Bibliography
I will pinpoint in this section all the documentations that have been used to write my technical writeup, it's only to keep track of all the things in case i forget, and it can also be helpful later on for crossing references between them.
- Checkpoint
- Silentpush
- Hasherezade
- Smukx aka Whitecat18
-
Tracking infrastructure : BPH
-
Retrieve DROP from shse, monitor any change in DNS record
-
Match Discovered ASNs with hurricane electric database to see if they any peering partner ?
-
Look for indicator for BPH : Crescendo (Whois DNS ASN Organisations records, patterns in domains/ structure of the hosted pages (find a common skeleton ?), pattern on contents (what can be useful and what is impratical for our use cases)
-
Test for various kinds of tools (also creating somes) (for the tests: take a random bph range of ip)
-
Detection / threat hunting : Oneshot honeypotlab
-
Write a oneshot script for the deployement of the lab (Ansible, bash ? ...)
-
Incorporate at least 3 types of motors : Suricata, yara, sigma
-
Find the best cost effective infra
-
Reverse engineering and Malware Analysis : Rust for maldev , All hasherezade repo
-
Writeup about Struppigel courses ? MAOS books?
-
Create a repo with several languages : Language_name - malware types - malware variant - malware techniques.
-
Developping tools to automate manuals tasks (Go/Rust/Python)