chg: [1.1] viper integration added

improvedChecklist
Alexandre Dulaunoy 2018-12-29 17:25:08 +01:00
parent 6562dc8e69
commit b5d1fa377b
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
11 changed files with 152 additions and 2 deletions

View File

@ -0,0 +1,114 @@
% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.
%\colorlet{punct}{red!60!black}
%\definecolor{background}{HTML}{EEEEEE}
%\definecolor{delim}{RGB}{20,105,176}
%\colorlet{numb}{magenta!60!black}
\begin{frame}[t,plain]
\titlepage
\end{frame}
\begin{frame}[fragile]
\frametitle{Viper - Main ideas}
\begin{quote}
Viper is a {\bf binary analysis and management framework}. Its
fundamental objective is to provide a solution to {\bf easily organize}
your collection of {\bf malware} and {\bf exploit samples} as well as your
collection of {\bf scripts} you created or found over the time to
facilitate your daily research. Think of it as a {\bf Metasploit for malware
researchers}: it provides a terminal interface that you can use to {\bf store},
{\bf search} and {\bf analyze} arbitrary files with and a framework to
{\bf easily create plugins} of any sort.
\end{quote}
\end{frame}
\begin{frame}[fragile]
\frametitle{Viper}
\begin{itemize}
\item {\bf Solid CLI}
\item Plenty of modules (PE files, *office, ELF, APK, ...)
\item Connection to {\bf 3rd party services} (MISP, VirusTotal, cuckoo)
\item Connectors to {\bf 3rd party tools} (IDA, radare)
\item {\bf Locale storage} of your own zoo
\item Django interface is available (I've been told)
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{Viper}
\includegraphics[scale=0.27]{modules.png}
\end{frame}
\begin{frame}[fragile]{PyMISP \& Viper}
\begin{itemize}
\item Full featured {\bf CLI for MISP}
\item {\bf Remote storage} of your zoo
\item Search / {\bf Cross check with VirusTotal}
\item Create / Update / Show / Publish Event
\item Download / Upload Samples
\item Mass export / Upload / Download
\item Get Yara rules
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{MISP Module}
\includegraphics[scale=0.32]{misp.png}
\end{frame}
\begin{frame}[fragile]{Viper \& VT}
\begin{itemize}
\item Searches for hashes/ips/domains/URLs from the current MISP event, or download the samples
\item Download samples from current MISP event
\item Download all samples from all the MISP events of the current session
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{VirusTotal Module}
\includegraphics[scale=0.32]{vt.png}
\end{frame}
\begin{frame}[fragile]
\frametitle{Extra features}
\begin{itemize}
\item Link to a MISP event
\item Local storage of the MISP event
\item On the fly cross-check of MISP atributes with 3rd party services
\item Never leaving your CLI!
\end{itemize}
\end{frame}
\begin{frame}[fragile]{Other modules}
\begin{itemize}
\item Fully featured CLI for {\bf Passive SSL}
\item Fully featured CLI for {\bf Passive DNS}
\item Can launch Radare2 or IDA
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{Passive SSL}
\includegraphics[scale=0.32]{pssl.png}
\end{frame}
\begin{frame}[fragile]
\frametitle{Passive DNS}
\includegraphics[scale=0.32]{pdns.png}
\end{frame}
\begin{frame}[t,fragile] {Q\&A}
\includegraphics[scale=0.5]{misplogo.pdf}
\begin{itemize}
\item \url{https://github.com/MISP/PyMISP}
\item \url{https://github.com/MISP/}
\item \url{https://github.com/viper-framework/viper}
\item We welcome new functionalities and pull requests.
\end{itemize}
\end{frame}

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 135 KiB

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 162 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 70 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 76 KiB

View File

@ -0,0 +1,27 @@
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
\definecolor{main}{RGB}{47, 161, 219}
\definecolor{textcolor}{RGB}{128, 128, 128}
\definecolor{background}{RGB}{240, 247, 255}
\usepackage[utf8]{inputenc}
\usepackage{tikz}
\usepackage{listings}
\usetikzlibrary{positioning}
\usetikzlibrary{shapes,arrows}
\title{Viper - Using MISP from your terminal}
\subtitle{MISP - Threat Sharing}
\author{\small{\input{../includes/authors.txt}}}
\date{\input{../includes/location.txt}}
\titlegraphic{\includegraphics[scale=0.85]{misp.pdf}}
\institute{MISP Project \\ \url{https://www.misp-project.org/}}
\begin{document}
\include{content}
\end{document}

View File

@ -0,0 +1,9 @@
\frametitle{Q\&A}
\includegraphics[scale=0.5]{misplogo.pdf}
\begin{itemize}
\item \url{https://github.com/MISP/PyMISP}
\item \url{https://github.com/MISP/}
\item \url{https://github.com/viper-framework/viper}
\item We welcome new functionalities and pull requests.
\end{itemize}

Binary file not shown.

After

Width:  |  Height:  |  Size: 133 KiB

View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage") slidedecks=("0-misp-introduction-to-information-sharing" "1-misp-usage" "1.1-misp-viper-integration")
mkdir output mkdir output
export TEXINPUTS=::`pwd`/themes/ export TEXINPUTS=::`pwd`/themes/
echo ${TEXINPUTS} echo ${TEXINPUTS}
@ -26,5 +26,5 @@ echo "Generating handout..."
cd output cd output
pdfunite *.pdf ../misp-training.pdf pdfunite *.pdf ../misp-training.pdf
cd .. cd ..
exiftool -Title="MISP Training and Slide Decks" -Author="CIRCL Computer Incident Response Center Luxembourg" -Subject="MISP Threat Intelligence Platform Training Materials" -Keywords="MISP Threat Intelligence CTI STIX information sharing yara sigma suricata snort bro openioc threat-actor TIP threat intelligence platform circl.lu training cybersecurity MISPProject" misp-training.pdf exiftool -overwrite_original_in_place -Title="MISP Training and Slide Decks" -Author="CIRCL Computer Incident Response Center Luxembourg" -Subject="MISP Threat Intelligence Platform Training Materials" -Keywords="MISP Threat Intelligence CTI STIX information sharing yara sigma suricata snort bro openioc threat-actor TIP threat intelligence platform circl.lu training cybersecurity MISPProject" misp-training.pdf