https://en.wikipedia.org/wiki/Information_security_operations_center
· · / · ·
·
(Recon)
(Weaponize)
(Deliver)
(Exploit)
(Control)
(Execute)
(Maintain)
· DHCP, DNS, Windows Event Logs, Antivirus, EDR, IDS, WiFi, , Web,
(SIEM)
·
(ITP)
·
(TDP)
IOC (IDP)
· (IOC) hash, , IP, , ,
IP · https://x.threatbook.cn/en · https://www.virustotal.com/en/ · https://www.threatcrowd.org/ · https://www.threatminer.org/ · https://www.talosintelligence.com/ · https://login.opendns.com/ · https://www.alexa.com/siteinfo · https://checkphish.ai/domain/avfisher.wi n · https://centralops.net/co/DomainDossie r.aspx?dom_whois=1&net_whois=1&do m_dns=1
URL · https://urlscan.io/ · https://sitecheck.sucuri.net/results/pool. cortins.tk · https://quttera.com/ · https://www.virustotal.com/en/ · https://checkphish.ai/
TOR · https://www.dan.me.uk/torcheck · https://exonerator.torproject.org/ · https://ipduh.com/ip/tor-exit/ · https://torstatus.blutmagie.de/
· https://www.virustotal.com/en/ · https://x.threatbook.cn/en · https://malwr.com/ · http://camas.comodo.com/ · https://www.reverse.it/ · http://www.threatexpert.com/submit.as px · https://www.vicheck.ca/ · https://virusshare.com/ · https://malshare.com/ · https://github.com/ytisf/theZoo
· Cuckoo: https://github.com/cuckoosandbox/cuc koo · Regshot: https://sourceforge.net/projects/regshot / · Process Hacker: http://processhacker.sourceforge.net/ · Process Monitor: https://technet.microsoft.com/enus/sysinternals/processmonitor.aspx · ProcDOT: https://www.cert.at/downloads/software /procdot_en.html · WinDump: https://www.winpcap.org/windump/ · Graphviz: http://www.graphviz.org/Download..php · Capture-BAT: https://www.honeynet.org/node/315 (x86 environment only) · Fakenet: https://sourceforge.net/projects/fakenet / · Wireshark: https://www.wireshark.org/#download
· SPF: http://spf.myisp.ch/ · MX: https://toolbox.googleapps.com/apps/c heckmx/ · DMARC: https://www.agari.com/insights/tools/d marc/
Security Operations Center
Defensive Security
Offensive Security
Incident Response ( )
Malware Analysis ()
Digital Forensics ( )
Detection & Monitoring ( )
Vulnerability Management ( )
Threat Intelligence ( )
Threat Hunting ( )
Penetration Testing ( )
Red Teaming ( )
·
Tier 3 · · · ·
Tier 2 · Tier 1 · · · ·
Tier 1
· ·