From 3c1c024ab2dd35e904f7b2d178482756a4b5fb54 Mon Sep 17 00:00:00 2001 From: fabacab Date: Mon, 9 May 2022 13:09:41 -0400 Subject: [PATCH] Add fingerprinting section. --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ad0ea24..cb27ce5 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ Many cybersecurity professionals enable racist state violence, wittingly or unwi - [Service and performance monitoring](#service-and-performance-monitoring) - [Threat hunting](#threat-hunting) - [Threat intelligence](#threat-intelligence) + - [Fingerprinting](#fingerprinting) - [Threat signature packages and collections](#threat-signature-packages-and-collections) - [Tor Onion service defenses](#tor-onion-service-defenses) - [Transport-layer defenses](#transport-layer-defenses) @@ -180,7 +181,7 @@ See also [ยง Supply chain security](#supply-chain-security). - [Dependency Combobulator](https://github.com/apiiro/combobulator) - Open source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks. - [Confusion checker](https://github.com/sonatype-nexus-community/repo-diff) - Script to check if you have artifacts containing the same name between your repositories. -- [snync](https://github.com/snyk-labs/snync) - Prevent and detect if you're vulnerable to Dependency Confusion supply chain security attacks. +- [snync](https://github.com/snyk-labs/snync) - Prevent and detect if you're vulnerable to dependency confusion supply chain security attacks. ### Fuzzing @@ -397,6 +398,11 @@ See also [awesome-threat-intelligence](https://github.com/hslatman/awesome-threa - [Viper](https://github.com/viper-framework/viper) - Binary analysis and management framework enabling easy organization of malware and exploit samples. - [YARA](https://github.com/VirusTotal/yara) - Tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples, described as "the pattern matching swiss army knife" for file patterns and signatures. +### Fingerprinting + +- [HASSH](https://github.com/salesforce/hassh) - Network fingerprinting standard which can be used to identify specific client and server SSH implementations. +- [JA3](https://ja3er.com/) - Extracts SSL/TLS handshake settings for fingerprinting and communicating about a given TLS implementation. + ### Threat signature packages and collections - [ESET's Malware IoCs](https://github.com/eset/malware-ioc) - Indicators of Compromises (IOCs) derived from ESET's various investigations.