Upload files to "Modules"

2024-11-28 00:55:40 -05:00
parent cc9de49dba
commit 002467caed
5 changed files with 488 additions and 0 deletions
--- a/Modules/methodology.py
+++ b/Modules/methodology.py
@ -0,0 +1,50 @@
+def get_methodology_content():
+    """
+    Returns the content for the Methodology page.
+    """
+    return [
+    {
+        "title": "Baseline",
+        "description": "Baseline configurations here.",
+        "link": "https://docs.google.com/spreadsheets/d/1s2ggAq69Z5UcZen1Q-o8gBHBv6UiJHaeFW3QwtTLnq4/edit?usp=sharing"
+    },    
+    {
+        "title": "MITRE TIE",
+        "description": "The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques.",
+        "link": "https://center-for-threat-informed-defense.github.io/technique-inference-engine/#/"
+    },
+    {
+            "title": "Linux Basics",
+            "content": """
+- Understand typical file paths and permission settings.
+- Monitor unexpected or unplanned cron jobs.
+- Investigate binaries with SUID or SGID bits set (`find / -perm -4000`).
+- Look for rogue or uncommon processes running as root.
+- Analyze .bash_history for suspicious commands.
+- Investigate `/var/log/auth.log` for failed or unauthorized access.
+- Check for hidden files and directories using `find / -type f -name ".*"`.
+            """,
+            "resources": [
+                {"name": "Linux.org", "url": "https://www.linux.org/"},
+                {"name": "Cyberciti.biz", "url": "https://www.cyberciti.biz/"}
+            ]
+        },
+        {
+            "title": "Windows Basics",
+            "content": """
+- Look for file extensions.
+- Initial access and lateral movement are the loudest.
+- Understand how PID and PPID relate.
+- Look for 1-2 character .exe (e.g., a.exe, ab.exe).
+- C2 exploits are native in 32-bit.
+- Files should not have read, write, and execute simultaneously
+  - Should be RW- ro --X.
+- Know where attackers store files.
+- C:\\windows\\system32: Exe files are not usually stored here.
+            """,
+            "resources": [
+                {"name": "Microsoft Security", "url": "https://www.microsoft.com/en-us/security"},
+                {"name": "MITRE ATT&CK", "url": "https://attack.mitre.org/"}
+            ]
+        }
+ ]