From 18201be511dd5bf4435425e882183d8cb70cfe97 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 27 Mar 2018 08:52:50 +0200 Subject: [PATCH] Archive of the etherpad during the hackathon --- archive/OS3-20180326/etherpad-archive.md | 99 ++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 archive/OS3-20180326/etherpad-archive.md diff --git a/archive/OS3-20180326/etherpad-archive.md b/archive/OS3-20180326/etherpad-archive.md new file mode 100644 index 0000000..f72dac6 --- /dev/null +++ b/archive/OS3-20180326/etherpad-archive.md @@ -0,0 +1,99 @@ +# OS3 hackathon - 26th March 2018 in Luxembourg and Japan + + +## List of Projects, Team Members, Hackathon Page and Project Live Chat + +This is the list of open source security software projects at the hackathon and the ongoing +project during this hackathon event. Feel free to add your project. + + - [AIL](https://github.com/CIRCL/AIL-framework) + - WiP [BGPRanking](https://github.com/D4-project/BGP-Ranking) + - [MISP](https://github.com/MISP), Core Team, [Hackathon Page](https://github.com/MISP/MISP/wiki/Hackathon) and [MISP Gitter](https://gitter.im/MISP/MISP) + - [MISP dashboard](https://github.com/MISP/misp-dashboard) + - [The Hive] (https://github.com/TheHive-Project/TheHive) (see also Cortex and Cortex-Analyzers on the github org (https://github.com/TheHive-Project ) page) + - https://github.com/monarc-project/MonarcAppFO - MONARC - Method for an Optimised aNAlysis of Risks + + +## Outcome + +List the current outcome including git repository, issue, notes, wiki or photo. + +### TheHive Project +Ideas for the day: + - Review Cortex 2 documentation, create a QS guide. Target release date of Cortex 2: Thu March 29, 2018 + - Make sure MISP will work with Cortex 2 (API update) for enrichment + - Improve the Cortex FileInfo analyzer + - Improve TheHive4py + +### Telco ideas + +- Objects review: ss7, gtp, diam +- PyMISP +- Feeds:https://github.com/MISP/PyMISP/tree/master/examples/feed-generator-from-redis +- Feeds definition: enable preview, per event (down arrow = import) +- Sighting idea https://github.com/MISP/misp-sighting-tools/blob/master/bin/pcapreader.py + + Strategies for watching new events: ZMQ Feeds pubsub with all activities, API REST list events (last) through PyMISP (examples/last.py) + +- IDS flag : per attributes, indicates automation can be enabled for this event +- Download as... : standardized format - https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod +- Expansion on value: modules / expansion: On Net / Roaming + + +Use cases: +- PTM Import Hot numbers "phone-numbers" attributes: PROTO WORKING +- Feed to import events +- Add "hits" to events: Sightings +- Expansion on values related to telco on P1 central db (GDPR friendly) +- VKB Expansion: module to match vague Title/Description/related topic to Precise Vulnerability record +- Tags fromt MISPobject (VKB) + +Problem: +FIXED: How to get same results as https://misppriv.circl.lu/attributes/search Results for all attributes of type "phone-number" --> 197 results + with: ./searchall.py -s phone_number | jq . | grep 'phone-number' | wc + 39 78 1558 +OPEN: Can a feed item have sightings? + + + +## Practical details + +### Venue Luxembourg + + - CIRCL - Computer Incident Response Center Luxembourg, c/o "security made in Lëtzebuerg" (SMILE) g.i.e., 16, bd d'Avranches, L-1160 Luxembourg + +### Venue Japan + + - JPCERT/CC - 東京都千代田区神田錦町3-17 廣瀬ビル11 階 + +### Pad Japan + +https://pad.riseup.net/p/OS1-Tokyo-hackathon + +## Open Questions + +Feel free to add your question below. + +- How the transition of projects/ideas will be done between Luxembourg and Japan? + +## Misc Contributions + +### Phil: Let me share some great tool that we feel is better than etherpad now: HackMD https://github.com/hackmdio/hackmd + + docker-hackmd: https://github.com/hackmdio/docker-hackmd + +test it here: https://hackmd.io/8IhqdQlqSQeCCdqac2t0rQ + + +### Fabien: I have a nice tool that we use in our day to day. If someone is interested in "Web Application Security Scanner Framework" -> https://github.com/Arachni/arachni + +### MISP Notice + +MISP/misp-noticelist : +https://github.com/MISP/misp-noticelist + + + + + +