MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [b.1] some more updates

changes-actionable
Alexandre Dulaunoy 2019-09-25 09:47:45 +02:00
parent b2697ac100
commit 653012011b
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
6 changed files with 122 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
b.1-best-practices-in-threat-intelligence/content.aux
View File

@ -8,14 +8,28 @@
\@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}} \@writefile{nav}{\headcommand {\beamer@framepages {3}{3}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}} \@writefile{nav}{\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}} \@writefile{nav}{\headcommand {\beamer@framepages {4}{4}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {5}{5}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {6}{6}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {7}{7}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {8}{8}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {9}{9}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {10}{10}}}
\@writefile{nav}{\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}}
\@writefile{nav}{\headcommand {\beamer@framepages {11}{11}}}
\@setckpt{content}{ \@setckpt{content}{
\setcounter{page}{5} \setcounter{page}{12}
\setcounter{equation}{0} \setcounter{equation}{0}
\setcounter{enumi}{0} \setcounter{enumi}{0}
\setcounter{enumii}{0} \setcounter{enumii}{0}
\setcounter{enumiii}{0} \setcounter{enumiii}{0}
\setcounter{enumiv}{0} \setcounter{enumiv}{0}
\setcounter{footnote}{1} \setcounter{footnote}{4}
\setcounter{mpfootnote}{0} \setcounter{mpfootnote}{0}
\setcounter{beamerpauses}{1} \setcounter{beamerpauses}{1}
\setcounter{bookmark@seq@number}{0} \setcounter{bookmark@seq@number}{0}
@ -24,8 +38,8 @@
\setcounter{section}{0} \setcounter{section}{0}
\setcounter{subsection}{0} \setcounter{subsection}{0}
\setcounter{subsubsection}{0} \setcounter{subsubsection}{0}
\setcounter{subsectionslide}{4} \setcounter{subsectionslide}{11}
\setcounter{framenumber}{3} \setcounter{framenumber}{10}
\setcounter{figure}{0} \setcounter{figure}{0}
\setcounter{table}{0} \setcounter{table}{0}
\setcounter{parentequation}{0} \setcounter{parentequation}{0}

20
b.1-best-practices-in-threat-intelligence/content.tex
View File

@ -26,6 +26,11 @@
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\begin{frame}
\frametitle{Overall process of collecting and analysing OSINT}
\includegraphics[scale=0.17]{OSINT_MISP_almostcomplete.png}
\end{frame}
\begin{frame} \begin{frame}
\frametitle{Meta information and contextualisation 1/2} \frametitle{Meta information and contextualisation 1/2}
\begin{itemize} \begin{itemize}
@ -59,9 +64,10 @@
\end{frame} \end{frame}
\begin{frame} \begin{frame}
\frametitle{How to select the right object?} \frametitle{How to select the right object?}
There are more than 150 MISP objects\footnote{\url{https://www.misp-project.org/objects.html}} templates.\\
As an example, at CIRCL, we regularly use the following object templates {\it file}, {\it microblog}, {\it domain-ip}, {\it ip-port}, {\it coin-address}, {\it virustotal-report}, {\it paste}, {\it person}, {\it ail-leak}, {\it pe}, {\it pe-section}, {\it registry-key}.\\
\end{frame} \end{frame}
\begin{frame} \begin{frame}
@ -94,3 +100,13 @@ and keep an history.\\
\end{columns} \end{columns}
\end{frame} \end{frame}
\begin{frame}
\frametitle{References}
\begin{itemize}
\item Graphical overview of OSINT collection using MISP \url{https://github.com/adulau/misp-osint-collection}
\item MISP objects documentation \url{https://www.misp-project.org/objects.html}
\item MISP taxonomies documentation \url{https://www.misp-project.org/taxonomies.html}
\item MISP galaxy documentation \url{https://www.misp-project.org/galaxy.html}
\end{itemize}
\end{frame}

10
b.1-best-practices-in-threat-intelligence/slide.aux
View File

@ -19,8 +19,8 @@
\providecommand\HyField@AuxAddToCoFields[2]{} \providecommand\HyField@AuxAddToCoFields[2]{}
\@input{content.aux} \@input{content.aux}
\pgfsyspdfmark {pgfid1}{1398509}{16636717} \pgfsyspdfmark {pgfid1}{1398509}{16636717}
\@writefile{nav}{\headcommand {\beamer@partpages {1}{4}}} \@writefile{nav}{\headcommand {\beamer@partpages {1}{11}}}
\@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{4}}} \@writefile{nav}{\headcommand {\beamer@subsectionpages {1}{11}}}
\@writefile{nav}{\headcommand {\beamer@sectionpages {1}{4}}} \@writefile{nav}{\headcommand {\beamer@sectionpages {1}{11}}}
\@writefile{nav}{\headcommand {\beamer@documentpages {4}}} \@writefile{nav}{\headcommand {\beamer@documentpages {11}}}
\@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {3}}} \@writefile{nav}{\headcommand {\gdef \inserttotalframenumber {10}}}

