DiY SOAR - programming one yourself, phishing enrichment, scanning

Asphyxia

Owner
Administrator
Apr 25, 2015
1,810
2,172
287
Let me start by stating I have been to a national programming competition in the USA. Does that mean anything? Not really, but I can kinda code shit just enough to make it work - really.

1616214412086.png

I am sure you are maybe thinking, okay so wtf could be done with this useless program?

Well, a lot of things - let me list them:

Something like this could easily cost $20,000 to $30,000 to just present these emails in front of a team of analysts. With this, you can just mostly automate phishing handling. Anything uncaught, could then be forwarded to an analyst with ALL the gathered threat intel immediately ready for review - for example with urlscan, the link to the picture image is great so the analyst(s) can see what type of website would load. Does it look like a login page and have a fake Microsoft logo? Phishing.

The app up top that I made and am still working on somewhat, this just uses UrlScan to kick of a scan, then when finished you can click [safe] or [not safe] list items and see the picture to the right.

Hopefully this is good intel to get anyone started. Make this an open source project and work within Visual Studio (if you want)..
 

Atlantiss

Moderator
CipherSpeak Developer
Sep 23, 2019
55
37
51
Let me start by stating I have been to a national programming competition in the USA. Does that mean anything? Not really, but I can kinda code shit just enough to make it work - really.

View attachment 3212

I am sure you are maybe thinking, okay so wtf could be done with this useless program?

Well, a lot of things - let me list them:

Something like this could easily cost $20,000 to $30,000 to just present these emails in front of a team of analysts. With this, you can just mostly automate phishing handling. Anything uncaught, could then be forwarded to an analyst with ALL the gathered threat intel immediately ready for review - for example with urlscan, the link to the picture image is great so the analyst(s) can see what type of website would load. Does it look like a login page and have a fake Microsoft logo? Phishing.

The app up top that I made and am still working on somewhat, this just uses UrlScan to kick of a scan, then when finished you can click [safe] or [not safe] list items and see the picture to the right.

Hopefully this is good intel to get anyone started. Make this an open source project and work within Visual Studio (if you want)..
Do we have anti Wormscript or RAT on this program If yes I would definitely paid for this program. I had a lot of problems with gmail, outlook even protonmail! They don't bypass Wormscript and Rat's they usually try to block them but Even opening email from idk. [email protected] made me a trouble with my Google accounts, steam and every other Program I had Authenticator on.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,810
2,172
287
Do we have anti Wormscript or RAT on this program If yes I would definitely paid for this program.
It would be doable to mass-scan files using VirusTotal hash checking or uploading them/submitting.

I’m lately interested in programming blue team automation
 
Top