Dilip K Mahendra

threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research. As of right now this includes the ability to add IP Addresses, Domains and Threat Actors, with more types being added in the future.
This app fills the gap between various solutions currently available, by being lightweight, easy-to-install, and by minimizing fluff and extraneous information that sometimes gets in the way of adding information. To create a new indicator, you only really need to supply the object itself (whether it be a Domain, IP or Threat Actor) and change the type accordingly, and boom! That's it! Of course, supplying more information is definitely helpful, but, it's not required.
Other applications built for storing indicators and research have some shortcomings that threat_note hopes to fix. Some common complaints with other apps are:

Hard to install/configure/maintain
Need to pay for added features (enterprise licenses)
Too much information
- This boils down to there being so much stuff to do to create new indicators or trying to cram a ton of functions inside the app.

Installation
Now that we are using SQLite, there's no need for a pesky Vagrant machine. All we need to do is install some requirements via pip and fire up the server:

cd threat_note
pip install -r requirements.txt
honcho start

Once the server is running, you can browse to http://localhost:5000 and register a new account to use to login into threat_note with.

Docker Installation
A development dockerfile is now available, to build it do the following from its directory:

sudo docker build -t threat_note .
sudo docker run -itd -p 8888:8888 threat_note

Once the server is running, you can browse to http://localhost:8888 and register a new account to use to login into threat_note with.

Usage
For a good "Getting Started" guide on using threat_note, check out this post by @CYINT_dude on his blog.

Screenshots
First up is a shot of the dashboard, which has the latest indicators, the latest starred indicators, and a campaign and indicator type breakdown.

Next is a screenshot of the Network Indicators page, here you will see all the indicators that have a type of "Domain", "Network", or "IP Address".

You can edit or remove the indicator right from this page, by hovering over the applicable icon on the right-hand side of the indicator.

Clicking on a network indicator will pull up the details page for the indicator. If you have Whois information turned on, you'll see the city and country underneath the indicator.

Clicking on the "New Indicator" button on the Network or Threat Actor page will bring up a page to enter details about your new indicator.

If you click on the "Edit Indicator" icon next to an indicator, you'll be presented with a page to edit any of the details you previously entered. You can also click on the "New Attribute" icon at the bottom right to add a new attribute to your indicator.

In the screenshot below you can see the "Threat Actors" page, which is similiar to the "Network Indicators" page, however, you'll only be presented with the Threat Actors you've entered.

Below is the Campaign page. It contains all of your indicators, broken out by campaign name. Please note that the "Edit Description" button to the right of the campaign description is broken right now, and will be fixed in a future release. Clicking on an indicator will take you to the indicator detail page.

Lastly, here is the Settings page, where you can delete your threat_note database, as well as control any 3rd party integrations, such as Whois data or VirusTotal information. Turning these integrations on can slow down the time to retrieve details about your indicator. A new feature recently added by @alxhrck was the ability to add an HTTP(s) proxy if you need it to connect to 3rd parties. He also recently added support for a new 3rd party integration, OpenDNS Investigate, which can be activated on this page.

Download Threat_Note

python hacking tools

Here is a little something I have been waiting on for a bit over six months…. A proof of concept in plastic from another manufacturer.

I am stoked! The quality looks good, the price is right and the turn around time will be good. So why did it take six months then? Because it was free, a test mold and test shots arranged by my old account manager at WGF who has struck out on his own. He asked if I could send him the original files to split and use as a non-retail sample to show other clients. I agreed and after some waiting they arrived! This is only two of the five pose options... As a free test mold we were limited to a single sprue.

No doubt Wai Kee and the old WGF makes incredible plastic, but his shop is always jammed with production, this makes it pretty much impossible for me to look at that as a viable resource for future production or Kickstarter's. I had my doubts that anyone could get close, but I am reeealllly happy with these shots, and as this opens up the door again I am eyeing another Kickstarter.

I am still pulling together all the costs and if it appears to be a real option, I am more than happy to give it a go. This time would be FAR more focused. One kit at a time, with true costs, the molds and production would need to be funded in full for that 'episode'? But if it works, another would be on the heals of the last… Ferals? then StuG? then Shadokesh vehicle or walker… then whatever sounds fun.

With this kind of Kickstarter there would be a very focused goal, drive and costs… We are not so much looking at the typical song and dance hype train. The product would make it or not on its own merits, and cover its true costs.

Soooo what do you think?

Would you like to know more?