Upload files to "Modules"
This commit is contained in:
@ -1,19 +1,19 @@
|
|||||||
def get_methodology_content():
|
def get_methodology_content():
|
||||||
"""
|
"""
|
||||||
Returns the content for the Methodology page.
|
Returns structured content for the Methodology page with sections containing resources.
|
||||||
"""
|
"""
|
||||||
return [
|
return [
|
||||||
{
|
{
|
||||||
"title": "Baseline",
|
"title": "Baseline",
|
||||||
"description": "Baseline configurations here.",
|
"description": "Baseline configurations here.",
|
||||||
"link": "https://docs.google.com/spreadsheets/d/1s2ggAq69Z5UcZen1Q-o8gBHBv6UiJHaeFW3QwtTLnq4/edit?usp=sharing"
|
"link": "https://docs.google.com/spreadsheets/d/1s2ggAq69Z5UcZen1Q-o8gBHBv6UiJHaeFW3QwtTLnq4/edit?usp=sharing",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"title": "MITRE TIE",
|
"title": "MITRE TIE",
|
||||||
"description": "The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques.",
|
"description": "The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques.",
|
||||||
"link": "https://center-for-threat-informed-defense.github.io/technique-inference-engine/#/"
|
"link": "https://center-for-threat-informed-defense.github.io/technique-inference-engine/#/",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"title": "Linux Basics",
|
"title": "Linux Basics",
|
||||||
"content": """
|
"content": """
|
||||||
- Understand typical file paths and permission settings.
|
- Understand typical file paths and permission settings.
|
||||||
@ -25,8 +25,9 @@ def get_methodology_content():
|
|||||||
- Check for hidden files and directories using `find / -type f -name ".*"`.
|
- Check for hidden files and directories using `find / -type f -name ".*"`.
|
||||||
""",
|
""",
|
||||||
"resources": [
|
"resources": [
|
||||||
{"name": "Linux.org", "url": "https://www.linux.org/"},
|
"https://www.linux.org/",
|
||||||
{"name": "Cyberciti.biz", "url": "https://www.cyberciti.biz/"}
|
"https://www.cyberciti.biz/",
|
||||||
|
"https://www.linuxsecurity.com/"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -43,8 +44,74 @@ def get_methodology_content():
|
|||||||
- C:\\windows\\system32: Exe files are not usually stored here.
|
- C:\\windows\\system32: Exe files are not usually stored here.
|
||||||
""",
|
""",
|
||||||
"resources": [
|
"resources": [
|
||||||
{"name": "Microsoft Security", "url": "https://www.microsoft.com/en-us/security"},
|
"https://www.microsoft.com/en-us/security",
|
||||||
{"name": "MITRE ATT&CK", "url": "https://attack.mitre.org/"}
|
"https://attack.mitre.org/",
|
||||||
|
"https://learn.microsoft.com/en-us/sysinternals/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Time of Incident",
|
||||||
|
"content": """
|
||||||
|
- SIEM/IDS/AV alert
|
||||||
|
- 3rd Party Notification
|
||||||
|
""",
|
||||||
|
"resources": [
|
||||||
|
"https://www.splunk.com/",
|
||||||
|
"https://owasp.org/www-project-intrusion-detection-systems/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Network Activity",
|
||||||
|
"content": """
|
||||||
|
- Malicious URLs accessed
|
||||||
|
- DNS requests for bad domains
|
||||||
|
""",
|
||||||
|
"resources": [
|
||||||
|
"https://www.virustotal.com/gui/home/url",
|
||||||
|
"https://www.cloudflare.com/dns/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Process Activity",
|
||||||
|
"content": """
|
||||||
|
- Running process related to incident
|
||||||
|
- DLL injection detected
|
||||||
|
""",
|
||||||
|
"resources": [
|
||||||
|
"https://processhacker.sourceforge.io/",
|
||||||
|
"https://www.sciencedirect.com/topics/computer-science/dll-injection"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Name of a File",
|
||||||
|
"content": """
|
||||||
|
- File name of interest (e.g., p.exe, r1.exe)
|
||||||
|
- File type of interest (e.g., .rar, .py, .ps1)
|
||||||
|
""",
|
||||||
|
"resources": [
|
||||||
|
"https://fileinfo.com/",
|
||||||
|
"https://www.hybrid-analysis.com/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "User Account Activity",
|
||||||
|
"content": """
|
||||||
|
- Identify suspicious user account activity
|
||||||
|
""",
|
||||||
|
"resources": [
|
||||||
|
"https://docs.microsoft.com/en-us/windows/security/identity-protection/",
|
||||||
|
"https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "Other Activity",
|
||||||
|
"content": """
|
||||||
|
- Lateral Movement (Event Logs + File Copy & Execution)
|
||||||
|
- Anti-Forensics (Wiper download, wiper execution)
|
||||||
|
""",
|
||||||
|
"resources": [
|
||||||
|
"https://attack.mitre.org/tactics/TA0008/",
|
||||||
|
"https://www.mandiant.com/resources/anti-forensic-tactics"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
Reference in New Issue
Block a user