AIL Framework version 4.1 released with a new investigation/case handling, improved export and many improvements. #ThreatIntelligence #threatintel #DarkWeb
ail-project.org/blog/2022/03/1
Aurelien Thirion’s Tweets
How to install the AIL framework in a lxc container or use the publicly available AIL container. It's easier if you want to test the synchronisation between AIL instances or run tests or discover AIL.
4
5
The AIL project workshop is online on YouTube.
This includes new features from AIL project and an introduction to #darkweb monitoring using AIL. The Conti leaks import example by is quickly showed.
Video: youtube.com/watch?v=uI4ga3
Slides: raw.githubusercontent.com/ail-project/ai
16
27
The evolution of PHP shell/obfuscation seen from various sources (forum, Tor hidden services and pasties website) show a slight decrease of distributing PHP shell/code by adversaries.
1
5
11
The AIL feeder for Twitter has been updated to version 1.3 - github.com/ail-project/ai if you are using it, we recommend to update it and also the dependencies especially the twint fork from AIL project.
3
7
Sometime PGP and Bitcoin transactions come together... and can give a lot of insight.
3
4
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
We love YARA at - AIL comes with a set of default YARA rules to find leak or information disclosure.
Thanks to all the contributors who helped to build the repository. Don't hesitate to contribute rules.
#opensource
#100DaysofYARA
github.com/ail-project/ai
19
30
We recently added new feeders to AIL including one for archive - to feed AIL with specific commits or intelligence from git repositories.
github.com/ail-project/ai
#CTI #ThreatIntelligence
GIF
4
5
For the ones who asked, AIL framework is not vulnerable to #log4j as we don't use Java and/or don't rely on that library.
2
3
TR-65 - Vulnerabilities and Exploitation of Log4j (Remote code injection in Log4j)
circl.lu/pub/tr-65/
We will update regularly the TR with additional information. CVE-2021-44228
GIF
1
30
35
AIL Framework version 4.0 released with a new synchronisation feature, tracker webhook improvement and many bugs fixed. #threatintel #dfir #DarkWeb
ail-project.org/blog/2021/12/0
28
31
On this first day of the Open Source Security hackathon , we will focus on security orchestration (other topics are also welcome). misp-project.org/hackathon/ To join us, it's easy. There is a common chat on Mattermost mm.circl.lu/signup_user_co
2
9
18
Show this thread
We presented our updated pipeline for analysing botnets abusing tor2web gateways at using open source tools such as and also Karton and MWDB from
Slides: github.com/D4-project/d4-
1
13
21
We ( and ) will present at about our ongoing monitoring techniques of a botnet using Tor. It's an update of our CTI presentation. secure.edu.pl/en/agenda #infosec
13
23
hashlookup-forensic-analyser v0.2 released with some improvements in the CSV export.
Release: github.com/hashlookup/has
About hashlookup service - how to improve your digital forensic investigations:
gist.github.com/adulau/e9e95fe
#DFIR #infosec #opensource #nsrl
29
70
If you use and want to share your experience, project or integration the CfP for the MISP summit (Thursday 21st October 2021) is still open. #opensource #infosec #ThreatIntel
1
26
20
"Publishing open data in the cyber security field"
d4-project.org/2021/10/04/pub - having proper metadata while publishing dataset is critical. The open-data-security format from used in the scope of can help to better measure cyber security. #OpenData
4
8
We just added hash values in CIRCL hashlookup public service and it will be updated on a daily basis. #dfir #hashlookup
Let us know whether you want some additional sources to be imported.
circl.lu/services/hashl
6
8
The team ( ) will join the / hackathon (Monday 25th October 2021 and Tuesday 26th October 2021) misp-project.org/hackathon/ #opensource #infosec - join us!
9
10
Just found out that the has a feeder for content from Telegram channels. github.com/ail-project/ai (you have to know/subscribe to the channel first, but it's a good start for early warnings)
10
17
We moved our test ZMQ feed (crf.circl.lu) for to a new IPv4 address (185.194.94.73). For the organisation using it and having filtering rules, don't forget to update.
3
5
Open Source Security hackathon - Monday 25th October 2021 and Tuesday 26th October 2021 - don't hesitate to join us and many others. #opensource #infosecurity
misp-project.org/hackathon/
52
61
Quote Tweet
We (@adulau & @chrisred_68 from @circl_lu ) will be at @FIC_eu #FIC2021 at the area D7 (@secin_lu). If you want to discuss about MISP, threat intelligence, incident response or just get some stickers, feel free to pass by.
4
10
AIL Framework version 3.7 released with many bugs fixed, improvement and new feeders (including Discord, ActivityPub and RSS/Atom). #threatintelligence #DarkWeb #opensource
ail-project.org/blog/2021/08/2
28
63
The PGP meta-data correlation can be an interesting gold mine for correlation. Especially to find correlations between Tor hidden services and other crawled content.
github.com/ail-project/
30
35
MISP 2.4.148 released including bugs fixed, some improvements and two security fixes CVE-2021-37742 and CVE-2021-37743. We strongly recommend everyone to upgrade their MISP. #ThreatIntel
misp-project.org/2021/08/09/MIS
GIF
28
42
A new activity-pub AIL feeder has been released (still a work in progress) but if you have any ideas or feedback let us know.
1
8
Why open data is critical? The real-time forecast of flooding is not open data and only accessible to partners. Using data from a EU funded satellite monitoring system and it’s not open data. This needs to be changed especially to have citizen access to it.
1
10
15
Show this thread
AIL Framework version 3.6 released with new features (such as YARA retrohunt) and many bugs fixed. #ThreatIntel #dataleak #DarkWeb
github.com/ail-project/ai
2
42
72
As you know, we have a series of feeders for and a new Discord channel(s) feeder is under development github.com/ail-project/ai - feedback, tests and ideas are more than welcome on this pre-version.
3
6
17
30
1 USB key, 3 files with different content, depending on the system you connect it, too. Next week, I'll present at about forensics low level. #pts21
11
79
392
Yesterday's #FIRSTCON21 training session is up on YouTube. Thank you again to the , , - you all ROCK! View at:
30
47
"Introduction to Penetration Testing" - our training materials have been updated from 85 to 153 slides. New topics are now covered. The goal is to provide open source materials to cover the basis. Thanks to for the work. #DFIR #Pentesting
circl.lu/services/pente
49
92
We added a new MISP object template to describe open-data-security datasets. This work is part of the EU project to share data about vulnerable IoT devices.
misp-project.org/objects.html#_
The template is based on github.com/CIRCL/open-dat #OpenData #infosec
1
18
31
Tomorrow (May 18 11:00 - 19:00) we will make a workshop "MISP general usage training for analysts and administrators" at in English with a live translation in Russian.
phdays.com/en/program/rep
1
10
29
On the 15th May 2011, a first version of MISP was released. We are celebrating our first 10 years birthday as the leading open source project for information and intelligence sharing. Thanks to all the people and organisations who support us. #opensource #infosec #DFIR #CTI
4
161
316
We publish "Industrialize the Tracking of Botnet Operations – A Practical Case with Large Coin-Mining Threat-Actor(s)” including the slides, video (presented at at CTI) and the framework used to do the monitoring of botnets using Tor proxies.
d4-project.org/2021/04/20/tor
26
37