Intro
Continuing where we left of, we have curated a list of another five tools. These are once again belonging to different branches of Cyber, as per our intention to cover the most ground with the least steps taken. We will expand on the topics, as well as some of these tools, in the future, but for now we would like to introduce them and provide a high level overview of their purpose, capabilities, and general uses.
Burp Suite
Burp Suite probably doesn’t need much introduction as it is well known inside the community, but let’s explain some basics about how Burp works and what are some of the options that are offered. Essentially, Burp Suite is a Web Hacking framework – Web App Pentesting framework, to be precise. Burp Suite is pretty much the industry standard when it comes to web app security, and since its features enable it to test APIs, Burp is also used for mobile apps.
At its core, Burp intercepts the traffic between the webserver and the client, enabling the attacker to manipulate it. We can then issue our own requests for the server as we see fit. Burp also has the ability to forward the captured requests to other parts of the application – something we’ll explore in more depth in the upcoming Burp Suite series.
Burp comes with three different license options: Community, Professional, and Enterprise.
If you’ve used Burp in the past, chances are you’ve used the Community edition. Professional license is a yearly paid subscription, but it offers even more great features. Enterprise is a bit different to the two other versions, as it is intended for continuous scanning – automatically scanning your web apps for vulnerabilities – which would make sense in an enterprise environment.
Generally, there’s no need for the pro version as the Community version is extremely powerful by itself, but the pro version does have more automated and expanded features, such as API integration with other tools, option to save the projects and generate reports, automated vulnerability scanner, unlimited access to add new extensions, and more.
Splunk
Splunk name has become synonymous with SIEM (Security Information and Event Management), which is of no surprise as it is being heavily used in the industry, especially in large enterprise environments.
SIEM solutions are basically a centralized location where you can ingest the logs from your environment, from various sources. They are collected and normalized, so that they can be more easily investigated, and queried, by the analyst.
Aside from being able to ingest virtually any data, Splunk also offers a lot of additional capabilities in the form of Splunk apps (you can browse them here). One important Splunk app to mention is TA-Sigma-Searches which we can use to create queries in the sigma format, for easier sharing with other analysts or teams that don’t necessarily us Splunk as their SIEM solution. This is incredibly important since all SIEM solutions have different format for creating queries, and you might be on a team that doesn’t use Splunk – or vice versa.
With Splunk, you can also create alerts that are triggered when a specific condition is met. This is generally used for responding and monitoring of events.
Furthermore, all of this data can be tailored to your own purpose with detailed dashboards and visualizations.
Nessus
Nessus is a vulnerability scanner, which scans your infrastructure for vulnerabilities.
What makes Nessus unique and different from other scanners is the fact that it doesn’t make assumptions. For example, it won’t assume that your port 80 is running a web application.
Nessus can be deployed on almost any platform, including your Raspberry Pi, it also has more than 450 pre-configured templates which can help you quickly address your vulnerabilities. Its reporting capabilities are such that you can configure them as per best aligning formats for your security practices.
MISP
MISP, or short for Malware Information Sharing Platform, is a threat information platform which enables collection, storing, and sharing of threat intelligence and IOCs that relate to cyber attacks, malware, or any other intelligence, between trusted members. After all, two enterprises can both be targeted by the same threat actor, and MISP sees to it that you can safely share intel and collaborate between each other.
Your threat information can in turn be used by SIEMs and NIDS (Network Intrusion Detection Systems). MISP can be used for security investigations, intelligence, risk, and fraud analysis, and more.
MISP functionalities support Indicators of Compromise (IOC) database, data sharing (according to the different distribution models – from open/public, to semi-closed, and private), import and export capabilities, automatic correlation, and API support (you can integrate it with your own systems to obtain and export intelligence).
Much more great information on MISP can be found here, and on the MISP Project Github repo here.
REMnux
REMnux is a Linux toolkit for reverse-engineering and analysis of malicious software. REMnux can help you with:
- Analyzing malicious MS Office macros (most common way malware developers distribute their payloads)
- Identifying and analyzing malicious payloads in various formats (.pdf’s, .exe’s, etc.)
- Memory forensics on infected systems
- Gathering and analyzing threat data
- Exploring network interactions for behavior analysis
- Investigating system-level interactions of malware
and more!
Tools inside this REMnux bundle are free, however, they have their own individual licenses, and it’s up to you to figure out how you’re going to use them, in accordance with their respective restrictions. Other contents that are part of the REMnux toolkit, like configuration and code, are licensed under the GNU General Public License v3.0 – unless otherwise stated.
The easiest and fastest way to start with REMnux is to download the REMnux distro .OVA file and run it on the hypervisor software of your choice (there’s a separate download for Virtual Box). You can also run the REMnux distro as a Docker container, as well as install it on a dedicated machine.
Conclusion
So, we’ve scratched over an incredibly large surface and probably opened up a bunch of new questions; that is why in the upcoming articles we will ‘zoom in’ more into some of these tools. Of course, aside from writing a full-fledged book, we can’t hope to ever cover them all in the way they would deserve, even if we were to make series out of every one of the tools mentioned.
With all that in mind, you could think of this mini-series of articles as our Cyber-appetizers to the main course – which is fully up to your discretion. We hope some of the links shared will help you create it for yourselves, in accordance with your palate.
Bon appetit!
Cover image by Immo Wegmann
#Burp #MISP #Splunk #Nessus #Tooling #Cybersec
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.
