hillar · August 29, 2015 14:04
diff --git a/dm.txt b/dm.txt
 ====== All you need to know before building a CSIRT ======


 ===== CERTs and similar entities around the world =====


  * 1 CERT was created in 1988 in response to the Morris worm incident.
  * FIRST is the Forum of Incident Response and Security Teams http://first.org/members
    * national CSIRTs http://www.cert.org/incident-management/national-csirts/meeting/
  * Africa http://www.africacert.org/home/countries/
  * Asia Pacific http://www.apcert.org/about/structure/members.html
  * RedCLARA -Cooperación Latino Americana de Redes Avanzadas http://www.redclara.net/index.php?option=com_content&view=article&id=53&Itemid=349&lang=en
  * C.E.R.T in Organization of American States (OAS) http://www.internationalcybercenter.org/certicc/certoas
  * Europe http://www.enisa.europa.eu/activities/cert/background/inv/certs-by-country-interactive-map
    * Terena http://www.terena.org/activities/tf-csirt/
    * Trusted Introducer https://www.trusted-introducer.org/directory/index.html
    * gov certs http://www.egc-group.org/



 ===== set it up 1 2 3 =====



  * http://blog.rootshell.be/2009/07/08/cert-in-a-box/
  * http://www.first.org/resources/guides#bp21
  * http://www.terena.org/activities/tf-csirt/archive/800-3.pdf
  * http://infohost.nmt.edu/~sfs/Regs/sp800-61.pdf
  * http://www.terena.org/activities/tf-csirt/archive/acert7.html
  * http://www.auscert.org.au/render.html?it=2252
  * http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=53062
  * http://www.cert.org/incident-management/products-services/creating-a-csirt.cfm
  * http://www.first.org/conference/2008/papers/killcrece-georgia-slides.pdf
  * http://www.enisa.europa.eu/activities/cert/support/guide/files/csirt-setting-up-guide
  * http://www.slideshare.net/apnic/setting-up-csirt

  * http://ec.europa.eu/enlargement/taiex/dyn/taiex-events/detail_en.jsp?EventID=52175
  
  
  
 ===== hard to find and hard  to gain access =====
 
 
  * https://isc.sans.edu/diary/Hey,+what+is+with+all+the+Government+and+Private+Industry+sharing+wrt+cybersecurity%3F/10231
  * http://www.nanog.org/meetings/nanog47/presentations/Sunday/Green_Top10_Security_N47_Sun.pdf
  * http://www.maawg.org/system/files/M3AAWG-Malware-Greene-Seg4-Turning-Point.pdf
  * http://www.simplyhired.com/job/network-security-engineer-job/aol/cy5zcgaq4g?cid=jmhiepforkipccfdqajfaihnzxcqpwfo
  * http://www.cs.princeton.edu/~harlanyu/papers/npsec05.pdf
  * https://nsrc.org/workshops/2014/apricot14-security/raw-attachment/wiki/Agenda/4-2-2.inter-network-cooperation.pdf

 ----

  * http://dshield.org/reports.html
  * http://www.spamhaus.org/drop/
  * https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
  * http://www.team-cymru.org/Services/CAP/
  * http://www.team-cymru.org/Services/battle.html
  * https://zeustracker.abuse.ch/blocklist.php
  * ...
  * http://atlas-public.ec2.arbor.net/public/ssh_attackers
  * http://www.geopsy.org/blacklist.html
  * http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
  * http://q.dyndns.org/~blc/badssh.cgi
  * http://www.alstadheim.priv.no/cgi-bin/svarteliste
  * http://www.malwaredomainlist.com/mdl.php?search=&colsearch=All&quantity=All
  * http://watchlist.security.org.my/watchlist/show?ip=
  * http://danger.rulez.sk/projects/bruteforceblocker/blist.php
  * http://stats.denyhosts.net/stats.html
  * http://www.dshield.org/ipsascii.html?limit=5000
  * http://www.infiltrated.net/blacklisted
  * http://security.pigstye.net/lamer.php
  * http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
  * http://www.autoshun.org/files/shunlist.csv
  * http://danger.rulez.sk/projects/bruteforceblocker/blist.php
  * ...
  * https://dragonresearchgroup.org/insight/vncprobe.txt
  * https://abusix.com/
  * ...
  * http://zone-h.org/archive/special=1
  


  * https://bitbucket.org/clarifiednetworks/abusehelper/wiki/Data%20Harmonization%20Ontology
  
  
 ===== model ? =====

  * models by enisa : https://www.enisa.europa.eu/activities/cert/background/coop/models-legal 
 

  * dedicated staff 
  * pull together part-time 
  * volunteer staff
  * mix of .. ((secure funding for operations))
  * just call Winston Wolfe 

  * Constituency  
    * milk, bread, & gas ((http://www.informationweek.com/estonian-cyber-riot-was-planned-but-mastermind-still-a-mystery/d/d-id/1057743?))


