Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home News

Tool For Producing Threat Hunting And Intelligence Data From Public Sandbox Detonation Output

admin by admin
November 21, 2022
in News




The Sandbox Scryer is an open-source tool for producing threat hunting and intelligence data from public sandbox detonation output The tool leverages the MITRE ATT&CK Framework to organize and prioritize findings, assisting in the assembly of IOCs, understanding attack movement and in threat hunting By allowing researchers to send thousands of samples to a sandbox for building a profile that can be used with the ATT&CK technique, the Sandbox Scryer delivers an unprecedented ability to solve use cases at scale The tool is intended for cybersecurity professionals who are interested in threat hunting and attack analysis leveraging sandbox output data. The Sandbox Scryer tool currently consumes output from the free and public Hybrid Analysis malware analysis service helping analysts expedite and scale threat hunting

[root] version.txt – Current tool version LICENSE – Defines license for source and other contents README.md – This file

[rootbin] Linux – Pre-build binaries for running tool in Linux. Currently supports: Ubuntu x64 MacOS – Pre-build binaries for running tool in MacOS. Currently supports: OSX 10.15 x64 Windows – Pre-build binaries for running tool in Windows. Currently supports: Win10 x64

[rootpresentation_video] Sandbox_Scryer__BlackHat_Presentation_and_demo.mp4 – Video walking through slide deck and showing demo of tool

[rootscreenshots_and_videos] Various backing screenshots

[rootscripts] Parse_report_set.* – Windows PowerShell and DOS Command Window batch file scripts that invoke tool to parse each HA Sandbox report summary in test set Collate_Results.* – Windows PowerShell and DOS Command Window batch file scripts that invoke tool to collate data from parsing report summaries and generate a MITRE Navigator layer file

[rootslides] BlackHat_Arsenal_2022__Sandbox_Scryer__BH_template.pdf – PDF export of slides used to present the Sandbox Scryer at Black Hat 2022

[rootsrc] Sandbox_Scryer – Folder with source for Sandbox Scryer tool (in c#) and Visual Studio 2019 solution file

[roottest_data] (SHA256 filenames).json – Report summaries from submissions to Hybrid Analysis enterprise-attack__062322.json – MITRE CTI data TopAttackTechniques__High__060922.json – Top MITRE ATT&CK techniques generated with the MITRE calculator. Used to rank techniques for generating heat map in MITRE Navigator

[roottest_output] (SHA256)_report__summary_Error_Log.txt – Errors (if any) encountered while parsing report summary for SHA256 included in name (SHA256)_report__summary_Hits__Complete_List.png – Graphic showing tecniques noted while parsing report summary for SHA256 included in name (SHA256)_report__summary_MITRE_Attck_Hits.csv – For collation step, techniques and tactics with select metadata from parsing report summary for SHA256 included in name (SHA256)_report__summary_MITRE_Attck_Hits.txt – More human-readable form of .csv file. Includes ranking data of noted techniques

collated_data collated_080122_MITRE_Attck_Heatmap.json – Layer file for import into MITRE Navigator

The Sandbox Scryer is intended to be invoked as a command-line tool, to facilitate scripting

Operation consists of two steps:

  • Parsing, where a specified report summary is parsed to extract the output noted earlier
  • Collation, where the data from the set of parsing results from the parsing step is collated to produce a Navigator layer file

Invocation examples:

If the parameter “-h” is specified, the built-in help is displayed as shown here Sandbox_Scryer.exe -h

        Options:
-h Display command-line options
-i Input filepath
-ita Input filepath - MITRE report for top techniques
-o Output folder path
-ft Type of file to submit
-name Name to use with output
-sb_name
Identifier of sandbox to use (default: ha)
-api_key API key to use with submission to sandbox
-env_id Environment ID to use with submission to sandbox
-inc_sub Include sub-techniques in graphical output (default is to not include)
-mitre_data Filepath for mitre cti data to parse (to populate att&ck techniques)
-cmd Command
Options:
parse Process report file from prior sandbox submission
Uses -i, -ita, - o, -name, -inc_sub, -sig_data parameters
col Collates report data from prior sandbox submissions
Uses -i (treated as folder path), -ita, -o, -name, -inc_sub, -mitre_data parameters

Once the Navigator layer file is produced, it may be loaded into the Navigator for viewing via https://mitre-attack.github.io/attack-navigator/

Within the Navigator, techniques noted in the sandbox report summaries are highlighted and shown with increased heat based on a combined scoring of the technique ranking and the count of hits on the technique in the sandbox report summaries. Howevering of techniques will show select metadata.





Source link

Tags: cybersecurityethical hackinghack androidhack apphack wordpresshacker newshackinghacking tools for windowskeyloggerkitkitploitpassword brute forcepenetration testingpentestpentest androidpentest linuxpentest toolkitpentest toolsspy tool kitspywaretools
Previous Post

NordVPN und Surfshark im Direktvergleich 2022

Next Post

Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware

Next Post

Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware

Recommended

Track Ip And GPS Location

4 months ago

Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users

3 months ago

© Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.