Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

Latest commit

 

History

History
114 lines (68 loc) · 2.31 KB

8王任飞-谈谈如何建设体系化的安全运营中心(SOC)-CTIC-王任飞.pdf.md

File metadata and controls

114 lines (68 loc) · 2.31 KB
Raw

https://en.wikipedia.org/wiki/Information_security_operations_center

· · / · ·

·

(Recon)

(Weaponize)

(Deliver)

(Exploit)

(Control)

(Execute)

(Maintain)

· DHCP, DNS, Windows Event Logs, Antivirus, EDR, IDS, WiFi, , Web,

(SIEM)

·

(ITP)

·
(TDP) IOC (IDP) · (IOC) hash, , IP, , ,

IP · https://x.threatbook.cn/en · https://www.virustotal.com/en/ · https://www.threatcrowd.org/ · https://www.threatminer.org/ · https://www.talosintelligence.com/ · https://login.opendns.com/ · https://www.alexa.com/siteinfo · https://checkphish.ai/domain/avfisher.wi n · https://centralops.net/co/DomainDossie r.aspx?dom_whois=1&net_whois=1&do m_dns=1

URL · https://urlscan.io/ · https://sitecheck.sucuri.net/results/pool. cortins.tk · https://quttera.com/ · https://www.virustotal.com/en/ · https://checkphish.ai/

TOR · https://www.dan.me.uk/torcheck · https://exonerator.torproject.org/ · https://ipduh.com/ip/tor-exit/ · https://torstatus.blutmagie.de/

· https://www.virustotal.com/en/ · https://x.threatbook.cn/en · https://malwr.com/ · http://camas.comodo.com/ · https://www.reverse.it/ · http://www.threatexpert.com/submit.as px · https://www.vicheck.ca/ · https://virusshare.com/ · https://malshare.com/ · https://github.com/ytisf/theZoo

· Cuckoo: https://github.com/cuckoosandbox/cuc koo · Regshot: https://sourceforge.net/projects/regshot / · Process Hacker: http://processhacker.sourceforge.net/ · Process Monitor: https://technet.microsoft.com/enus/sysinternals/processmonitor.aspx · ProcDOT: https://www.cert.at/downloads/software /procdot_en.html · WinDump: https://www.winpcap.org/windump/ · Graphviz: http://www.graphviz.org/Download..php · Capture-BAT: https://www.honeynet.org/node/315 (x86 environment only) · Fakenet: https://sourceforge.net/projects/fakenet / · Wireshark: https://www.wireshark.org/#download

· SPF: http://spf.myisp.ch/ · MX: https://toolbox.googleapps.com/apps/c heckmx/ · DMARC: https://www.agari.com/insights/tools/d marc/

Security Operations Center

Defensive Security

Offensive Security

Incident Response ( )

Malware Analysis ()

Digital Forensics ( )

Detection & Monitoring ( )

Vulnerability Management ( )

Threat Intelligence ( )

Threat Hunting ( )

Penetration Testing ( )

Red Teaming ( )

·
Tier 3 · · · ·

Tier 2 · Tier 1 · · · ·

Tier 1

· ·