slacker007 / dnsjsonparser Goto Github PK

• 🔭 I’m currently working on offensive modules for Quasar Rat (CSharp)
• 🌱 I’m currently learning predictive search techniques (Python)
• 👯 I’m looking to collaborate on anything fun/new/cool
• 📫 How to reach me: [email protected]
• ⚡ Fun fact: I'll get back to you on this one.....

Over the years I have worked on various projects ranging from small research projects to team based projects in support of OSS. The following work spans over 10 years of OSS development, training, and research. Most of the code is research for other operational projects for cyber threat hunting, red teaming, pentesting, and IR.

• SOC Immersion Training (SIT) - (2018) Co-Author, SIT is designed for intermediate-level cybersecurity and hunt team analysts to increase their functional knowledge of analytical thinking and concepts. By using demonstrated real-world attack methodologies in a step-by-step manner, SIT provides analysts with an in-depth understanding of how to analyze attack TTPs and the ability to construct complex IOCs derived from environment-specific threats and constraints.

• Finding Evil in DNS Traffic - Video

• Rapid Attack Infrastructure (RAI) - Co-auther of team project to automate C2 redirector setup for Red Team OP's

• BRO - Network Security Monitoring - Collection of Bro and bash scripts that when run from the same directory on a Linux distro with bro installed; will pull information such as active HTTP conns, FTP conns, DNS Request/Responses, And a live(-20 seconds) feed for files transmitted. It also carves the various types of files at the same time. They can be run against snort logs or pcaps.
• NodeHunter - Python wrapper around NMAP api to perform quick and dirty node and service discovery and enumeration.
• CS-Beacon-Detector - (2015) Custom Sniffer that was designed to work against Cobal Strike DNS Beacons. It listens for DNS beacons and analyzes the URL, Request, and multiple specific fields within the payload. It performs some correlation to determine the validity of requests and replies.
• DNShunter - DNShunter is a python based module that is written for a Hunt Framework & custom Linux distro built for hunt operations. Currently it reads in .pcap files and extracts the DNS Queries and Answers. In addition to extracting the queries & answers, it also performs a geo-lookup of the domains & the associated IP's.
• S3 - Splunk Sexy Six - Open Source Windows Security Event Log Correlation and Analysis Tool
• VDNS - VDNS is a python application that parses Bro's dns.log file and injests the results into the neo4j database for visual analysis
• OFF-ToolKit - Project created to gather host based forensic data to later use during an offensive engagement
• NetInfo - Quick and dirty python script to gather network information from windows registry.

• DeepFreeze-Agent - Contributed to custom C++ agent to learn various Windows C APIs and WMI process, service, driver monitoring supporting dynamic rule creation. Project was ultimately used for conference research and talk performed by @killswitch-gui. See confrence talk https://www.slideshare.net/AlexanderRymdekoHarv/rat-repurposing-adversarial-tradecraft