├── RAND_MG668.pdf ├── publickey.panopticonproject@protonmail.com.txt ├── ROADMAP.md ├── GOVERNANCE.md ├── code_of_conduct.md ├── EXAMPLE_APT.md ├── README.md ├── FRAMEWORK.md ├── LICENSE.md └── CONTRIBUTING.md /RAND_MG668.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Panopticon-Project/panopticon-admin/HEAD/RAND_MG668.pdf -------------------------------------------------------------------------------- /publickey.panopticonproject@protonmail.com.txt: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: OpenPGP.js v2.5.8 3 | Comment: https://openpgpjs.org 4 | 5 | xsBNBFmZLWoBCACtNAUXSQsQmz9clfEJUMS0vxQUzcpx5aaeGuqLdxWIBw2L 6 | J4eHYaJIkZYOdPGh1fVPLAVPoBBm2yFFGHDB9pdhqIIOdxeuvszm7vi3cksj 7 | 6w8/HwDjSRYnDyKSo5MIvOBnXpdGw3vxBR0JjQSDau42WST8GeryPbmSqh00 8 | xJcoRsXDOzFUfUgPpsUoQfTtSj+Hwuvg6GEJ9qvYXpmTHJmLwwPFJ2PKrgMe 9 | sc14635e4Sv0SR3ntqvawP2t8FFDIFEZryBhZiPN8983cuOKyRnPA2UeE54Z 10 | giNbrvZNN/bonQ4mBjPKRskg2kDovQZk5jrUKo7u3g1J8V8zmKokF6tnABEB 11 | AAHNQ3Bhbm9wdGljb25wcm9qZWN0QHByb3Rvbm1haWwuY29tIDxwYW5vcHRp 12 | Y29ucHJvamVjdEBwcm90b25tYWlsLmNvbT7CwHUEEAEIACkFAlmZLWoGCwkH 13 | CAMCCRBxjAbRQmSWfAQVCAoCAxYCAQIZAQIbAwIeAQAAHEQH/RXIEy/VF7Pl 14 | kNc/4yn4hTFNqAi3+kAg1Pp9OVORpIADph+uTDm4LfTkGKQG5babgA2MAuTP 15 | 90WYMZqnGxj6GYBeTfUpOmwLVheqUay/MfVLWzdBkq8siRV/TOIz6T9y4Hoj 16 | D75Qk/tT50XehyyaS7tC3i7hYC0CucRaVVubmJT5wiOrcgKDlK/NlydMAWUo 17 | ZiH7QcAdjBBmiJxV+FTAEvb1wWDXl1y1ptHDdzVohgy4VLqWKO42m3RfQrF+ 18 | DD70i5quLl6qF1GF9y8XlBstpTh5wrXpupFD/qQRTjRSFn6FiQPQ6PIIkA7o 19 | D68MhVXMcGEYkbnpnyPC6L2SqAh3JTTOwE0EWZktagEIAKS4Is+NT7M1CJ2v 20 | 02AGgIxDXG4OV9nwzRS/4nQ9Ibk64v16T39K49YPQdeQyEGw5WE10kxgt5t2 21 | fQeD27ctgj6PVkPvQGCRQPt7OMImPdHh2EdRdR6PHPL931JkoSU/+yGdk9JG 22 | nuPiMTjGOVFCW9rxtIDoyb3hPAGdH1ZPpnR1hHfbcOMJYaNCZv9hFOnFpUjB 23 | f5MFV7PGjkSWhj7RVY4Meb/XvreH5RTlPJzeVSHABp7p6+HRqjZIVKpfQGbm 24 | KZby6HXPHTjxjCQRJ9qkaNE5R6k+EHOdPH9ns3YhBFqUHuNZRRCvt31XwgyC 25 | WoJ2dg7rGXzTl/I1kzSK946GOwEAEQEAAcLAXwQYAQgAEwUCWZktawkQcYwG 26 | 0UJklnwCGwwAAF+YB/4l/PRdvKghTa6bT6Tt2MiDCyaOQ3hJEfDGYfDrIe0T 27 | xQbTzP9MEMF/IOQVMXemxczUwAz/hdsjUg7NNFfBR4tyCV8g8UeHPoaR4HR/ 28 | 9XISKKS11kaqkvkgCLcLSwFCRwJiNYhVvytiMZ9qkObc7eHbZgm+8LcnmRmf 29 | U2rqNET+tAwFUtwlMaSIb5ej8f8Rd1Orj91Ojl2lBeng8tcvvY8tD1CE+N8D 30 | CKQILKhSfhdvqhws+ZVlqnSRN2Go9rFBH3vGSmZJItBE+quXY1qTEQY5OWUD 31 | K3FY/fO0lsJbPqAyIyPEXa4RSyJdf7+e74kBPEgUu8+K5rfAvOc0Sqc4qSQX 32 | 33 | =Fc8M 34 | -----END PGP PUBLIC KEY BLOCK----- 35 | 36 | -------------------------------------------------------------------------------- /ROADMAP.md: -------------------------------------------------------------------------------- 1 | ![alt tag](https://user-images.githubusercontent.com/24201238/29351849-9c3087b4-82b8-11e7-8fed-350e3b8b4945.png) 2 | 3 | # Panopticon Project 4 | 5 | ## The Road Map 6 | 7 | ### Mission Statement and Summary 8 | P2 is an open source database of open source intelligence (OSINT) covering the electronic capabilities of Advanced Persistent Threats (APTs), nation states, and corporations that exercise nation state capabilities. 9 | 10 | ### Contributing 11 | If you want to contribute to any of these milestones, check out the [README](https://github.com/Panopticon-Project/panopticon-admin/blob/master/README.md) and [contributing guidelines](https://github.com/Panopticon-Project/panopticon-admin/blob/master/CONTRIBUTING.md). 12 | 13 | ### Ongoing activity 14 | To have a look at the ongoing activity of P2, check out our [organisation dashboard](https://github.com/orgs/Panopticon-Project/dashboard) 15 | 16 | ### High Level Roadmap 17 | * Build the contribution framework 18 | * Overform outreach 19 | * Recruit mantainers and social media coordinators 20 | * Provide curated information on APTs and nation states 21 | * Provide an open threat intelligence feed to anyone that might need it 22 | 23 | ### Low Level Roadmap 24 | To contribute to any of these elements of the roadmap, separate from contributing to the informational repositiories, please email panopticonproject at protonmail.com 25 | 26 | #### Build the contribution framework 27 | 28 | ##### Milestone: Complete the Admin repo 29 | 30 | ##### Milestone: Complete the Tools repo 31 | 32 | ##### Milestone: Define intelligence analysis framework 33 | Currently there exists a number of intelligence analysis frameworks. They need to be evaluated to ensure they will meet the requirements of P2 and then one needs to be chosen. If an off the shelf framework can't be found that meets all of P2's requirements, a new one will need to be defined. 