+\begin{itemize}
+\item In addition to the automatic generation of documentations from JSON files, we maintain {\bf misp-book}\footnote{\url{https://github.com/MISP/misp-book}} which is a generic documentation for MISP including usage, API documentation, best practices and specific configuration settings.
+\item The book is generated in HTML, PDF, epub and mobi using GitBook\footnote{\url{https://github.com/GitbookIO}} which is a framework to write documentation in MarkDown format.
+\item TravisCI is included in misp-book and {\bf the book generation is tested at each commit}.
+\item The MISP book is regularly published on misp-project.org and circl.lu website.
+\item Contributors are welcome especially for new topics\footnote{Topics of interest are analysts best-practices, } and also fixing our broken english.
+\end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+\frametitle{Internet-Draft - IETF for MISP formats}
+\begin{itemize}
+\item If you want to contribute to our IETF Internet-Draft for the MISP standard, misp-rfc\footnote{\url{https://github.com/MISP/misp-rfc}} is the repository where to contribute.
+\item {\bf Update only the markdown file}, the XML and ASCII for the IETF I-D are automatically generated.
+\item If a major release or updates happen in the format, we will publish the I-D to the IETF\footnote{\url{https://datatracker.ietf.org/doc/search/?name=misp&activedrafts=on&rfcs=on}}.
+\item The process is always MISP implementation $\rightarrow$ IETF I-D updates.
+\end{itemize}
+
+\end{frame}
+
+

mii.0-security/slide.aux

@@ -0,0 +1,26 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\providecommand\BKM@entry[2]{}
+\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
+\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
+\global\let\oldcontentsline\contentsline
+\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
+\global\let\oldnewlabel\newlabel
+\gdef\newlabel#1#2{\newlabelxx{#1}#2}
+\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
+\AtEndDocument{\ifx\hyper@anchor\@undefined
+\let\contentsline\oldcontentsline
+\let\newlabel\oldnewlabel
+\fi}
+\fi}
+\global\let\hyper@last\relax 
+\gdef\HyperFirstAtBeginDocument#1{#1}
+\providecommand\HyField@AuxAddToFields[1]{}
+\providecommand\HyField@AuxAddToCoFields[2]{}
+\@input{content.aux}
+\pgfsyspdfmark {pgfid1}{1398509}{16636717}
+\@writefile{nav}{\headcommand {\beamer@partpages {1}{12}}}
+\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{12}}}
+\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{12}}}
+\@writefile{nav}{\headcommand {\beamer@documentpages {12}}}
+\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {11}}}

mii.0-security/slide.nav

@@ -0,0 +1,29 @@
+\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}
+\headcommand {\beamer@framepages {1}{1}}
+\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}
+\headcommand {\beamer@framepages {2}{2}}
+\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}
+\headcommand {\beamer@framepages {3}{3}}
+\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}
+\headcommand {\beamer@framepages {4}{4}}
+\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}
+\headcommand {\beamer@framepages {5}{5}}
+\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}
+\headcommand {\beamer@framepages {6}{6}}
+\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}
+\headcommand {\beamer@framepages {7}{7}}
+\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}
+\headcommand {\beamer@framepages {8}{8}}
+\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}
+\headcommand {\beamer@framepages {9}{9}}
+\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}
+\headcommand {\beamer@framepages {10}{10}}
+\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}
+\headcommand {\beamer@framepages {11}{11}}
+\headcommand {\slideentry {0}{0}{12}{12/12}{}{0}}
+\headcommand {\beamer@framepages {12}{12}}
+\headcommand {\beamer@partpages {1}{12}}
+\headcommand {\beamer@subsectionpages {1}{12}}
+\headcommand {\beamer@sectionpages {1}{12}}
+\headcommand {\beamer@documentpages {12}}
+\headcommand {\gdef \inserttotalframenumber {11}}

mii.0-security/slide.tex

@@ -0,0 +1,28 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\definecolor{main}{RGB}{47, 161, 219}
+\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+
+
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+%\usepackage[T1]{fontenc}
+%\usepackage[scaled]{beramono}
+
+\author{\small{\input{../includes/authors.txt}}}
+
+\title{Open Source, Security Vulnerability Disclosure and Workflow}
+\subtitle{How To Improve Coding/Review Workflows in MeliCERTes II}
+\institute{\href{http://www.misp-project.org/}{http://www.misp-project.org/} \\ Twitter: \emph{\href{https://twitter.com/mispproject}{@MISPProject}}}
+\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
+\date{\input{../includes/location.txt}}
+
+\begin{document}
+\include{content}
+\end{document}
+

