toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions
It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency capabilities of a system, especially in service-oriented architectures, where toxy may act as intermediate proxy among services.
toxy allows you to plug in poisons, optionally filtered by rules, which essentially can intercept and alter the HTTP flow as you need, performing multiple evil actions in the middle of that process, such as limiting the bandwidth, delaying TCP packets, injecting network jitter latency or replying with a custom error or status code.
toxy can be fluently used programmatically or via HTTP API. It’s compatible with connect/express, and it was built on top of rocky, a full-featured middleware-oriented HTTP proxy.
Requires node.js +0.12 or io.js +1.6
FeaturesFull-featured HTTP/S proxy (backed by rocky and http-proxy) Hackable and elegant programmatic API (inspired on connect/express) Admin HTTP API for external management and dynamic configuration Featured built-in router with nested configuration Hierarchical and composable poisioning with rule based filtering Hierarchical middleware layer (both global and route [...]
Maltelligence is a tool developed by Maltelligence Research Group to automatically collect malicious network infrastructure information and malware samples RECURSIVELY from various open source intelligence (OSINT) sources including virustotal, whois, passive DNS, IP subnets, AS number and Geolocation information.
You may run Maltelligence PERIODICALLY to capture and profile the behaviour of malicious group of domain, IP, whois and html content along different stage/time of APT attacks.Malware Threat Analyst Desktop: Maltelligence is a project from the insight of MalProfile
If you want to run your instance of Maltelligence locally on your machine, be sure you have the following requirements installed:
Below procedure is tested in Ubuntu 14.04Mysql installationThe root password configured will be used in MalProfile.inisudo apt-get install mysql-client-core-5.6 sudo apt-get install mysql-server-5.6Install dependenciessudo apt-get install git sudo apt-get install python-setuptools sudo apt-get install build-essential python-dev libmysqlclient-dev sudo apt-get install libfuzzy-dev sudo easy_install pipmkdir download cd downloadwget http://sourceforge.net/projects/ssdeep/files/ssdeep-2.13/ssdeep-2.13.tar.gz/download tar xvfz download cd ssdeep-2.13/ ./configure [...]
Network Security Monitoring (NSM) is, put simply, monitoring your network for security related events. It might be proactive, when used to identify vulnerabilities or expiring SSL certificates, or it might be reactive, such as in incident response and network forensics. Whether you’re tracking an adversary or trying to keep malware at bay, NSM provides context, intelligence and situational awareness of your network. There are some commercial solutions that get close to what Security Onion provides, but very few contain the vast capabilities of Security Onion in one package.
Many assume NSM is a solution they can buy to fill a gap; purchase and deploy solution XYZ and problem solved. The belief that you can buy an NSM denies the fact that the most important word in the NSM acronym is “M” for Monitoring. Data can be collected and analyzed, but not all malicious activity looks malicious at first glance. While automation and correlation can enhance intelligence and assist in the process of sorting through false positives and malicious indicators, there is no replacement for human intelligence and awareness. I don’t want to disillusion you. Security Onion isn’t a silver bullet that you can setup, walk away from and feel safe. Nothing is and if that’s what you’re looking for you’ll never find it. Security Onion will provide visibility into your network traffic and context around alerts and anomalous events, [...]