34 | 35 | ##### Milestone: Complete the analysis on one repository for reference 36 | By completing the analysis for one respository people can see how the framework is applied in a practical sense and should have less of a barrier to contributing. 37 | 38 | ##### Milestone: Complete and display different methods of funding 39 | 40 | ##### Milestone: Lauch 41 | Complete the [Mozilla Open Leaders Series](https://mozilla.github.io/open-leadership-training-series) to ensure the respository is ready to receive contributions 42 | 43 | #### Perform outreach 44 | 45 | ###### Milestone: Pitch news stories 46 | To draw contributors to P2 stories will need to be pitched to news outlets. 47 | 48 | ###### Milestone: Create social media channels 49 | Twitter, Mastodon, do we need any others? 50 | 51 | ### Completed milestones 52 | list 53 | -------------------------------------------------------------------------------- /GOVERNANCE.md: -------------------------------------------------------------------------------- 1 | ![alt tag](https://user-images.githubusercontent.com/24201238/29351849-9c3087b4-82b8-11e7-8fed-350e3b8b4945.png) 2 | 3 | # Panopticon Project 4 | 5 | ## Governance 6 | 7 | ### Idyllic state 8 | 9 | Ideally, Panopticon Project (P2) could be run in a decentralised manner. All users would have an equal say and no one voice would dominate discourse. Centralised systems create a monoculture, meaning the project doesn't reach its full potential. It also introduces a single point of failure, or key person risk, by making the project dependant on one person or a small group of people for decision making, making the project fragile if the key person or people cannot perform their duties. 10 | 11 | ### Reality 12 | 13 | Decentralised organisations have their weaknesses. It can be hard to come to consensus, especially if consensus isn't clearly defined or agreed on, making the project fragile as it cannot make decisions and take action. Decentralisation can also render a project directionless as there is no agreed upon manner to work towards the shared vision, with individuals performing actions that pull the project in a number of directions at once. 14 | 15 | There are also malicious parties to consider. Some will deliberately exploit the equality of a decentralised position to pursue a negative agenda, potentially connected to the groups detailed in P2 as wielding negative electronic capabilities, others connected to those groups, or others that fear they may be added to P2. Risks such as a malicious party gaining the trust of the community, achieving a trusted position, and abusing that trusted position to cause harm to the project and its members must be considered. 16 | 17 | ### What the project strives to be 18 | 19 | P2 should be as decentralised as much as possible, and will always strive to run in a decentralised manner to ward off problems like monoculture and key people risk. This may not be achievable to the level that all would like though, which is an acknowledged problem. As the project scales and receives funding the aspiration is to create a not for profit and operate in a manner similar to OWASP, but the timing of this is yet to be determined. 20 | 21 | ### What we have until we reach not-for-profitdom 22 | 23 | * The ranks of the project are lay contributor, regular contributor, co-maintainer (simply the maintainer until multiple maintainers join the project). 24 | * It is the co-maintainers discretion what constitutes a regular contributor as oppose to a lay contributor. 25 | * Decisions for the project will be made by co-maintainers. Majority rules. 26 | * Co-maintainers must meet regularly and can't take an action without voting. 27 | * Administrator rights for the GitHub repository will only be granted on an as needs basis to adhere to the principle of least privileges. It's recognised this means that not all co-maintainers will have administrator rights. 