matthew/Hunt-AI
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "Modules"

Browse Source
This commit is contained in:
Matthew Iverson
2024-11-28 10:37:50 -05:00
parent eb2492c61f
commit 949a4a361f
1 changed files with 84 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
Modules/methodology.py
View File

@ -1,19 +1,19 @@
def get_methodology_content():
"""
Returns the content for the Methodology page.
Returns structured content for the Methodology page with sections containing resources.
"""
return [
{
"title": "Baseline",
"description": "Baseline configurations here.",
"link": "https://docs.google.com/spreadsheets/d/1s2ggAq69Z5UcZen1Q-o8gBHBv6UiJHaeFW3QwtTLnq4/edit?usp=sharing"
},
{
"title": "MITRE TIE",
"description": "The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques.",
"link": "https://center-for-threat-informed-defense.github.io/technique-inference-engine/#/"
},
{
{
"title": "Baseline",
"description": "Baseline configurations here.",
"link": "https://docs.google.com/spreadsheets/d/1s2ggAq69Z5UcZen1Q-o8gBHBv6UiJHaeFW3QwtTLnq4/edit?usp=sharing",
},
{
"title": "MITRE TIE",
"description": "The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques.",
"link": "https://center-for-threat-informed-defense.github.io/technique-inference-engine/#/",
},
{
"title": "Linux Basics",
"content": """
- Understand typical file paths and permission settings.
@ -25,8 +25,9 @@ def get_methodology_content():
- Check for hidden files and directories using `find / -type f -name ".*"`.
""",
"resources": [
{"name": "Linux.org", "url": "https://www.linux.org/"},
{"name": "Cyberciti.biz", "url": "https://www.cyberciti.biz/"}
"https://www.linux.org/",
"https://www.cyberciti.biz/",
"https://www.linuxsecurity.com/"
]
},
{
@ -43,8 +44,74 @@ def get_methodology_content():
- C:\\windows\\system32: Exe files are not usually stored here.
""",
"resources": [
{"name": "Microsoft Security", "url": "https://www.microsoft.com/en-us/security"},
{"name": "MITRE ATT&CK", "url": "https://attack.mitre.org/"}
"https://www.microsoft.com/en-us/security",
"https://attack.mitre.org/",
"https://learn.microsoft.com/en-us/sysinternals/"
]
},
{
"title": "Time of Incident",
"content": """
- SIEM/IDS/AV alert
- 3rd Party Notification
""",
"resources": [
"https://www.splunk.com/",
"https://owasp.org/www-project-intrusion-detection-systems/"
]
},
{
"title": "Network Activity",
"content": """
- Malicious URLs accessed
- DNS requests for bad domains
""",
"resources": [
"https://www.virustotal.com/gui/home/url",
"https://www.cloudflare.com/dns/"
]
},
{
"title": "Process Activity",
"content": """
- Running process related to incident
- DLL injection detected
""",
"resources": [
"https://processhacker.sourceforge.io/",
"https://www.sciencedirect.com/topics/computer-science/dll-injection"
]
},
{
"title": "Name of a File",
"content": """
- File name of interest (e.g., p.exe, r1.exe)
- File type of interest (e.g., .rar, .py, .ps1)
""",
"resources": [
"https://fileinfo.com/",
"https://www.hybrid-analysis.com/"
]
},
{
"title": "User Account Activity",
"content": """
- Identify suspicious user account activity
""",
"resources": [
"https://docs.microsoft.com/en-us/windows/security/identity-protection/",
"https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/"
]
},
{
"title": "Other Activity",
"content": """
- Lateral Movement (Event Logs + File Copy & Execution)
- Anti-Forensics (Wiper download, wiper execution)
""",
"resources": [
"https://attack.mitre.org/tactics/TA0008/",
"https://www.mandiant.com/resources/anti-forensic-tactics"
]
}
]
]