Projects

SEE - Security Events Explorer

SEE (Security Event Explorer) is an attempt to create a log intelligence tool which is both user-friendly and powerful. Indeed, both during the monitoring activity of a security analyst and during Incident Response processes, we need reliable and fast tools to explore logs. One of the best places to look for potential indicators of comprimise is the Windows Event viewer, and Windows Security Events can allow to discover malicious activities such as lateral movement, privilege escalation and many others. However, Windows Event Viewer, although powerful, is not user friendly, and making searched on it is complex and time-consuming. For this reason, I started the deployment of an open-source tool (MIT license once done) which will be at disposal of cyber security analysts to quickly and better analyze security events happening in their network. Currently, the tool is under active development, but the basics feature are already present. The tool allows the analysis of Windows Security Events. You will need to export Security Events in xml format from the Windows Event Viewer to start. Then, you can load it on the webapp (note that logs will stay on your browser and won't be sent to the server!), select which kind of events you are interested in, apply filtering on time and on events (using the Orchestrator, but this is under development!) and then draw a clear timeline of the events. Finally, you will be able to export the report in PDF format to provide evidence of your monitoring activity and detections.


Link to Github Repository
Link to Web Application

PyPhish: Python Phishing Framework

PyPhish framework allows to simulate phishing campaigns, in order to test the resilience and the cyber awareness of the targets. It is possible to choose distinct phishing templates, that will be used as pretext to induce users to click on the embedded link. A second component is the Command and Control server, which is an HTTP server where the users will land if they click on the link embedded in the mail. The tester will be able to see who clicked on the link, since a custom URL is provided to each target. A use case is an organization targeting its employees: this way, it will be able to know exactly who clicked on the link. Then, more sophisticated C2 server could be provided, that could, for instance, display fake login pages to steal users credentials or provide drive-by downloads to test a scenario where a user downloads malware trough a malicious URL, therefore assessing the effectiveness of the security softwares installed on the target hosts.

Link to the Github Repository

Master Thesis: Discovering and Securely storing a Network Topology

Abstract

We present an automated tool to discover the topology of a network and to securely store it in a Blockchain. Our tool consists of two modules. The first one implements the network topology inference algorithm. This algorithm that has been defined according to state-of-the-art techniques can infer a network topology even in cases where only partial information is available. The second module is the Blockchain related one. It adopts a fast, energy-efficient consensus algorithm and is tailored to store topology information. The two components are independent entities and experimental results confirm that their integration results in an accurate network topology reconstruction which is resilient to tampering attempts.

Link to Thesis