28 | * As the community scales and adds twenty regular contributors, pathways for co-maintainership will be made through training for select individuals. 29 | * Select individuals will be chosen at the discretion of a co-maintainers and must pass a background check to assure the existing maintainers the select individual is not a malicious party. 30 | * The execution of the background check will be through an OSINT search. Co-maintainers may decline to progress a select individual at any time. 31 | * If co-maintainers disagree they must vote. Majority rules. All co-maintainers will get a chance to speak. 32 | * These rules can be amended by vote of co-maintainers. 33 | -------------------------------------------------------------------------------- /code_of_conduct.md: -------------------------------------------------------------------------------- 1 | ![alt tag](https://user-images.githubusercontent.com/24201238/29351849-9c3087b4-82b8-11e7-8fed-350e3b8b4945.png) 2 | 3 | # Panopticon Project 4 | 5 | ## The Code of Conduct 6 | 7 | Contact: panopticonproject at protonmail.com 8 | 9 | If you want to contact the maintainer directly: kademorton at protonmail.com. We are currently looking for further maintainers so there are multiple avenues to report code of conduct violations. 10 | 11 | We are committed to providing a friendly, safe and welcoming environment for all, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, nationality, or other similar characteristic. 12 | 13 | On any platform used to communicate with P2 contributors, while interacting with P2 contributors please avoid using overtly sexual user names, nicknames etc., or other user names that might detract from a friendly, safe and welcoming environment for all. 14 | 15 | Please be kind and courteous. There’s no need to be mean or rude. 16 | 17 | Respect that people have differences of opinion and that every design or implementation choice carries a trade-off and numerous costs. There is seldom a right answer. 18 | 19 | Please keep unstructured critique to a minimum. If you have solid ideas you want to experiment with, make a fork and see how it works. 20 | 21 | We will exclude you from interaction if you insult, demean or harass anyone. That is not welcome behaviour. We interpret the term “harassment” as including the definition in the [Citizen Code of Conduct](http://citizencodeofconduct.org/); if you have any lack of clarity about what might be included in that concept, please read their definition. In particular, we don’t tolerate behaviour that excludes people in socially marginalised groups. 22 | 23 | Private harassment is also unacceptable. No matter who you are, if you feel you have been or are being harassed or made uncomfortable by a community member, please contact panopticonproject at protonmail.com immediately. Whether you’re a regular contributor or a newcomer, we care about making this community a safe place for you and we’ve got your back. 24 | 25 | Likewise any spamming, trolling, flaming, baiting or other attention-stealing behaviour is not welcome. 26 | 27 | ## Moderation 28 | 29 | These are the policies for upholding our community’s standards of conduct. If you feel that a something needs moderation, please contact panopticonproject at protonmail.com 30 | 31 | * Remarks that violate the P2 standards of conduct, including hateful, hurtful, oppressive, or exclusionary remarks, are not allowed. (Cursing is allowed, but never targeting another user, and never in a hateful manner.) 32 | * Remarks that moderators find inappropriate, whether listed in the code of conduct or not, are also not allowed. 33 | * Moderators will first respond to such remarks with a warning. 34 | * If the warning is unheeded, the user will be “kicked,” i.e., asked to leave the communication channel to cool off. 35 | * If the user comes back and continues to make trouble, they will be banned, i.e., indefinitely excluded. 36 | * Moderators may choose at their discretion to un-ban the user if it was a first offense and they offer the offended party a genuine apology. 