mii.0-security/slide.vrb

@@ -0,0 +1,8 @@
+\frametitle{Internet-Draft - IETF for MISP formats}
+\begin{itemize}
+\item If you want to contribute to our IETF Internet-Draft for the MISP standard, misp-rfc\footnote{\url{https://github.com/MISP/misp-rfc}} is the repository where to contribute.
+\item {\bf Update only the markdown file}, the XML and ASCII for the IETF I-D are automatically generated.
+\item If a major release or updates happen in the format, we will publish the I-D to the IETF\footnote{\url{https://datatracker.ietf.org/doc/search/?name=misp&activedrafts=on&rfcs=on}}.
+\item The process is always MISP implementation $\rightarrow$ IETF I-D updates.
+\end{itemize}
+

misp-summit-2019/build.sh

@@ -0,0 +1,3 @@
+export TEXINPUTS=::~/git/misp-training/themes/
+echo ${TEXINPUTS}
+pdflatex slide.tex

misp-summit-2019/content.aux

@@ -0,0 +1,50 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {1}{1}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {2}{2}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {5}{5}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {6}{6}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {7}{7}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {8}{8}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {11}{11}}}
+\@setckpt{content}{
+\setcounter{page}{12}
+\setcounter{equation}{0}
+\setcounter{enumi}{0}
+\setcounter{enumii}{0}
+\setcounter{enumiii}{0}
+\setcounter{enumiv}{0}
+\setcounter{footnote}{0}
+\setcounter{mpfootnote}{0}
+\setcounter{beamerpauses}{1}
+\setcounter{bookmark@seq@number}{0}
+\setcounter{lecture}{0}
+\setcounter{part}{0}
+\setcounter{section}{0}
+\setcounter{subsection}{0}
+\setcounter{subsubsection}{0}
+\setcounter{subsectionslide}{11}
+\setcounter{framenumber}{10}
+\setcounter{figure}{0}
+\setcounter{table}{0}
+\setcounter{parentequation}{0}
+\setcounter{theorem}{0}
+\setcounter{lstnumber}{1}
+\setcounter{section@level}{0}
+\setcounter{lstlisting}{0}
+}

misp-summit-2019/slide.aux

@@ -0,0 +1,27 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\providecommand\BKM@entry[2]{}
+\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
+\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
+\global\let\oldcontentsline\contentsline
+\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
+\global\let\oldnewlabel\newlabel
+\gdef\newlabel#1#2{\newlabelxx{#1}#2}
+\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
+\AtEndDocument{\ifx\hyper@anchor\@undefined
+\let\contentsline\oldcontentsline
+\let\newlabel\oldnewlabel
+\fi}
+\fi}
+\global\let\hyper@last\relax 
+\gdef\HyperFirstAtBeginDocument#1{#1}
+\providecommand\HyField@AuxAddToFields[1]{}
+\providecommand\HyField@AuxAddToCoFields[2]{}
+\@input{content.aux}
+\providecommand \oddpage@label [2]{}
+\pgfsyspdfmark {pgfid1}{1398509}{16987808}
+\@writefile{nav}{\headcommand {\beamer@partpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@documentpages {11}}}
+\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {10}}}

misp-summit-2019/slide.nav

@@ -0,0 +1,27 @@
+\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}
+\headcommand {\beamer@framepages {1}{1}}
+\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}
+\headcommand {\beamer@framepages {2}{2}}
+\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}
+\headcommand {\beamer@framepages {3}{3}}
+\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}
+\headcommand {\beamer@framepages {4}{4}}
+\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}
+\headcommand {\beamer@framepages {5}{5}}
+\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}
+\headcommand {\beamer@framepages {6}{6}}
+\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}
+\headcommand {\beamer@framepages {7}{7}}
+\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}
+\headcommand {\beamer@framepages {8}{8}}
+\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}
+\headcommand {\beamer@framepages {9}{9}}
+\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}
+\headcommand {\beamer@framepages {10}{10}}
+\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}
+\headcommand {\beamer@framepages {11}{11}}
+\headcommand {\beamer@partpages {1}{11}}
+\headcommand {\beamer@subsectionpages {1}{11}}
+\headcommand {\beamer@sectionpages {1}{11}}
+\headcommand {\beamer@documentpages {11}}
+\headcommand {\gdef \inserttotalframenumber {10}}