82
b.1-best-practices-in-threat-intelligence/slide.log
View File

@ -1,4 +1,4 @@
This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2018.10.13) 24 SEP 2019 21:36 This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2018.10.13) 25 SEP 2019 09:47
entering extended mode entering extended mode
restricted \write18 enabled. restricted \write18 enabled.
%&-line parsing enabled. %&-line parsing enabled.
@ -1639,19 +1639,61 @@ LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/sc' will be
] [3 ] [3
] ]
<emotet.png, id=52, 596.2275pt x 901.3675pt> <OSINT_MISP_almostcomplete.png, id=52, 1698.345pt x 1403.12206pt>
File: OSINT_MISP_almostcomplete.png Graphic file (type png)
<use OSINT_MISP_almostcomplete.png>
Package pdftex.def Info: OSINT_MISP_almostcomplete.png used on input line 32.
(pdftex.def) Requested size: 288.71483pt x 238.52759pt.
Underfull \hbox (badness 1286) in paragraph at lines 32--32
[]|\T1/FiraSans-OsF/m/sc/14.4 Overall pro-cess of col-lect-ing and analysing
[]
Overfull \vbox (33.07137pt too high) detected at line 32
[]
[4
<./OSINT_MISP_almostcomplete.png>] [5
] [6
]
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/n' will be
(Font) scaled to size 7.0pt on input line 64.
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be
(Font) scaled to size 10.0pt on input line 64.
LaTeX Font Info: Font shape `T1/FiraSans-OsF/m/it' will be
(Font) scaled to size 7.0pt on input line 64.
[7
] [8
]
<emotet.png, id=86, 596.2275pt x 901.3675pt>
File: emotet.png Graphic file (type png) File: emotet.png Graphic file (type png)
<use emotet.png> <use emotet.png>
Package pdftex.def Info: emotet.png used on input line 41. Package pdftex.def Info: emotet.png used on input line 85.
(pdftex.def) Requested size: 89.43027pt x 135.19928pt. (pdftex.def) Requested size: 89.43027pt x 135.19928pt.
<microblog.png, id=54, 705.63625pt x 254.9525pt> <microblog.png, id=87, 705.63625pt x 254.9525pt>
File: microblog.png Graphic file (type png) File: microblog.png Graphic file (type png)
<use microblog.png> <use microblog.png>
Package pdftex.def Info: microblog.png used on input line 41. Package pdftex.def Info: microblog.png used on input line 85.
(pdftex.def) Requested size: 105.84087pt x 38.24121pt. (pdftex.def) Requested size: 105.84087pt x 38.24121pt.
[4 [9
<./emotet.png> <./microblog.png>]) <./emotet.png> <./microblog.png>]
<fileobject.png, id=95, 589.20125pt x 320.19624pt>
File: fileobject.png Graphic file (type png)
<use fileobject.png>
Package pdftex.def Info: fileobject.png used on input line 101.
(pdftex.def) Requested size: 147.29994pt x 80.04886pt.
[10
<./fileobject.png>] [11
])
\tf@nav=\write5 \tf@nav=\write5
\openout5 = `slide.nav'. \openout5 = `slide.nav'.
@ -1663,17 +1705,16 @@ Package pdftex.def Info: microblog.png used on input line 41.
Package atveryend Info: Empty hook `BeforeClearDocument' on input line 25. Package atveryend Info: Empty hook `BeforeClearDocument' on input line 25.
Package atveryend Info: Empty hook `AfterLastShipout' on input line 25. Package atveryend Info: Empty hook `AfterLastShipout' on input line 25.
(./slide.aux (./slide.aux (./content.aux))
(./content.aux))
Package atveryend Info: Executing hook `AtVeryEndDocument' on input line 25. Package atveryend Info: Executing hook `AtVeryEndDocument' on input line 25.
Package atveryend Info: Empty hook `AtEndAfterFileList' on input line 25. Package atveryend Info: Empty hook `AtEndAfterFileList' on input line 25.
) )
Here is how much of TeX's memory you used: Here is how much of TeX's memory you used:
25580 strings out of 492982 25667 strings out of 492982
511286 string characters out of 6134895 513004 string characters out of 6134895
594279 words of memory out of 5000000 594282 words of memory out of 5000000
28531 multiletter control sequences out of 15000+600000 28602 multiletter control sequences out of 15000+600000
249274 words of font info for 72 fonts, out of 8000000 for 9000 294436 words of font info for 82 fonts, out of 8000000 for 9000
1141 hyphenation exceptions out of 8191 1141 hyphenation exceptions out of 8191
71i,16n,83p,803b,830s stack positions out of 5000i,500n,10000p,200000b,80000s 71i,16n,83p,803b,830s stack positions out of 5000i,500n,10000p,200000b,80000s
{/usr/share/texlive/texmf-dist/fonts/enc/dvips/fira/fir_7gpamp.enc}{/usr/shar {/usr/share/texlive/texmf-dist/fonts/enc/dvips/fira/fir_7gpamp.enc}{/usr/shar
@ -1682,11 +1723,12 @@ xmf-dist/fonts/enc/dvips/fira/fir_xbqiro.enc}</usr/share/texlive/texmf-dist/fon
ts/type1/public/fira/FiraMono-Regular.pfb></usr/share/texlive/texmf-dist/fonts/ ts/type1/public/fira/FiraMono-Regular.pfb></usr/share/texlive/texmf-dist/fonts/
type1/public/fira/FiraSans-Bold.pfb></usr/share/texlive/texmf-dist/fonts/type1/ type1/public/fira/FiraSans-Bold.pfb></usr/share/texlive/texmf-dist/fonts/type1/
public/fira/FiraSans-Italic.pfb></usr/share/texlive/texmf-dist/fonts/type1/publ public/fira/FiraSans-Italic.pfb></usr/share/texlive/texmf-dist/fonts/type1/publ
ic/fira/FiraSans-Regular.pfb> ic/fira/FiraSans-Regular.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/
Output written on slide.pdf (4 pages, 498506 bytes). amsfonts/symbols/msam10.pfb>
Output written on slide.pdf (11 pages, 1796009 bytes).
PDF statistics: PDF statistics:
85 PDF objects out of 1000 (max. 8388607) 141 PDF objects out of 1000 (max. 8388607)
59 compressed objects within 1 object stream 102 compressed objects within 2 object streams
9 named destinations out of 1000 (max. 500000) 23 named destinations out of 1000 (max. 500000)
58 words of extra memory for PDF output out of 10000 (max. 10000000) 68 words of extra memory for PDF output out of 10000 (max. 10000000)

