{"id":55457,"date":"2022-08-12T09:11:10","date_gmt":"2022-08-12T01:11:10","guid":{"rendered":"https:\/\/version-2.com\/?p=55457"},"modified":"2022-12-02T18:13:46","modified_gmt":"2022-12-02T10:13:46","slug":"security-tools-pt-2","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2022\/08\/security-tools-pt-2\/","title":{"rendered":"Security Tools \u2013 Pt. 2"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/p>\n

Intro<\/h3>

Continuing where we left of, we have curated a list of another five tools. These are once again belonging to different branches of Cyber, as per our intention to cover the most ground with the least steps taken. We will expand on the topics, as well as some of these tools, in the future, but for now we would like to introduce them and provide a high level overview of their purpose, capabilities, and general uses.<\/p>

Burp Suite<\/h3>

Burp Suite probably doesn\u2019t need much introduction as it is well known inside the community, but let\u2019s explain some basics about how Burp works and what are some of the options that are offered. Essentially, Burp Suite is a Web Hacking framework \u2013 Web App Pentesting framework, to be precise. Burp Suite is pretty much the industry standard when it comes to web app security, and since its features enable it to test APIs, Burp is also used for mobile apps.<\/p>

At its core, Burp intercepts the traffic between the webserver and the client, enabling the attacker to manipulate it. We can then issue our own requests for the server as we see fit. Burp also has the ability to forward the captured requests to other parts of the application \u2013 something we\u2019ll explore in more depth in the upcoming Burp Suite series.<\/p>

Burp comes with three different license options: Community, Professional, and Enterprise<\/em>.<\/p>

If you\u2019ve used Burp in the past, chances are you\u2019ve used the Community edition. Professional license is a yearly paid subscription, but it offers even more great features. Enterprise is a bit different to the two other versions, as it is intended for continuous scanning \u2013 automatically scanning your web apps for vulnerabilities \u2013 which would make sense in an enterprise environment.<\/p>

Generally, there\u2019s no need for the pro version as the Community version is extremely powerful by itself, but the pro version does have more automated and expanded features, such as API integration with other tools, option to save the projects and generate reports, automated vulnerability scanner, unlimited access to add new extensions, and more.<\/p>

  <\/p>

Splunk<\/h3>

Splunk name has become synonymous with SIEM (Security Information and Event Management), which is of no surprise as it is being heavily used in the industry, especially in large enterprise environments.<\/p>

SIEM solutions are basically a centralized location where you can ingest the logs from your environment, from various sources. They are collected and normalized, so that they can be more easily investigated, and queried, by the analyst.<\/p>

Aside from being able to ingest virtually any data, Splunk also offers a lot of additional capabilities in the form of Splunk apps (you can browse them here<\/a>). One important Splunk app to mention is TA-Sigma-Searches<\/a> which we can use to create queries in the sigma<\/a> format, for easier sharing with other analysts or teams that don\u2019t necessarily us Splunk as their SIEM solution. This is incredibly important since all SIEM solutions have different format for creating queries, and you might be on a team that doesn\u2019t use Splunk \u2013 or vice versa.<\/p>

With Splunk, you can also create alerts that are triggered when a specific condition is met. This is generally used for responding and monitoring of events.<\/p>

Furthermore, all of this data can be tailored to your own purpose with detailed dashboards and visualizations.<\/p>

Nessus<\/h3>

Nessus<\/a> is a vulnerability scanner, which scans your infrastructure for vulnerabilities.<\/p>

What makes Nessus unique and different from other scanners is the fact that it doesn\u2019t make assumptions. For example, it won\u2019t assume that your port 80 is running a web application.<\/p>

Nessus can be deployed on almost any platform, including your Raspberry Pi, it also has more than 450 pre-configured templates which can help you quickly address your vulnerabilities. Its reporting capabilities are such that you can configure them as per best aligning formats for your security practices.<\/p>

MISP<\/h3>

MISP<\/a>, or short for Malware Information Sharing Platform, is a threat information platform which enables collection, storing, and sharing of threat intelligence and IOCs that relate to cyber attacks, malware, or any other intelligence, between trusted members. After all, two enterprises can both be targeted by the same threat actor, and MISP sees to it that you can safely share intel and collaborate between each other.<\/p>

Your threat information can in turn be used by SIEMs and NIDS (Network Intrusion Detection Systems). MISP can be used for security investigations, intelligence, risk, and fraud analysis, and more.<\/p>

MISP functionalities support Indicators of Compromise (IOC) database, data sharing (according to the different distribution models \u2013 from open\/public, to semi-closed, and private), import and export capabilities, automatic correlation, and API support (you can integrate it with your own systems to obtain and export intelligence).<\/p>

Much more great information on MISP can be found here<\/a>, and on the MISP Project Github repo here<\/a>.<\/p>

REMnux<\/h2>

REMnux is a Linux toolkit for reverse-engineering and analysis of malicious software<\/a>. REMnux can help you with:<\/p>