Blog
The DOGESEC blog
-
Linking Cyber Threat Intelligence Knowledge Bases
PRODUCTS DIY September 09, 2024
Joining the data held in disparate knowledge bases, including linking MITRE ATT&CK to CVEs, creates a much richer context for intelligence. Let me show you the logic of an open-source tool we built to do just that. -
Using STIX Objects to Make Vulnerability Prioritisation Easy (and Free)
DIY September 02, 2024
Follow along as I show you how to store 200,000 CVEs as STIX objects, then use CVSS, EPSS, CISA KEV and CPE data to search and filter them. -
A Producers Guide to Sharing Cyber Threat Intelligence
DIY August 26, 2024
txt2stix + stix2arango + arango_taxii_server = a robust and flexible setup for storing and distributing cyber threat intelligence you've produced. -
A MITRE ATT&CK Style Knowledge Base for Ransomware
DIY August 19, 2024
After becoming ever-more frustrated by intelligence producers naming the same ransomware slightly differently, and with ATT&CK missing lots of ransomware types, I finally got around to trying to solve the problem. -
Writing Detection Rules to Identify if Products in my Stack are Vulnerable
DIY August 12, 2024
Developing on last weeks post, I show you how to construct STIX Patterns to automatically flag which products are affected by published CVEs. -
How Known Affected Software Configorations on the CVE Website are Constructed
DIY August 05, 2024
I wanted to write detection rules to identify what products are vulnerable to a CVE. In this post I walk you through my research. -
Graphing the Ransomware Payment Ecosystem using STIX Objects
DIY July 21, 2024
I recently conducted a project to identify the most prolific ransomware based on the ransom payments being made. Let me walk you through how I did it.