BigSnarf blog

Infosec FTW

DataFrames meet Apache Spark 1.3

Spark Scala Notebook incubating Apache video

Norvig on Machine Learning

Vagrant Kali Linux in one command

Screen Shot 2015-03-06 at 9.33.33 AM

vagrant box add kali-linuxhttp://ftp.sliim-projects.eu/boxes/kali-linux-1.0-amd64.box && vagrant kali init

Open Source Monitoring Tools

Open source monitoring projects

  • statsd is a node.js network daemon that listens for metrics and aggregates them for transfer into another service such as Graphite.
  • Graphite stores time-series data and displays them in graphs through a Django web application.
  • Bucky measures the performance of a web application from end user’s browsers and sends that data back to the server for collection.
  • Sensu is an open source monitoring framework written in Ruby but applicable to any programming language web application.
  • Graph Explorer by Vimeo is a Graphite-based dashboard with added features and a slick design.
  • PacketBeat sniffs protocol packets. Elasticsearch then allows developers to search the collected data and visualize what’s happening inside their web application using the Kibana user interface.
  • Munin is a client plugin-based monitoring system that sends monitoring traffic to the Munin node where the data can be analyzed and visualized. Note this project is written in Perl so Perl 5 must be installed on the node collecting the data.

Open Source Intelligence Feeds

Source Location Notes
abuse.ch http://www.abuse.ch Various malware trackers.
AdBlock https://easylist-downloads.adblockplus.org/easylist.txt AdBlock pattern matches
AlienVault https://reputation.alienvault.com AlienVault’s IP reputation database.
Autoshun.org http://www.autoshun.org Blacklists.
AVG Site Safety Report http://www.avgthreatlabas.com Site safety checker.
Bing http://www.bing.com Scraping but future version to also use API.
Blocklist.de http://lists.blocklist.de Blacklists.
Checkusernames.com http://www.checkusernames.com Look up username availability on popular sites.
DNS Your configured DNS server. Defaults to your local DNS but can be configured to whatever IP address you supply SpiderFoot.
DomainTools http://www.domaintools.com
DroneBL http://www.dronebl.org
Facebook http://www.facebook.com Scraping but future version to also use API.
FreeGeoIP http://freegeoip.net
Google http://www.google.com Scraping but future version to also use API.
Google+ http://plus.google.com Scraping but future version to also use API.
Google Safe Browsing http://www.google.com/safebrowsing Site safety checker.
LinkedIn http://www.linkedin.com Scraping but future version to also use API.
malc0de.com http://malc0de.com Blacklists.
malwaredomainlist.com http://www.malwaredomainlist.com Blacklists.
malwaredomains.com http://www.malwaredomains.com Blacklists.
McAfee SiteAdvisor http://www.siteadvisor.com Site safety checker.
NameDroppers http://www.namedroppers.org
Nothink.org http://www.nothink.org Blacklists.
OpenBL http://www.openbl.org Blacklists.
PasteBin http://www.pastebin.com Achieved through Google scraping.
PGP Servers http://pgp.mit.edu/pks/ PGP public keys.
PhishTank http://www.phishtank.org Identified phishing sites.
Project Honeypot http://www.projecthoneypot.org Blacklists. API key needed.
RIPE/ARIN http://stat.ripe.net/
Robtex http://www.robtex.com
SANS ISC http://isc.sans.edu Internet Storm Center IP reputation database.
SHODAN http://www.shodanhq.com API key needed.
SORBS http://www.sorbs.net Blacklists.
SpamHaus http://www.spamhaus.org Blacklists.
ThreatExpert http://www.threatexpert.com Blacklists.
TOR Node List http://torstatus.blutmagie.de
TotalHash.com http://www.totalhash.com Domains/IPs used by malware.
UCEPROTECT http://www.uceprotect.net Blacklists.
VirusTotal http://www.virustotal.com
Whois Various Whois
Yahoo http://www.yahoo.com
Zone-H http://www.zone-h.org

Happy Pancake Stack

Brute Force D3.js Visualization

Running Apache Spark EMR and EC2 scripts on AWS with read write S3

Video Demo of Spark on EMR

Other posts I did learning EMR

https://bigsnarf.wordpress.com/2014/10/22/process-logs-with-kinesis-s3-apache-spark-on-emr-amazon-rds/

https://bigsnarf.wordpress.com/2015/01/05/apache-spark-1-0-0-emr-via-command-line/

Script to launch you own cluster on EC2

Spark Cluster Build Output for EC2

Commands to experiment with Spark Shell and read write to S3

Output for Simple Word Count job on EMR

Screen Shot 2015-01-20 at 4.42.11 PM

Links to Apache Spark and Collection of Spark EMR Posts

Rsyslog Remotes sending to ElasticSearch and Kibana

Apache Spark 1.0.0 EMR via command line

Follow

Get every new post delivered to your Inbox.

Join 50 other followers