Just bLogs - June Projects Highlights

Quick overview of projects I’ve been working on; Vuln-View.

JUST BLOGS

6/15/20263 min read

worm's-eye view photography of concrete building
worm's-eye view photography of concrete building

The following is just a quick overview one of the projects I'm currently working on; Vuln-View Workbench.

Vuln-View (V2) Workbench

This is a personal project that was derived from a prior project I had created using pyqt and python. I decided to port portions of that project to to a web app that uses HTML/CSS/JavaScript for frontend, SQLite & Neo4j for database and Flask for backend.

The following are some current screenshots:

double clicking the tactic in the table and then double clicking anywhere in any of the display outputs will show only that tactic information.

You can also select different threat groups and compare information. The above screenshot is showing the difference between Mustang Panda’s and APT41’s Reconnaisance Tactic.

The Graph Analytical Tool (GAT) Workbench as seen below; is showing the CISA KEV data as a graph. You can query the graph using the Cypher query language.

Both the CISA KEV and MITRE page has a button that says “Send-to-Workbench” clicking either of those buttons will send either the CISA KEV or the MITRE information to the GAT-Workbench.

The below screenshots show the result of running the cypher query “MATCH p=(v:Vendor {vendor:'Apple'})-->() RETURN p LIMIT 100"

You can also query a local LLM. This is to help with deep analysis and research.

The other workbench tool, which is still todo is the ASEM-Workbench. A screenshot and a simplified idea follows:

Attack Surface & Exposure Management (ASEM)

Combines both ASM, EM and EA to create a more encompassing view of the Enterprise Risk Profile.

Attack Surface Management (ASM) - Focuses on the discovery and inventory of all external/internet facing assets, such as domains, IPs, APIs, cloud, etc.

Exposure Management (EM) - Looks at attack paths, misconfigurations, and identifying risks.

Exploitation Analysis (EA) - Deep dive analysis into how a specific vulnerability or exploit actually functions and how they can be utilized or leveraged in real world attack.

Threat & Exploit Analysis Matrix – Uses STRIDE, DREAD, Cyber Kill Chain and MITRE as the main analysis toolkit to create a Course of Action (CoA).

Course of Action (CoA) – A derive plan of action from performing analysis. This plan of Action will provide results such as prevention & detection rules, possible mitigation & remediation steps/processes, and prioritization and risk scoring.