mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-15 23:44:56 +03:00
mukul975
1.6 KiB
1.6 KiB
Standards and Frameworks Reference
STIX 2.1 Infrastructure Object
{
"type": "infrastructure",
"name": "C2 Server",
"infrastructure_types": ["command-and-control"],
"description": "Cobalt Strike TeamServer at 198.51.100.1",
"first_seen": "2025-01-01T00:00:00Z",
"last_seen": "2025-06-01T00:00:00Z"
}
Diamond Model of Intrusion Analysis
- Adversary: Threat actor or group
- Capability: Tools, techniques, and malware
- Infrastructure: C2 servers, domains, hosting
- Victim: Targeted organization or individual
Infrastructure Types (STIX vocabulary)
- command-and-control, botnet, exfiltration, hosting-malware
- hosting-target-lists, phishing, staging, undefined
Network Fingerprinting Methods
| Method | Type | Description |
|---|---|---|
| JARM | Active | TLS server fingerprint from 10 TLS handshakes |
| JA3S | Passive | Server Hello hash from TLS negotiation |
| JA3 | Passive | Client Hello hash for client fingerprinting |
| Favicon Hash | Active | HTTP favicon file hash |
| HTTP Headers | Active/Passive | Server banner and header fingerprinting |
| SSH Key | Active | SSH host key fingerprint |
Passive DNS Record Types
- A/AAAA: Domain to IP mapping
- CNAME: Domain alias
- MX: Mail server records
- NS: Nameserver records
- TXT: Text records (SPF, DKIM, verification)