50 lines
2.0 KiB
Python
50 lines
2.0 KiB
Python
def get_methodology_content():
|
|
"""
|
|
Returns the content for the Methodology page.
|
|
"""
|
|
return [
|
|
{
|
|
"title": "Baseline",
|
|
"description": "Baseline configurations here.",
|
|
"link": "https://docs.google.com/spreadsheets/d/1s2ggAq69Z5UcZen1Q-o8gBHBv6UiJHaeFW3QwtTLnq4/edit?usp=sharing"
|
|
},
|
|
{
|
|
"title": "MITRE TIE",
|
|
"description": "The Technique Inference Engine (TIE) suggests techniques an adversary is likely to have used based on a set of observed techniques.",
|
|
"link": "https://center-for-threat-informed-defense.github.io/technique-inference-engine/#/"
|
|
},
|
|
{
|
|
"title": "Linux Basics",
|
|
"content": """
|
|
- Understand typical file paths and permission settings.
|
|
- Monitor unexpected or unplanned cron jobs.
|
|
- Investigate binaries with SUID or SGID bits set (`find / -perm -4000`).
|
|
- Look for rogue or uncommon processes running as root.
|
|
- Analyze .bash_history for suspicious commands.
|
|
- Investigate `/var/log/auth.log` for failed or unauthorized access.
|
|
- Check for hidden files and directories using `find / -type f -name ".*"`.
|
|
""",
|
|
"resources": [
|
|
{"name": "Linux.org", "url": "https://www.linux.org/"},
|
|
{"name": "Cyberciti.biz", "url": "https://www.cyberciti.biz/"}
|
|
]
|
|
},
|
|
{
|
|
"title": "Windows Basics",
|
|
"content": """
|
|
- Look for file extensions.
|
|
- Initial access and lateral movement are the loudest.
|
|
- Understand how PID and PPID relate.
|
|
- Look for 1-2 character .exe (e.g., a.exe, ab.exe).
|
|
- C2 exploits are native in 32-bit.
|
|
- Files should not have read, write, and execute simultaneously
|
|
- Should be RW- ro --X.
|
|
- Know where attackers store files.
|
|
- C:\\windows\\system32: Exe files are not usually stored here.
|
|
""",
|
|
"resources": [
|
|
{"name": "Microsoft Security", "url": "https://www.microsoft.com/en-us/security"},
|
|
{"name": "MITRE ATT&CK", "url": "https://attack.mitre.org/"}
|
|
]
|
|
}
|
|
] |