37 | * If a moderator bans someone and you think it was unjustified, please take it up with that moderator, or with a different moderator, in private. Complaints about bans in-channel are not allowed. 38 | * Moderators are held to a higher standard than other community members. If a moderator creates an inappropriate situation, they should expect less leeway than others. 39 | 40 | In the P2 community we strive to go the extra step to look out for each other. Don’t just aim to be technically unimpeachable, try to be your best self. In particular, avoid flirting with offensive or sensitive issues, particularly if they’re off-topic; this all too often leads to unnecessary fights, hurt feelings, and damaged trust; worse, it can drive people away from the community entirely. 41 | 42 | And if someone takes issue with something you said or did, resist the urge to be defensive. Just stop doing what it was they complained about and apologise. Even if you feel you were misinterpreted or unfairly accused, chances are good there was something you could’ve communicated better — remember that it’s your responsibility to make your fellow project members comfortable. Everyone wants to get along and we are all here first and foremost because we want to talk about changing the world for the better. You will find that people will be eager to assume good intent and forgive as long as you earn their trust. 43 | 44 | The enforcement policies listed above apply to all official P2 venues, GitHub repositories and forums. For other projects adopting the P2 Code of Conduct, please contact the maintainers of those projects for enforcement. If you wish to use this code of conduct for your own project, consider explicitly mentioning your moderation policy or making a copy with your own moderation policy so as to avoid confusion. 45 | 46 | Adapted from [The Rust Code of Conduct](https://www.rust-lang.org/en-US/conduct.html) 47 | -------------------------------------------------------------------------------- /EXAMPLE_APT.md: -------------------------------------------------------------------------------- 1 | ![alt tag](https://user-images.githubusercontent.com/24201238/29351849-9c3087b4-82b8-11e7-8fed-350e3b8b4945.png) 2 | 3 | # Panopticon Project 4 | 5 | ## Examplus Hackerus 6 | * Label - Advanced Persistent Threat (APT) 7 | 8 | (Note that over time our APT has become more sophsticated, attribution has come more specific and their malware has evolved. Their general modus operandi has changed little over two years though.) 9 | 10 | ## Aliases 11 | * [APT 2000](URL to source) 12 | * [Those Bad People](URL to source) 13 | 14 | ## Overview 15 | * APT2000 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2018. 16 | 17 | ## Campaign or date 18 | * Campaign 19 | * About - [Targetting infrastructure in South East Asia](URL to source) 20 | * Active from - 01 March 2018 21 | * Active to - 30 September 2018 22 | 23 | ### Attributes 24 | * Resource level - Government 25 | * Sophistication - Expert 26 | * Primary activities - Attempting to compromise industrial control systems, intellectual property theft 27 | 28 | ### Attack Pattern 29 | * [Phishing](URL to source) 30 | * [Credential harvesting](URL to source) 31 | * [DDoS] (URL to source) 32 | * [Social engineering] (URL to source) 33 | * Malware - Extra Miffins 34 | 35 | ### Vulnerabilities 36 | * [CVE-2018-0158](URL to outline of how CVE is exploited) used by Extra Muffins 37 | 38 | ### Course of Action 39 | * Apply patch 1234 to ICS systems to patch CVE-2018-0158 40 | 41 | ### Identity 42 | 43 | #### Individuals 44 | * [Joanna Doe](URL to source) 45 | * [Another Person](URL to source) 46 | 47 | #### Affiliated organisations 48 | * [The People's Republic of Lorem Ipsum](URL to source) 49 | * [Any Other Groups](URL to source) 50 | 51 | #### Affiliated groups 52 | * [That Other APT](URL to source) 53 | * [Yet Another APT](URL to source) 54 | 55 | ### Intrusion Set 56 | 57 | #### Malware 58 | * Names - [Extra Muffins, any other name the malware goes by] (URL to source) 59 | * Functionality - [Backdoor, keylogger, anything else it can do](URL to source) 60 | * Hash - MD5 - [001dd76872d80801692ff942308c64e6](URL to