misp-summit/2019/future/build.sh

@@ -0,0 +1,3 @@
+export TEXINPUTS=::~/git/misp-training/themes/
+echo ${TEXINPUTS}
+pdflatex slide.tex

misp-summit/2019/future/content.aux

@@ -0,0 +1,50 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {1}{1}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {2}{2}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {5}{5}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {6}{6}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {7}{7}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {8}{8}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}}
+\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}}
+\@writefile{nav}{\headcommand {\beamer@framepages {11}{11}}}
+\@setckpt{content}{
+\setcounter{page}{12}
+\setcounter{equation}{0}
+\setcounter{enumi}{0}
+\setcounter{enumii}{0}
+\setcounter{enumiii}{0}
+\setcounter{enumiv}{0}
+\setcounter{footnote}{0}
+\setcounter{mpfootnote}{0}
+\setcounter{beamerpauses}{1}
+\setcounter{bookmark@seq@number}{0}
+\setcounter{lecture}{0}
+\setcounter{part}{0}
+\setcounter{section}{0}
+\setcounter{subsection}{0}
+\setcounter{subsubsection}{0}
+\setcounter{subsectionslide}{11}
+\setcounter{framenumber}{10}
+\setcounter{figure}{0}
+\setcounter{table}{0}
+\setcounter{parentequation}{0}
+\setcounter{theorem}{0}
+\setcounter{lstnumber}{1}
+\setcounter{section@level}{0}
+\setcounter{lstlisting}{0}
+}

misp-summit/2019/future/slide.aux

@@ -0,0 +1,27 @@
+\relax 
+\providecommand\hyper@newdestlabel[2]{}
+\providecommand\BKM@entry[2]{}
+\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
+\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
+\global\let\oldcontentsline\contentsline
+\gdef\contentsline#1#2#3#4{\oldcontentsline{#1}{#2}{#3}}
+\global\let\oldnewlabel\newlabel
+\gdef\newlabel#1#2{\newlabelxx{#1}#2}
+\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
+\AtEndDocument{\ifx\hyper@anchor\@undefined
+\let\contentsline\oldcontentsline
+\let\newlabel\oldnewlabel
+\fi}
+\fi}
+\global\let\hyper@last\relax 
+\gdef\HyperFirstAtBeginDocument#1{#1}
+\providecommand\HyField@AuxAddToFields[1]{}
+\providecommand\HyField@AuxAddToCoFields[2]{}
+\@input{content.aux}
+\providecommand \oddpage@label [2]{}
+\pgfsyspdfmark {pgfid1}{1398509}{16981537}
+\@writefile{nav}{\headcommand {\beamer@partpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{11}}}
+\@writefile{nav}{\headcommand {\beamer@documentpages {11}}}
+\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {10}}}

misp-summit/2019/future/slide.nav

@@ -0,0 +1,27 @@
+\headcommand {\slideentry {0}{0}{1}{1/1}{}{0}}
+\headcommand {\beamer@framepages {1}{1}}
+\headcommand {\slideentry {0}{0}{2}{2/2}{}{0}}
+\headcommand {\beamer@framepages {2}{2}}
+\headcommand {\slideentry {0}{0}{3}{3/3}{}{0}}
+\headcommand {\beamer@framepages {3}{3}}
+\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}
+\headcommand {\beamer@framepages {4}{4}}
+\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}
+\headcommand {\beamer@framepages {5}{5}}
+\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}
+\headcommand {\beamer@framepages {6}{6}}
+\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}
+\headcommand {\beamer@framepages {7}{7}}
+\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}
+\headcommand {\beamer@framepages {8}{8}}
+\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}
+\headcommand {\beamer@framepages {9}{9}}
+\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}
+\headcommand {\beamer@framepages {10}{10}}
+\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}
+\headcommand {\beamer@framepages {11}{11}}
+\headcommand {\beamer@partpages {1}{11}}
+\headcommand {\beamer@subsectionpages {1}{11}}
+\headcommand {\beamer@sectionpages {1}{11}}
+\headcommand {\beamer@documentpages {11}}
+\headcommand {\gdef \inserttotalframenumber {10}}