24
b.1-best-practices-in-threat-intelligence/slide.nav
View File

@ -6,8 +6,22 @@
\headcommand {\beamer@framepages {3}{3}} \headcommand {\beamer@framepages {3}{3}}
\headcommand {\slideentry {0}{0}{4}{4/4}{}{0}} \headcommand {\slideentry {0}{0}{4}{4/4}{}{0}}
\headcommand {\beamer@framepages {4}{4}} \headcommand {\beamer@framepages {4}{4}}
\headcommand {\beamer@partpages {1}{4}} \headcommand {\slideentry {0}{0}{5}{5/5}{}{0}}
\headcommand {\beamer@subsectionpages {1}{4}} \headcommand {\beamer@framepages {5}{5}}
\headcommand {\beamer@sectionpages {1}{4}} \headcommand {\slideentry {0}{0}{6}{6/6}{}{0}}
\headcommand {\beamer@documentpages {4}} \headcommand {\beamer@framepages {6}{6}}
\headcommand {\gdef \inserttotalframenumber {3}} \headcommand {\slideentry {0}{0}{7}{7/7}{}{0}}
\headcommand {\beamer@framepages {7}{7}}
\headcommand {\slideentry {0}{0}{8}{8/8}{}{0}}
\headcommand {\beamer@framepages {8}{8}}
\headcommand {\slideentry {0}{0}{9}{9/9}{}{0}}
\headcommand {\beamer@framepages {9}{9}}
\headcommand {\slideentry {0}{0}{10}{10/10}{}{0}}
\headcommand {\beamer@framepages {10}{10}}
\headcommand {\slideentry {0}{0}{11}{11/11}{}{0}}
\headcommand {\beamer@framepages {11}{11}}
\headcommand {\beamer@partpages {1}{11}}
\headcommand {\beamer@subsectionpages {1}{11}}
\headcommand {\beamer@sectionpages {1}{11}}
\headcommand {\beamer@documentpages {11}}
\headcommand {\gdef \inserttotalframenumber {10}}

BIN
b.1-best-practices-in-threat-intelligence/slide.pdf
View File

Binary file not shown.