  *  Mission 
    * innovative and timely solutions to nation's cybersecurity challenges !?  ((http://www.cert.org/about/))

  * Services
    * range
    * level

  * site visits
  * trainings (TRANSIT)
  
  
  
  ====== Basic personal and tehnical skills   ====== 
  
  http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm?
	====== All you need to know before building a CSIRT ======


	===== CERTs and similar entities around the world =====


	* 1 CERT was created in 1988 in response to the Morris worm incident.
	* FIRST is the Forum of Incident Response and Security Teams http://first.org/members
	* national CSIRTs http://www.cert.org/incident-management/national-csirts/meeting/
	* Africa http://www.africacert.org/home/countries/
	* Asia Pacific http://www.apcert.org/about/structure/members.html
	* RedCLARA -Cooperación Latino Americana de Redes Avanzadas http://www.redclara.net/index.php?option=com_content&view=article&id=53&Itemid=349&lang=en
	* C.E.R.T in Organization of American States (OAS) http://www.internationalcybercenter.org/certicc/certoas
	* Europe http://www.enisa.europa.eu/activities/cert/background/inv/certs-by-country-interactive-map
	* Terena http://www.terena.org/activities/tf-csirt/
	* Trusted Introducer https://www.trusted-introducer.org/directory/index.html
	* gov certs http://www.egc-group.org/



	===== set it up 1 2 3 =====



	* http://blog.rootshell.be/2009/07/08/cert-in-a-box/
	* http://www.first.org/resources/guides#bp21
	* http://www.terena.org/activities/tf-csirt/archive/800-3.pdf
	* http://infohost.nmt.edu/~sfs/Regs/sp800-61.pdf
	* http://www.terena.org/activities/tf-csirt/archive/acert7.html
	* http://www.auscert.org.au/render.html?it=2252
	* http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=53062
	* http://www.cert.org/incident-management/products-services/creating-a-csirt.cfm
	* http://www.first.org/conference/2008/papers/killcrece-georgia-slides.pdf
	* http://www.enisa.europa.eu/activities/cert/support/guide/files/csirt-setting-up-guide
	* http://www.slideshare.net/apnic/setting-up-csirt

	* http://ec.europa.eu/enlargement/taiex/dyn/taiex-events/detail_en.jsp?EventID=52175



	===== hard to find and hard to gain access =====


	* https://isc.sans.edu/diary/Hey,+what+is+with+all+the+Government+and+Private+Industry+sharing+wrt+cybersecurity%3F/10231
	* http://www.nanog.org/meetings/nanog47/presentations/Sunday/Green_Top10_Security_N47_Sun.pdf
	* http://www.maawg.org/system/files/M3AAWG-Malware-Greene-Seg4-Turning-Point.pdf
	* http://www.simplyhired.com/job/network-security-engineer-job/aol/cy5zcgaq4g?cid=jmhiepforkipccfdqajfaihnzxcqpwfo
	* http://www.cs.princeton.edu/~harlanyu/papers/npsec05.pdf
	* https://nsrc.org/workshops/2014/apricot14-security/raw-attachment/wiki/Agenda/4-2-2.inter-network-cooperation.pdf

	----

	* http://dshield.org/reports.html
	* http://www.spamhaus.org/drop/
	* https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
	* http://www.team-cymru.org/Services/CAP/
	* http://www.team-cymru.org/Services/battle.html
	* https://zeustracker.abuse.ch/blocklist.php
	* ...
	* http://atlas-public.ec2.arbor.net/public/ssh_attackers
	* http://www.geopsy.org/blacklist.html
	* http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
	* http://q.dyndns.org/~blc/badssh.cgi
	* http://www.alstadheim.priv.no/cgi-bin/svarteliste
	* http://www.malwaredomainlist.com/mdl.php?search=&colsearch=All&quantity=All
	* http://watchlist.security.org.my/watchlist/show?ip=
	* http://danger.rulez.sk/projects/bruteforceblocker/blist.php
	* http://stats.denyhosts.net/stats.html
	* http://www.dshield.org/ipsascii.html?limit=5000
	* http://www.infiltrated.net/blacklisted
	* http://security.pigstye.net/lamer.php
	* http://charles.the-haleys.org/ssh_dico_attack_hdeny_format.php/hostsdeny.txt
	* http://www.autoshun.org/files/shunlist.csv
	* http://danger.rulez.sk/projects/bruteforceblocker/blist.php
	* ...
	* https://dragonresearchgroup.org/insight/vncprobe.txt
	* https://abusix.com/
	* ...
	* http://zone-h.org/archive/special=1



	* https://bitbucket.org/clarifiednetworks/abusehelper/wiki/Data%20Harmonization%20Ontology


	===== model ? =====

	* models by enisa : https://www.enisa.europa.eu/activities/cert/background/coop/models-legal


	* dedicated staff
	* pull together part-time
	* volunteer staff
	* mix of .. ((secure funding for operations))
	* just call Winston Wolfe

	* Constituency
	* milk, bread, & gas ((http://www.informationweek.com/estonian-cyber-riot-was-planned-but-mastermind-still-a-mystery/d/d-id/1057743?))


	* Mission
	* innovative and timely solutions to nation's cybersecurity challenges !? ((http://www.cert.org/about/))

	* Services
	* range
	* level

	* site visits
	* trainings (TRANSIT)



	====== Basic personal and tehnical skills ======

	http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm?