chg: [1.1] viper integration added

1.1-misp-viper-integration/content.tex

@@ -0,0 +1,114 @@
+% DO NOT COMPILE THIS FILE DIRECTLY!
+% This is included by the other .tex files.
+
+%\colorlet{punct}{red!60!black}
+%\definecolor{background}{HTML}{EEEEEE}
+%\definecolor{delim}{RGB}{20,105,176}
+%\colorlet{numb}{magenta!60!black}
+
+\begin{frame}[t,plain]
+\titlepage
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{Viper - Main ideas}
+    \begin{quote}
+        Viper is a {\bf binary analysis and management framework}. Its
+        fundamental objective is to provide a solution to {\bf easily organize}
+        your collection of {\bf malware} and {\bf exploit samples} as well as your
+        collection of {\bf scripts} you created or found over the time to
+        facilitate your daily research. Think of it as a {\bf Metasploit for malware
+        researchers}: it provides a terminal interface that you can use to {\bf store},
+        {\bf search} and {\bf analyze} arbitrary files with and a framework to
+        {\bf easily create plugins} of any sort.
+    \end{quote}
+\end{frame}
+
+
+\begin{frame}[fragile]
+    \frametitle{Viper}
+    \begin{itemize}
+        \item {\bf Solid CLI}
+        \item Plenty of modules (PE files, *office, ELF, APK, ...)
+        \item Connection to {\bf 3rd party services} (MISP, VirusTotal, cuckoo)
+        \item Connectors to {\bf 3rd party tools} (IDA, radare)
+        \item {\bf Locale storage} of your own zoo
+        \item Django interface is available (I've been told)
+    \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{Viper}
+    \includegraphics[scale=0.27]{modules.png}
+\end{frame}
+
+
+\begin{frame}[fragile]{PyMISP \& Viper}
+    \begin{itemize}
+        \item Full featured {\bf CLI for MISP}
+        \item {\bf Remote storage} of your zoo
+        \item Search / {\bf Cross check with VirusTotal}
+        \item Create / Update / Show / Publish Event
+        \item Download / Upload Samples
+        \item Mass export / Upload / Download
+        \item Get Yara rules
+    \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{MISP Module}
+    \includegraphics[scale=0.32]{misp.png}
+\end{frame}
+
+\begin{frame}[fragile]{Viper \& VT}
+    \begin{itemize}
+        \item Searches for hashes/ips/domains/URLs from the current MISP event, or download the samples
+        \item Download samples from current MISP event
+        \item Download all samples from all the MISP events of the current session
+    \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{VirusTotal Module}
+    \includegraphics[scale=0.32]{vt.png}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{Extra features}
+    \begin{itemize}
+        \item Link to a MISP event
+        \item Local storage of the MISP event
+        \item On the fly cross-check of MISP atributes with 3rd party services
+        \item Never leaving your CLI!
+    \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]{Other modules}
+    \begin{itemize}
+        \item Fully featured CLI for {\bf Passive SSL}
+        \item Fully featured CLI for {\bf Passive DNS}
+        \item Can launch Radare2 or IDA
+    \end{itemize}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{Passive SSL}
+    \includegraphics[scale=0.32]{pssl.png}
+\end{frame}
+
+\begin{frame}[fragile]
+    \frametitle{Passive DNS}
+    \includegraphics[scale=0.32]{pdns.png}
+\end{frame}
+
+\begin{frame}[t,fragile] {Q\&A}
+\includegraphics[scale=0.5]{misplogo.pdf}
+\begin{itemize}
+        \item \url{https://github.com/MISP/PyMISP}
+        \item \url{https://github.com/MISP/}
+        \item \url{https://github.com/viper-framework/viper}
+        \item We welcome new functionalities and pull requests.
+\end{itemize}
+
+\end{frame}
+

1.1-misp-viper-integration/slide.tex

@@ -0,0 +1,27 @@
+\documentclass{beamer}
+\usetheme[numbering=progressbar]{focus}
+\definecolor{main}{RGB}{47, 161, 219}
+\definecolor{textcolor}{RGB}{128, 128, 128}
+\definecolor{background}{RGB}{240, 247, 255}
+
+
+\usepackage[utf8]{inputenc}
+\usepackage{tikz}
+\usepackage{listings}
+\usetikzlibrary{positioning}
+\usetikzlibrary{shapes,arrows}
+
+
+\title{Viper - Using MISP from your terminal}
+\subtitle{MISP - Threat Sharing}
+\author{\small{\input{../includes/authors.txt}}}
+\date{\input{../includes/location.txt}}
+\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
+\institute{MISP Project \\ \url{https://www.misp-project.org/}}
+
+
+
+\begin{document}
+\include{content}
+\end{document}
+

1.1-misp-viper-integration/slide.vrb

@@ -0,0 +1,9 @@
+\frametitle{Q\&A}
+\includegraphics[scale=0.5]{misplogo.pdf}
+\begin{itemize}
+        \item \url{https://github.com/MISP/PyMISP}
+        \item \url{https://github.com/MISP/}
+        \item \url{https://github.com/viper-framework/viper}
+        \item We welcome new functionalities and pull requests.
+\end{itemize}
+

build.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 
-slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage")
+slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.1-misp-viper-integration")
 mkdir output
 export TEXINPUTS=::`pwd`/themes/
 echo ${TEXINPUTS}
@@ -26,5 +26,5 @@ echo "Generating handout..."
 cd output
 pdfunite *.pdf ../misp-training.pdf
 cd ..
-exiftool -Title="MISP Training and Slide Decks" -Author="CIRCL Computer Incident Response Center Luxembourg" -Subject="MISP Threat Intelligence Platform Training Materials" -Keywords="MISP Threat Intelligence CTI STIX information sharing yara sigma suricata snort bro openioc threat-actor TIP threat intelligence platform circl.lu training cybersecurity MISPProject" misp-training.pdf
+exiftool -overwrite_original_in_place -Title="MISP Training and Slide Decks" -Author="CIRCL Computer Incident Response Center Luxembourg" -Subject="MISP Threat Intelligence Platform Training Materials" -Keywords="MISP Threat Intelligence CTI STIX information sharing yara sigma suricata snort bro openioc threat-actor TIP threat intelligence platform circl.lu training cybersecurity MISPProject" misp-training.pdf