没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Security Operation
Center 100 Tools
Joas Antonio
Sooty
• Sooty is a tool developed with the task of
aiding SOC analysts with automating part
of their workflow. One of the goals of
Sooty is to perform as many of the
routine checks as possible, allowing the
analyst more time to spend on deeper
analysis within the same time-frame.
Details for many of Sooty's features can
be found below.
• https://github.com/TheresAFewCo
nors/Sooty
Peepdf
• peepdf is a Python tool to explore PDF files in
order to find out if the file can be harmful or not.
The aim of this tool is to provide all the
necessary components that a security
researcher could need in a PDF analysis without
using 3 or 4 tools to make all the tasks. With
peepdf it's possible to see all the objects in the
document showing the suspicious elements,
supports the most used filters and encodings, it
can parse different versions of a file, object
streams and encrypted files. With the installation
of PyV8 and Pylibemu it provides Javascript
and shellcode analysis wrappers too. Apart of
this it is able to create new PDF files, modify
existent ones and obfuscate them.
• https://eternal-todo.com/tools/peepdf-pdf-
analysis-tool
PyREBox
• PyREBox is a Python scriptable Reverse Engineering sandbox. It is
based on QEMU, and its goal is to aid reverse engineering by
providing dynamic analysis and debugging capabilities from a
different perspective. PyREBox allows to inspect a running QEMU
VM, modify its memory or registers, and to instrument its execution,
by creating simple scripts in Python to automate any kind of analysis.
It also offers a shell based on IPython that exposes a rich set of
commands, as well as a Python API.
• https://talosintelligence.com/pyrebox
Fail2Ban
• Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the
malicious signs -- too many password failures, seeking for exploits, etc. Generally
Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified
amount of time, although any arbitrary other action (e.g. sending an email) could also
be configured. Out of the box Fail2Ban comes with filters for various services (apache,
courier, ssh, etc).
• Fail2Ban is able to reduce the rate of incorrect authentications attempts however it
cannot eliminate the risk that weak authentication presents. Configure services to use
only two factor or public/private authentication mechanisms if you really want to
protect services.
• https://www.fail2ban.org/wiki/index.php/Main_Page
剩余100页未读,继续阅读
资源评论
网络研究观
- 粉丝: 6580
- 资源: 2196
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功