Home

Technology In Use

Introduction

As we continue to grow and progress we commonly get questions on how we do a certain thing or what technology we are using to process certain data sets. This page is to provide more of a laundry list with some explanation on what is in use. This is by no means a full conical list, nor could it be considered the best possible technology to use, but it is what we have grown into.

Analysis

PEHash
SigBuster
SSDeep (Fuzzy Hashing)

Anti-Virus

It would be better to look over our AV pages here than to just try and list them.

Charting/Visualizations

Chart Director - the bulk of our charting is done with this tool using the Perl interfaces.
d3
Gheat - Worked well with smaller data sets but failed spectacularly when given millions of points to generate. Worked well for a few one-off maps and images but not really feasible for automated daily runs.
GraphViz
HighCharts
image::heatmap
ImageMagick

Communication

Jabber
Unreal IRC - As with most security geeks we prefer old school communication and find that IRC works really well no matter how often certain curmudgeons like to complain about its lack of standards.
WebEx - Mostly used for large group meetings, works pretty flawlessly.

Data Storage (Relational and Non-Relational)

Cassandra
Hadoop
MySQL
Privately developed system

E-Mail

Hardware

Areca - The current standard for RAID in Linux systems. The hardware is very solid and performs well.
Cisco
HP
Sun
SuperMicro

Honeyclients

Trigona
Privately developed system

Honeypots

IDS/IPS

Network Management

Operating Systems

Programming Languages

Sandboxing

Cuckoo
CWSandbox
Privately developed system

Sinkholes

HoneySink
Privately developed system

Ticket Tracking

Eventum
Privately developed system

Virtualization

Web

Apache - What other web server is there really that works so well for so many things?
Drupal - A great workhorse pig for limited use and sharing information.
MediaWiki
Pmwiki - Great for producing late 1990 web pages for the masses as you can tell from our current web site.

Page last modified on Saturday, 20 October 2018

Big View ? Attach:Site/PageHeader/softflow.gif Δ Home Edit History Recent Changes
HomePage Shadowserver Mission Updated Terms of Service New Privacy Standards and Guidelines Organizations Blog Calendar Future Goals Jobs and Contributions Press Security Organizations News Articles Blogs and Forums Misc Presentations Chronological Operations Status Knowledge Base Technology in Use Botnets Botnet Detection Honeypots eFraud Malware Whitepapers Definitions Links Sinkholes Get Involved Get Reports on your Network Blacklists and Blocking TOR Nodes and Reporting Mailing List Submit a Botnet Build a Honeypot Hall of Fame Jobs and Contributions Services Info Binary Whitelist Test IP/ASN/Geo Mapping MD5/SHA1 AV Results Internet Scanning CHARGEN DNS DB2 Elastic Search HTTP IPMI mDNS MemCached MongoDB MSSQL NAT-PMP NetBIOS Netis/Netcore Routers NTP NTP MONLIST Portmapper QOTD RDP REDIS SNMP SSDP SSL/FREAK SSLv3 (Poodle) Synful Knock TFTP XDMCP Statistics ASN Bots Bot Counts Drone Maps Drone Historical Conficker Gameover Zeus Botnets Botnet Charts Botnet Maps Botnet Maps Historical DDoS DDoS Charts DDoS Maps DDoS Historical Geo Locations IRC Ports Malware Sandbox Charts Sandbox Graphs Packer Statistics Scans Scan Charts Scan Maps Scan Maps Historical URLs Viruses Sharing Virus Daily Stats Virus Weekly Stats Virus Monthly Stats Virus 60-Day Stats Virus 90-Day Stats Virus 180-Day Stats Virus Yearly Stats Virus Two Year Stats Virus Three Year Stats Improvement Between Initial and Retests Contact Us Site Statistics edit SideBar	Technology In Use On this page... (hide) Introduction Analysis Anti-Virus Charting/Visualizations Communication Data Storage (Relational and Non-Relational) E-Mail Hardware Honeyclients Honeypots IDS/IPS Network Management Operating Systems Programming Languages Sandboxing Sinkholes Ticket Tracking Virtualization Web Introduction As we continue to grow and progress we commonly get questions on how we do a certain thing or what technology we are using to process certain data sets. This page is to provide more of a laundry list with some explanation on what is in use. This is by no means a full conical list, nor could it be considered the best possible technology to use, but it is what we have grown into. Analysis PEHash SigBuster SSDeep (Fuzzy Hashing) Anti-Virus It would be better to look over our AV pages here than to just try and list them. Charting/Visualizations Chart Director - the bulk of our charting is done with this tool using the Perl interfaces. d3 Gheat - Worked well with smaller data sets but failed spectacularly when given millions of points to generate. Worked well for a few one-off maps and images but not really feasible for automated daily runs. GraphViz HighCharts image::heatmap ImageMagick Communication Jabber Unreal IRC - As with most security geeks we prefer old school communication and find that IRC works really well no matter how often certain curmudgeons like to complain about its lack of standards. WebEx - Mostly used for large group meetings, works pretty flawlessly. Data Storage (Relational and Non-Relational) Cassandra Hadoop MySQL Privately developed system E-Mail Mailman Postfix RoundCube Zimbra Hardware Areca - The current standard for RAID in Linux systems. The hardware is very solid and performs well. Cisco HP Sun SuperMicro Honeyclients Trigona Privately developed system Honeypots Dionaea (Low Interaction) Glastopf (Web) Kippo (SSH) Nepenthes (Low Interaction) IDS/IPS Emerging Threats Snort Network Management Munin Nagios Operating Systems Debian Linux Mandriva Linux Microsoft Windows XP Professional Microsoft Windows 7 Microsoft Server 2008 R2 Ubuntu Linux Programming Languages Bash C# C/C++ Java Javascript PERL PHP Python Sandboxing Cuckoo CWSandbox Privately developed system Sinkholes HoneySink Privately developed system Ticket Tracking Eventum Privately developed system Virtualization VirtualBox VMWare ESX VMWare Fusion VMWare Workstation VMWare VSphere Web Apache - What other web server is there really that works so well for so many things? Drupal - A great workhorse pig for limited use and sharing information. MediaWiki Pmwiki - Great for producing late 1990 web pages for the masses as you can tell from our current web site. Edit Page History Source Attach File Backlinks List Group Page last modified on Saturday, 20 October 2018	Bot Counts Botnets Calendar/Blog November 2017 December 2017 January 2018 February 2018 March 2018 April 2018 May 2018 June 2018 July 2018 August 2018 September 2018 October 2018 November 2018 December 2018 January 2019 Link List Arbor Networks ASERT AV Comparatives Emerging Threats Facebook Bug Bounty Mwcollect Nepenthes Offensive Computing SANS ISC Securtyfix SecuriTeam Sunbelt/CWSandbox Support Intelligence TaoSecurity ThreatSTOP Websense Zeus Tracker