No content

No content

My experience with Jupyter What is Threat Intelligence? How Jupyter notebooks can be applied in Threat Intelligence Practical examples and tips & tricks

Sharing knowledge is not about giving people something. Sharing knowledge occurs when people are genuinely interested in helping others to develop new capacities. It is about creating learning processes. - Peter Senge -

Started using Jupyter in 2017 Learning machine learning for malware detection and classification Using notebooks to document my processes and code

What activity are we seeing? Observable What weaknesses does this threat exploit? Exploit Target What threats should I look for and why? Indicator Where has this threat been seen before? Incident Who is responsible for this threat? Threat Actor What does it do? Procedure Why does it do this? Campaign What can I do about it? Course of Action

By exchanging threat intelligence, organizations benefit from the community’s collective knowledge, experience, and capabilities to better understand the threats they face. Threat intelligence sharing is a critical tool for the cybersecurity community. It takes the knowledge of one organization and spreads it across the entire industry to improve all security practices.

Python, C#, C++ and many more... Use for data analysis and data science Efficient for incident response, log analysis, forensics... Threat intelligence analysis, analyse data leaks Enriching data, IOCs... Creating visualizations

Jupyter allows to exchange knowledge and practical analysis Share workflow and procedure to analyse Share practical tools that can be reused Enhance the capabilities of the team

https://jupyter.securitybreak.io/vt_domain_hunting/VT_Domain_hunting.html

No content

https://jupyter.securitybreak.io/strings_similarity/Strings_Extraction.html

https://jupyter.securitybreak.io/ELK_Threat_Hunting/ELK_Threat_Hunting.html

https://jupyter.securitybreak.io/Conti_Leaks_Analysis/Conti_Leaks_Notebook_TR.html

Add setup instructions Get to know well your data (structure, file format... ) Have a broader understanding before deep diving Share your notebook with your team, the community Document what you are doing and your code Use visualization Get feedback and improve your next notebook!

Run a command from Jupyter using "!" or magic command using "%" Using the "%%writefile" magic saves the contents of that cell to an external file. "%pycat" does the opposite, and shows the syntax highlighted contents of an external file.

https://jupyter.securitybreak.io

Sharing data is nice, sharing how to process that data is better! Jupyter is the perfect companion for workflow and high value procedures. Notebooks are repeatable, explainable and most of all shareable.

No content