intelsecuretech

Kivweb - Kivred on the web A web app for your cyber threat intelligence need is here, no installation required, just point your browser to http://35.164.222.186/ then viola!

Kivred on windows - Latest cyber threat intelligence on your finger tips I just recently compiled kivred to an exe for ease of use. You can download the zip file, extract and run kivred.exe. You don’t have to install because the software is portable. The file can be downloaded on my github repo  https://github.com/CodesInTheShell/kivred . Let’s try to check for the latest threats as of July 13 2017 to July 14 2017. Number 1 is our settings, check out http://hailataxii.com/ for more available feeds. Number 2 are indicators of URL Watchlist identified to be a part of phishing attack. Number 3 is the scrollbar, scroll down to check more indicators. Note that you may experience kivred not responding while it is running in the background, just wait for about a minute. That's it, stay up to date with the latest cyber security threats folks. There will always be a storm coming.

Install Snort IDS in Windows In this article, we are going to install Snort on windows, perform basic configuration then add snort rules. Snort can also be configured as an intrusion prevention system, but in our case, we will just configure snort as an IDS. Carry out the following steps Download and install Snort and Winpcap Download snort rules Configure snort.conf file Run snort that displays alert on console Run snort that saves alert to a file ============================================================= Step 1: Note: Install snort and winpcap as an administrator. Download winpcap https://www.winpcap.org/ and install it as an administrator, just let it install with default settings. Restart your computer. Download snort installer exe at https://www.snort.org/downloads and install it as an administrator, just choose defaults configuration where you only have to click “I Agree”, “Next” , “Next” , “Next”, “Close” and “Ok”. ==============

What is windows event log? Windows event log   is a record of a computer's alerts and notifications such as errors, warning and other information. There are a lot of System Information and Event Management (SIEM) tools out there that collects and analyzes logs and monitors for security threats, these softwares offers many advance and somewhat features. In this article, we are going to explore windows event viewer to perform a simple security analysis and create a simple custom view for monitoring. We are going to use the following event ID 4672 - Special privileges assigned to new logon. This event lets you know whenever an account assigned any "administrator equivalent" user rights logs on. There are reasons why we need to monitor for such event, we usually give our employees a standard user rights and hackers can perform privilege escalation (e.i. Metaspoit’s meterpreter script getsystem that will use a number of different techniques to attempt to

Using Kivred to fetch threat intelligence and find snort rules to use it with snort Before diving into the procedure, let me give you some terminologies. TAXII - Trusted Automated eXchange of Indicator Information. A free and open transport mechanism that standardizes the automated exchange of cyber threat information. STIX - Structured Threat Information Expression. A language for describing cyber threat information in a standardized and structured manner to enable the exchange of cyber threat intelligence (CTI). http://hailataxii.com/ - Hail a TAXII.com is a repository of Open Source Cyber Threat Intellegence feeds in STIX format. Kivred – A simple taxi client to fetch data from taxi service provider such as hailataxii. Indicator – contains a pattern that can be used to detect suspicious or malicious cyber activity. Observed Data – conveys information observed on a system or network (e.g., an IP address). TTPs - Tactics, Technique