You don’t need to deploy a full-blown threat intelligence platform, to hunt.
While everyone else is trying to rack servers, build API’s, client tools, documentation and billing systems, you’re already way ahead of them, spending the majority of your time hunting…
Who knows- maybe with your ear close to the ground, you'll hear a more lucrative opportunity. Maybe you'll then be the next big unicorn… or more likely, create something where you are free to do whatever you want for the rest of your life.. Isn't that the point?
For anyone that's ever tried, there's no 'one way' to parse email, it's one of those long standing protocols that was developed during a different period of time, is extremely resilient, can carry just about anything, works across different encodings, systems and will do just about anything you want it to. The very thing that makes it so versatile- is the very thing that makes it extremely difficult to parse- well. Transporting email is easy, most of the headers and other implementation details in the RFC define that pretty well. It's what IN the messages that's important (and hard)....
For those of you "internet-do-gooders" who are having a hard time hosting your data, getting people to use your data and spending all those precious cycles on hosting, bandwidth and broken-disks, this is our contribution to you. we're calling it Project CSIRTG and it runs on AWS which, will enable us to scale as our community grows….
Applied research, content and tools to help you solve real problems.
Did you learn something new? How much is that worth to you?