NOCACTI
NOCACTI has been a long term project of mine focused around sharing high confidence Indicators of Compromise.
Over the years as a analyst, I’ve often ran into issues around low-confidence indicators or indicators without any context. This led me to starting NOCACTI where my focus is on collecting high confidence indicaators and providing context with each one.
NOCACTI Cyber Threat Intelligence is totally free to ingest. The data is avaiable as a ‘Default Feed’ in MISP, but can also be ingested via flat file if your not using MISP.
This blog has lots of useful information on how to get the most out of the feeds and some stuff I found cool to write about when maintaining NOCACTI.
Some highlights
- Adversary Infrastructure CTI providing indicators on C2 infrastructure
- Custom Firewall Honeypots, cool data here on all the new exploit.py files being run against fw vendors :)
- Intrusion feeds providing not just IPs, but full Commands, hashes, and timelines on break-ins to exposed services.