Welcome to the speakeasy - please read before posting


(system) #1

We are a private, invite-only community designed by information security professionals, for information security professionals. Guides and tutorials are posted for the public as well.

Purpose

I originally created this site to provide a private space for information security professionals to discuss tactics and threats. As I began writing tutorials using this site, I realized that some information could be made public for education and awareness (e.g. teaching university students). As a result, the speakeasy is an attempt to serve both the private and public interests of the security community.

Information that can be made public without aiding an adversary should be made public, for the good of the community.

The posting of US Government classified information, including links to said information is strictly prohibited.

I’m in, now what?

Share tips, tools, tactics, and news. Ask questions and invite your InfoSec friends. Maybe start by introducing yourself.

One of the key goals of this group is to provide a model for sharing cyber intel. Check out our guide on the subject.

Invitations

Any current member can invite any number of new members. Invites should be restricted to active information security professionals. To send an invite, click on the invites button in your profile page.

Privacy

Unless otherwise specified by the category, topic header, or post body, all information posted on this site has a sharing restriction of TLP Green. A definition is given in the Traffic Light Protocol (TLP) reference at the bottom of this post. Information owners may set and waive TLP restrictions as they see fit.

If you would like to share information in a way that falls outside of its restrictions, ask the person who posted it for permission by describing what you would like to do.

Most categories are restricted to members only. Non-public categories have a padlock next to their name. In the interest of education, the following categories are public (i.e. Googleable).

  • Public Guides
  • Public Uncategorized
  • OSINT (Public)

Because sections of this site are public, basic profile data is public as well, including your username, name (if entered), avatar, and a list of public posts. You may wish to use pseudonyms for OPSEC reasons, but that is optional. Usernames can be changed on your profile page.

Any messages on this site, including user-to-user messages, can be read by administrators.

Standard Practices

Defang links

Deranging links involves replacing http(s) with hxxp(s), and/or replacing .s with [.] in URLs . This ensures that the site will not create malicious links, which others may accidentally click on. It also prevents web browsers from leaking information through referrer headers.

Redact Personally Identifiable Information (PII)

Intelligence sharing involves sharing information about attackers, attack techniques, and general (i.e industry) targeting, not individual targets. For privacy and ethical reasons, redact any PII of targets or victims, including but not limited to:

  • Phishing recipient names and email addresses (individuals and organizations)
  • End recipient mail servers
  • Victim domains and IP addresses (except when they are used by attackers in other attacks)

Use [REDACTED] to replace redacted material.

Attachments

Before uploading any potentially malicious attachment, such as a malware sample, place it in an encrypted archive, using the industry standard password of infected. The zip format is preferred for the greatest compatibility.

Please note that attachments uploaded to this site are accessible to anyone who has the URL for it. For sensitive material, use an encrypted archive with a strong password, and place the password in the body of the post.

Traffic Light Protocol (TLP)

The Traffic Light Protocol (TLP) is a set of designations used to ensure
that sensitive information is shared with the correct audience. It
employs four colors to indicate different degrees of sensitivity and the
corresponding sharing considerations to be applied by the recipient(s).

Red

The highest restriction. Information marked TLP: RED cannot be shared with any persons other than who it has been shared with by the information owner.

When should it be used?

Sources may use TLP: RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused.

When should it be shared?

Recipients may not share TLP: RED information with any parties outside of the specific exchange, meeting, or conversation in which it is originally disclosed

Amber

Non-public information that may only be shared within a member’s organization (i.e. employer), and only to those who have a need-to-know (i.e. other security and IT personnel). This information should not be shared on other forums or mailing lists, or with non-member partners or clients.

When should it be used?

Sources may use TLP: AMBER when information requires support to be effectively acted upon, but carries risks to privacy, reputation, or operations if shared outside of the organizations involved.

When should it be shared?

Recipients may only share TLP: AMBER information with members of their
own organization who need to know, and only as widely as necessary to
act on that information.

Green

Non-public information that may be shared on other closed, security-related forums or mailing lists, or with non-member partners or clients on need-to-know basis.

When should it be used?

Sources may use TLP: GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.

When should it be shared?

Recipients may share TLP: GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels.

White

Information that is public, and/or may be shared publicly.

When should it be used?

Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.

When should it be shared?

TLP: WHITE information may be distributed without restriction, subject to copyright controls.

Source: DHS

Violation of the TLP/classified restrictions will result in permanent account suspension.