ishideoã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ / 2019å¹´8æœˆ20æ—¥ - ã¯ã¦ãªãƒ

Python3ã€€æ£è¦è¡¨ç¾ã‚’ç”¨ã„ã¦IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’åˆ¤å®šã—ãŸã„

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

WoWHoneypotã®access_logã‚’Fluentdã§BigQueryã«å…¥ã‚Œã‚‹(base64ãƒ‡ã‚³ãƒ¼ãƒ‰) | Qrunchï¼ˆã‚¯ãƒ©ãƒ³ãƒï¼‰

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

https://digitalforensic.jp/wp-content/uploads/2018/08/guideline_7.1st.pdf

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

ï¼Šç™½ç™¾åˆã‚ã‚‚ï¼Š

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

DNSãƒ‰ç´ äººãŒdigã‚³ãƒžãƒ³ãƒ‰ã¨Route 53ã‚’ä½¿ã£ã¦ã€DNSã«ã¤ã„ã¦ã‚ã‚Œã“ã‚Œå¦ã‚“ã§ã¿ãŸ | DevelopersIO

è©¦ã—ã«ã€digã‚³ãƒžãƒ³ãƒ‰ã‚’åˆ©ç”¨ã—ã¦ã€yahoo.co.jpã«åå‰è§£æ±ºã—ã¦ã¿ã¾ã—ã‚‡ã†ã€‚ $ dig yahoo.co.jp ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.56.amzn1 <<>> yahoo.co.jp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57517 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;yahoo.co.jp. IN A ;; ANSWER SECTION: yahoo.co.jp. 60 IN A 182.22.59.229 yahoo.co.jp.

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

ELBã®DNS Lookupã§IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’8å€‹è¿”ã™ã‚ˆã†ã«ãªã‚Šã¾ã—ãŸ | DevelopersIO

ä»Šã¾ã§ã®ELB ä»Šã¾ã§ã®ELBã¯ã‚ã‚‹DNSåã«å¯¾ã—ã¦1ã¤ã®IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’è¿”ã—ã¦ã„ã¾ã—ãŸã€‚ã“ã®IPã‚¢ãƒ‰ãƒ¬ã‚¹ã¯å›ºå®šã§ã¯ãªãã€ELBã®æ··é›‘çŠ¶æ³ã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å¤‰åŒ–ã—ã¦ã„ã¾ã—ãŸã€‚ã“ã®DNSåã«å¯¾ã™ã‚‹IPã‚¢ãƒ‰ãƒ¬ã‚¹ã®å¤‰æ›´ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚¢ãƒ—ãƒªå´ã®DNSã‚ãƒ£ãƒƒã‚·ãƒ¥ç‰ã§ä¸å…·åˆã‚’èµ·ã“ã™å±é™ºæ€§ãŒã‚¼ãƒã§ã¯ãªãã€å®Ÿéš›ã«ç§ã¯ä½“é¨“ã—ã¾ã—ãŸã€‚ æ–°ã—ã„ELB æ–°ã—ã„ELBã¯æœ€å¤§ã§8ã¤ã®IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’è¿”ã—ã¦ãã‚Œã¾ã™ã€‚ã“ã‚Œã«ã‚ˆã£ã¦ã€ELBã®æ··é›‘çŠ¶æ³ã«ã‚ˆã£ã¦æ‹¡å¤§ã—ãŸã‚Šç¸®å°ã—ãŸå ´åˆã«ã€ã•ã£ãã¾ã§è¦‹ãˆã¦ã„ãŸã‚ãƒ£ãƒƒã‚·ãƒ¥ã—ãŸIPã‚¢ãƒ‰ãƒ¬ã‚¹ãŒè¦‹ã¤ã‹ã‚‰ãªã„ã¨ã„ã£ãŸã‚¨ãƒ©ãƒ¼ãŒç„¡ããªã‚Šã¾ã™ã€‚ 8ã¤ã®IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’ç¢ºèªã™ã‚‹ digã‚³ãƒžãƒ³ãƒ‰ã§ç¢ºèªã§ãã¾ã™ã€‚è©¦ã—ã¦ã¿ã¦å‹˜é•ã„ã—ã¦ã„ãŸã®ã§ã™ãŒã€AZã®æ•°ã«å¿œã˜ã¦æœ€å¤§ã§8ã¤ã®ã‚ˆã†ã§ã™ã€‚ä»¥ä¸‹ã¯AZ1ã¤ã®å ´åˆã§ã€çµæžœã®Aãƒ¬ã‚³ãƒ¼ãƒ‰ã¯1ã¤ã§ã—ãŸã€‚ $ dig MyLoadBalancer-83p080071.ap-n

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

GitHub - NextronSystems/APTSimulator: A toolset to make a system look as if it was the victim of an APT attack

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

GitHub - ForensicArtifacts/artifacts: Digital Forensics artifact repository

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response

APTSimulator - Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. Atomic Red Team (ART) - Small and highly porta ble detection tests mapped to the MITRE ATT&CK Framework. AutoTTP - Automated Tactics Techniques & Procedures. Re-running complex sequences manually for regression tests, product evaluations, generate data for researchers. Calde

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

GitHub - graneed/bwpot: é«˜å¯¾è©±åž‹ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆ

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

GitHub - JPCERTCC/MalConfScan: Volatility plugin for extracts configuration data of known malware

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

Home

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆãƒ¬ã‚¹ãƒãƒ³ã‚¹åˆå‹•å¯¾å¿œæ™‚ã®ãƒ‡ãƒ¼ã‚¿åŽé›†ãƒ„ãƒ¼ãƒ« - setodaNote

2023-01-10 ãƒ‡ãƒ¼ã‚¿åŽé›†ãƒ„ãƒ¼ãƒ« ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆãƒ¬ã‚¹ãƒãƒ³ã‚¹ã®åˆå‹•å¯¾å¿œã§ç«¯æœ«ã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã™ã‚‹ã®ã«åˆ©ç”¨ã§ããã†ãªãƒ„ãƒ¼ãƒ«ã‚’ã„ãã¤ã‹è©¦ã—ã¦ã¿ã¾ã—ãŸã€‚ ä¸»ã«ãƒ•ã‚¡ã‚¤ãƒ«ãƒ€ãƒ³ãƒ—å–å¾—ã‚’ç›®çš„ã¨ã—ã¦ã€ã±ã£ã¨ãã®ã¾ã¾ä½¿ãˆã‚‹ã‚‚ã®ã‚’ã¨ã„ã†è¦³ç‚¹ã§ã„ãã¤ã‹ã®æ©Ÿèƒ½ã‚’ç¢ºèªã—ã€çµæžœã‚’è¡¨ã«ã¾ã¨ã‚ã¾ã—ãŸã€‚ï¼ˆâ€»1ã€â€»2ã€â€»6ï¼‰ å®Ÿè¡Œçµæžœï¼ˆWindows ç’°å¢ƒã§ç¢ºèªï¼‰ # åç§° å¯¾å¿œOS $MFT $UsnJrnl $LogFile Evtx Registry Prefetch Browser History Memory Dump Report é…å¸ƒå ´æ‰€ 1 CDIR Collector Windows OK OK - OK OK (+.log) OK IE/Edge, Chrome, Firefox OK Log å…¬å¼ã‚µã‚¤ãƒˆ 2 CyLR Windows, Mac, Linux OK OK OK OK OK (+.log)

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

WebShellåž‹ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚’è¨ç½®ã—ã¦WebShellã«å¯¾ã™ã‚‹ã‚¹ã‚ãƒ£ãƒ³ã‚’è¦³å¯Ÿã—ãŸ - ã“ã‚“ã¨ã‚ãƒ¼ã‚‹ã—ãƒ¼ã“ã‚“ã¨ã‚ãƒ¼ã‚‹ã¶ã„

ä¹…ã—ã¶ã‚Šã«ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã®ãƒã‚¿ã§ã™ã€‚ ã‚¿ã‚¤ãƒˆãƒ«ãŒå…¨ã¦ã§ã™ãŒã€Œæœ€è¿‘ã€WebShellè¨ç½®ã®èª¿æŸ»ã«å¯¾ã™ã‚‹ã‚¹ã‚ãƒ£ãƒ³å¤šã™ãŽãªã„ï¼Ÿã€ã¨æ€ã£ãŸã®ãŒç™ºç«¯ã€‚ WebShellè¨ç½®ã®èª¿æŸ»ã«å¯¾ã™ã‚‹ã‚¹ã‚ãƒ£ãƒ³ã¨ã¯ã€é©å½“ãªãƒ•ã‚¡ã‚¤ãƒ«åã®phpãƒ•ã‚¡ã‚¤ãƒ«ã«å¯¾ã—ã¦ã€HTTPãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒœãƒ‡ã‚£ã«die(@md5(J4nur4ry));ã¨ã‹ã‚»ãƒƒãƒˆã•ã‚Œã¦ã„ã‚‹ãƒªã‚¯ã‚¨ã‚¹ãƒˆã§ã™ã€‚ ã“ã†ã„ã†ã¨ãã«ã€Œãªã‚‰ã€æœ¬å½“ã«WebShellãŒã‚ã£ãŸã‚‰ã€ãŠå‰ã‚‰(æ”»æ’ƒè€…)ã©ã†ã™ã‚‹ã¤ã‚‚ã‚Šãªã®ï¼Ÿã€ã¨æ€ã†ã®ã¯è‡ªç„¶ãªç™ºæƒ³ã§ã™ãã€‚ ã¨ã„ã†ã“ã¨ã§ã€æŠ•å…¥ã•ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚’å®Ÿè¡Œã™ã‚‹WebShellã‚’ä½œæˆã—ã¦è¦³å¯Ÿã‚’ã—ã¾ã—ãŸã€‚ ç’°å¢ƒ AWSã®EC2ã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’ç«‹ã¦ã¦ã€ãã®ä¸Šã«Dockerã‚³ãƒ³ãƒ†ãƒŠã‚’ç«‹ã¦ã¾ã—ãŸã€‚ ãªãŠã€ç¾åœ¨ã€é«˜å¯¾è©±åž‹ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆåŸºç›¤ã‚’æ§‹ç¯‰ã—ã¦ãŠã‚Šã€ãã¡ã‚‰ã«æ§‹ç¯‰ã—ãŸDockerã‚³ãƒ³ãƒ†ãƒŠã®ä¸€ã¤ã§ã™ã€‚ é‹ç”¨ãŒå®‰å®šã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«æ‰‹é †ãŒã¾ã¨ã¾ã£ãŸã‚‰githubã§å…¬é–‹äºˆå®šã§

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

GitHub - sisoc-tokyo/Real-timeDetectionAD_ver2

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

REST Security - OWASP Cheat Sheet Series

REST Security Cheat SheetÂ¶ IntroductionÂ¶ REST (or REpresentational State Transfer) is an architectural style first described in Roy Fielding's Ph.D. dissertation on Architectural Styles and the Design of Network-based Software Architectures. It evolved as Fielding wrote the HTTP/1.1 and URI specs and has been proven to be well-suited for developing distributed hypermedia applications. While REST i

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

GitHub - shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert

ishideo 2019/08/20

ãƒªãƒ³ã‚¯

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ã‚¿ã‚°

2019å¹´8æœˆ20æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (17ä»¶)

Python3ã€€æ£è¦è¡¨ç¾ã‚’ç”¨ã„ã¦IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’åˆ¤å®šã—ãŸã„

