threat-sharing

Defund the Police.

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Your Everyday Threat Intelligence

Extract and aggregate threat intelligence.

Advanced Sysmon configuration, Installer & Auto Updater with high-quality event tracing

Defanged Indicator of Compromise (IOC) Extractor.

Python library using the MISP Rest API

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Personal compilation of APT malware from whitepaper releases, documents and own research

CIF v3 -- the fastest way to consume threat intelligence

Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

A (nearly) production ready Dockered MISP

TAXII server implementation in Python from EclecticIQ

Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/

TAXII client implementation from EclecticIQ

CIFv3 DeploymentKit

Collection of best practices to add OSINT into MISP and/or MISP communities

A utility repo to assist with converting between MISP and STIX formats

Best practices in threat intelligence

Specifications used in the MISP project including MISP core format

Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .

the fastest way to consume threat intelligence.

The Fastest way to consume Threat Intel

Tracking APT IOCs

The Project can be used to integrate QRadar with MISP Threat Sharing Platform

DDWPasteRecon tool will help you identify code leak, sensitive files, plaintext passwords, password hashes. It also allow member of SOC & Blue Team to gain situational awareness of the organisation's web exposure on the pastesites. It Utilises Google's indexing of pastesites to gain targeted intelligence of the organisation. Blue & SOC teams can collect and analyse data from these indexed pastesites to better protect against unknown threats.

A curses-style interface for automatic takedown notification based on MISP events.

Golang implementation of PyMISP-feedgenerator