viper - using misp from your terminal - misp - threat sharing · viper - main ideas viper is a...
Post on 03-Jun-2020
13 Views
Preview:
TRANSCRIPT
Viper - Using MISP from your terminalMISP - Threat Sharing
Threat Sharing
Team CIRCL
MISP Projecthttps://www.misp-project.org/
ESDC 20200303
Viper - Main ideas
Viper is a binary analysis and management framework.Its fundamental objective is to provide a solution to easilyorganize your collection ofmalware and exploit samplesas well as your collection of scripts you created or foundover the time to facilitate your daily research. Think ofit as a Metasploit for malware researchers: it provides aterminal interface that you can use to store, search andanalyze arbitrary �les with and a framework to easily cre-ate plugins of any sort.
1 12
Viper
Solid CLIPlenty of modules (PE �les, *o�ce, ELF, APK, ...)Connection to 3rd party services (MISP, VirusTotal, cuckoo)Connectors to 3rd party tools (IDA, radare)Locale storage of your own zooDjango interface is available (I’ve been told)
2 12
Viper
3 12
PyMISP & Viper
Full featured CLI for MISPRemote storage of your zooSearch / Cross check with VirusTotalCreate / Update / Show / Publish EventDownload / Upload SamplesMass export / Upload / DownloadGet Yara rules
4 12
MISP Module
5 12
Viper & VT
Searches for hashes/ips/domains/URLs from the currentMISP event, or download the samplesDownload samples from current MISP eventDownload all samples from all the MISP events of thecurrent session
6 12
VirusTotal Module
7 12
Extra features
Link to a MISP eventLocal storage of the MISP eventOn the �y cross-check of MISP atributes with 3rd partyservicesNever leaving your CLI!
8 12
Other modules
Fully featured CLI for Passive SSLFully featured CLI for Passive DNSCan launch Radare2 or IDA
9 12
Passive SSL
10 12
Passive DNS
11 12
Q&A
https://github.com/MISP/PyMISPhttps://github.com/MISP/https://github.com/viper-framework/viperWe welcome new functionalities and pull requests.
12 / 12
top related