WoWHoneypotã®access_logã‚’Fluentdã§BigQueryã«å…¥ã‚Œã‚‹(base64ãƒ‡ã‚³ãƒ¼ãƒ‰) | Qrunchï¼ˆã‚¯ãƒ©ãƒ³ãƒï¼‰

https://digitalforensic.jp/wp-content/uploads/2018/08/guideline_7.1st.pdf

ï¼Šç™½ç™¾åˆã‚ã‚‚ï¼Š

DNSãƒ‰ç´ äººãŒdigã‚³ãƒžãƒ³ãƒ‰ã¨Route 53ã‚’ä½¿ã£ã¦ã€DNSã«ã¤ã„ã¦ã‚ã‚Œã“ã‚Œå¦ã‚“ã§ã¿ãŸ | DevelopersIO

ELBã®DNS Lookupã§IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’8å€‹è¿”ã™ã‚ˆã†ã«ãªã‚Šã¾ã—ãŸ | DevelopersIO

GitHub - NextronSystems/APTSimulator: A toolset to make a system look as if it was the victim of an APT attack

GitHub - ForensicArtifacts/artifacts: Digital Forensics artifact repository

GitHub - meirwah/awesome-incident-response: A curated list of tools for incident response

GitHub - graneed/bwpot: é«˜å¯¾è©±åž‹ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆ

GitHub - JPCERTCC/MalConfScan: Volatility plugin for extracts configuration data of known malware

Home

ã‚¤ãƒ³ã‚·ãƒ‡ãƒ³ãƒˆãƒ¬ã‚¹ãƒãƒ³ã‚¹åˆå‹•å¯¾å¿œæ™‚ã®ãƒ‡ãƒ¼ã‚¿åŽé›†ãƒ„ãƒ¼ãƒ« - setodaNote

WebShellåž‹ãƒãƒ‹ãƒ¼ãƒãƒƒãƒˆã‚’è¨ç½®ã—ã¦WebShellã«å¯¾ã™ã‚‹ã‚¹ã‚ãƒ£ãƒ³ã‚’è¦³å¯Ÿã—ãŸ - ã“ã‚“ã¨ã‚ãƒ¼ã‚‹ã—ãƒ¼ã“ã‚“ã¨ã‚ãƒ¼ã‚‹ã¶ã„

GitHub - sisoc-tokyo/Real-timeDetectionAD_ver2

REST Security - OWASP Cheat Sheet Series

GitHub - shieldfy/API-Security-Checklist: Checklist of the most important security countermeasures when designing, testing, and releasing your API

ãŠçŸ¥ã‚‰ã›

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´2æœˆï¼‰

æ—§ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®Chromeæ‹¡å¼µæ©Ÿèƒ½ã«ã¤ã„ã¦ã®ãŠçŸ¥ã‚‰ã›ã¨æ–°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã”åˆ©ç”¨ã®ãŠé¡˜ã„

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´3æœˆç¬¬1é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

ã‚¿ã‚°

2019å¹´8æœˆ20æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (17ä»¶)

ãŠçŸ¥ã‚‰ã›

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2025å¹´2æœˆï¼‰

æ—§ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®Chromeæ‹¡å¼µæ©Ÿèƒ½ã«ã¤ã„ã¦ã®ãŠçŸ¥ã‚‰ã›ã¨æ–°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã”åˆ©ç”¨ã®ãŠé¡˜ã„

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2025å¹´3æœˆç¬¬1é€±ï¼‰

å…¬å¼Twitter

ã‚­ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

2019å¹´8æœˆ20æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (17ä»¶)

ãŠçŸ¥ã‚‰ã›

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´2æœˆï¼‰

æ—§ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®Chromeæ‹¡å¼µæ©Ÿèƒ½ã«ã¤ã„ã¦ã®ãŠçŸ¥ã‚‰ã›ã¨æ–°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã”åˆ©ç”¨ã®ãŠé¡˜ã„

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´3æœˆç¬¬1é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