Category Archives: Critical Stack

Capital One is a cautionary tale for companies rushing to embrace new tech

Posted on by

Capital One always said it wasn’t like other banks. While other financial giants cautiously waded into their own digital transformations, Capital One’s leadership has sought to differentiate the $28 billion bank by investing in technology meant to modernize their business. The bank has increased its number of technology staffers to 9,000 today from 2,500 in 2011, assigning employees to software engineering, artificial intelligence and building a digital chatbot to automate reminders to customers about when their bills are due or flag unusually large restaurant tips in case they want to rescind them, Rob Alexander, the bank’s chief information officer told the Wall Street Journal last year. Capital One also was different for its use of Amazon Web Services, a rarity in the financial services industry where most corporate heavyweights simply don’t trust third-parties to store their financial data. At Capital One, the use of AWS was to serve as proof of […]

The post Capital One is a cautionary tale for companies rushing to embrace new tech appeared first on CyberScoop.

Continue reading Capital One is a cautionary tale for companies rushing to embrace new tech

Capital One begins journey as a software vendor with the release of Critical Stack Beta

Posted on by

 If every company is truly a software company, Capital One is out to the prove it. It was one of the early users of Critical Stack, a tool designed to help build security into the container orchestration process. In fact, it liked it so much it bo… Continue reading Capital One begins journey as a software vendor with the release of Critical Stack Beta

Critical Stack Intel Feed Consumption

Posted on by
Critical Stack provides a free threat intelligence aggregation feed through their Intel Market for consumption by the Bronetwork security monitoring platform. This is a fantastic service that is provided for free!! Special thanks to those who have contributed their feeds for all to take advantage of the benefits!! Installation is beyond the scope of this post as it is super easy with decent documentation available on their website. The feed updates run roughly hourly by default into a tab delimited file available on disk.

My goal was to make the IP address, domain and hash values accessible through a web interface for consumption by other tools in your security stack. Additionally, I didn’t want to create another database structure but be able to read the values into memory for comparison on script restarts. Decided to use Twisted Python by Twisted Matrix Labs to create the web server. Twisted is an event-driven networking engine written in Python. The script provides a basic foundation without entering into the format debate between STIX and JSON.  Kept it simple…

Twisted Python Installation

The following installation steps work on Ubuntu 14.04 as that is my preference.

1.     apt-get install build-essential python-setuptools python-dev python-pip

2.     pip install service_identity

3.     wget https://pypi.python.org/packages/source/T/Twisted/Twisted-15.5.0.tar.bz2

4.     bzip2 -d Twisted-15.5.0.tar.bz2

5.     tar -xvf Twisted-15.5.0.tar

6.     cd Twisted-15.5.0/

7.     python setup.py install

The PIP package installation allows for the future usage of SSL and SSH capabilities in Twisted.

TwistedIntel.py Script

The default installation file and path containing the Critical Stack Intel Feed artifacts.

The field separator on each line that gets loaded into the Python list in memory.

The output that gets displayed on the dynamically generated web page based on user input.

The port that the web server runs on for the end-user to access the web page.



TwistedIntel.py Usage

The TwistedIntel.py script can be used after execution by browsing to the website with an IP address, domain or hash value provided in the path.  If the result returns FOUND that means it is part of the Critical Stack Intel Feed as shown in Example 1.  Example 2 depicts the results if the comparison does not find a matching value.

Example 1:

http://example.4n6ir.com:8080/www.evil.com

Result 1:

www.evil.com – FOUND

Example 2:

http://example.4n6ir.com:8080/www.good.com

Result 2:

www.good.com

Download TwistedIntel.py

Feel free to change the code to meet your needs and really appreciate any contributions back to the DFIR community.

Happy Coding!!

John Lukach

@FileBlocks

Updated 12/15/2015

·      TwistedIntel2.py displays the feed that an IP address, domain, or hash originated.

·      Upstart configuration file for running the Twisted Python script at startup.

·      Crontab configuration that restarts the script hourly after Critical Stack Intel updates.

Continue reading Critical Stack Intel Feed Consumption

Critical Stack Intel Feed Consumption

Posted on by
Critical Stack provides a free threat intelligence aggregation feed through their Intel Market for consumption by the Bronetwork security monitoring platform. This is a fantastic service that is provided for free!! Special thanks to those who have contributed their feeds for all to take advantage of the benefits!! Installation is beyond the scope of this post as it is super easy with decent documentation available on their website. The feed updates run roughly hourly by default into a tab delimited file available on disk.

My goal was to make the IP address, domain and hash values accessible through a web interface for consumption by other tools in your security stack. Additionally, I didn’t want to create another database structure but be able to read the values into memory for comparison on script restarts. Decided to use Twisted Python by Twisted Matrix Labs to create the web server. Twisted is an event-driven networking engine written in Python. The script provides a basic foundation without entering into the format debate between STIX and JSON.  Kept it simple…

Twisted Python Installation

The following installation steps work on Ubuntu 14.04 as that is my preference.

1.     apt-get install build-essential python-setuptools python-dev python-pip

2.     pip install service_identity

3.     wget https://pypi.python.org/packages/source/T/Twisted/Twisted-15.5.0.tar.bz2

4.     bzip2 -d Twisted-15.5.0.tar.bz2

5.     tar -xvf Twisted-15.5.0.tar

6.     cd Twisted-15.5.0/

7.     python setup.py install

The PIP package installation allows for the future usage of SSL and SSH capabilities in Twisted.

TwistedIntel.py Script

The default installation file and path containing the Critical Stack Intel Feed artifacts.

The field separator on each line that gets loaded into the Python list in memory.

The output that gets displayed on the dynamically generated web page based on user input.

The port that the web server runs on for the end-user to access the web page.



TwistedIntel.py Usage

The TwistedIntel.py script can be used after execution by browsing to the website with an IP address, domain or hash value provided in the path.  If the result returns FOUND that means it is part of the Critical Stack Intel Feed as shown in Example 1.  Example 2 depicts the results if the comparison does not find a matching value.

Example 1:

http://example.4n6ir.com:8080/www.evil.com

Result 1:

www.evil.com – FOUND

Example 2:

http://example.4n6ir.com:8080/www.good.com

Result 2:

www.good.com

Download TwistedIntel.py

Feel free to change the code to meet your needs and really appreciate any contributions back to the DFIR community.

Happy Coding!!

John Lukach

@FileBlocks

Updated 12/15/2015

·      TwistedIntel2.py displays the feed that an IP address, domain, or hash originated.

·      Upstart configuration file for running the Twisted Python script at startup.

·      Crontab configuration that restarts the script hourly after Critical Stack Intel updates.

Continue reading Critical Stack Intel Feed Consumption