source) 61 | * Notes - part of the Cake family of malware previously attributed to Lorem Ipsum 62 | 63 | #### Website 64 | * About - Malicious site hosting downloader 65 | * URL - [hxxp://x4z9arb[.]cn/4712/](URL to source) 66 | * IP - [562.115.0[.]0/80](URL to source) 67 | * Valid from - [01 August 2018](URL to source) 68 | * Valid to - [01 September 2018](URL to source) 69 | 70 | #### Command and Control Server 71 | * About - used by Extra Muffins malware to receive commands from and exfiltrate data to 72 | * IP - [223.166.0[.]0/15](URL to source) 73 | * Valid from - [01 August 2018](URL to source) 74 | * Valid to - [01 September 2018](URL to source) 75 | 76 | #### Documents 77 | * About - Word document attached to spearphishing emails, generates a popup that asks for credentials to connect to C&C server hxxp://sd35f456[.]cn/2134/ 78 | * Hash - SHA265 - [d393349a4ad00902e3d415b622cf27987a0170a786ca3a1f991a521bff645318](URL to source) 79 | 80 | #### Tools 81 | * Name - [pwdump7, any other name known by](URL to source) 82 | * Functionality - [Dumps password hashes from the Windows registry](URL to source) 83 | * URL - http://www.tarasco.org/security/pwdump_7/ 84 | 85 | ### Report 86 | * [Examinging Examplus Hackerus](URL to pdf/blog post etc) 87 | * Description - Since 2018, RandomAV Firm has investigated computer security breaches at hundreds of organizations. The details we have analyzed during hundreds of investigations convince us that a specific group is based primarily in Lorem Ipsum and that the Lorem Ipsum Government is aware of them. We refer to this group as APT2000, a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2018. Our analysis has led us to conclude that APT2000 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. 88 | 89 | ## Campaign or Date Range 90 | * Date Range 91 | * Active from - 01 October 2018 92 | * Active to - 31 December 2019 93 | 94 | ### Attributes 95 | * Resource level - [Government](URL to source) 96 | * Sophistication - [Advanced expert](URL to source) 97 | * Primary activities - Attempting to compromise industrial control systems, intellectual property theft 98 | 99 | ### Attack Pattern 100 | * [Phishing](URL to source) 101 | * [Credential harvesting](URL to source) 102 | * [DDoS] (URL to source) 103 | * [Social engineering] (URL to source) 104 | * Malware - Even More Miffins 105 | 106 | ### Vulnerabilities 107 | * [CVE-2019-0254](URL to outline of how CVE is exploited) is exploited by Even More Muffins 108 | 109 | ### Course of Action 110 | * Apply patch 5678 to ICS systems to patch CVE-2019-0254 111 | 112 | ### Identity 113 | 114 | #### Individuals 115 | * [Katniss Everdeen](URL to source) 116 | * [Rue Noname](URL to source) 117 | 118 | #### Affiliated organisations 119 | * [The 23rd Military Intelligence Division](URL to source) 120 | 121 | #### Affiliated groups 122 | * [Tea and Cake APT](URL to source) 123 | * [Butternut Cookies APT](URL to source) 124 | 125 | ### Intrusion Set 126 | 127 | #### Malware 128 | * Names - [Even More Muffins, any other name the malware goes by](URL to source) 129 | * Functionality - [Backdoor, keylogger, screen overlay, registry editing, anything else it can do](URL to source) 130 | * Hasg - MD5 - [002ae76872d80801692ff942308c64t6](URL to source) 131 | * Notes - using a similar codebase to the Extra Muffins malware, Even More Muffins has further functionality to overlay fake login screens over a user's desktop and make edits to the system registry 132 | 133 | #### Website 134 | * About - Malicious site hosting downloader 135 | * URL - [hxxp://fds32fd3[.]cn/4712/](URL to source) 136 | * IP - [575.125.0[.]0/80](URL to source) 137 | * Valid from - [01 August 2019](URL to source) 138 | * Valid to - [01 September 2019](URL to source) 139 | 140 | #### Command and Control Server 141 | * About - used by Even More Muffins malware to receive commands from and exfiltrate data to 142 | * URL - hxxp://f1ds32f1sd[.]cn/2134/ 143 | * IP - [789.545.0[.]0/15](URL to source) 144 | * Valid from - [01 August 2019](URL to source) 145 | * Valid to - [01 September 2019](URL to source) 146 | 147 | #### Documents 148 | * About - Word document attached to spearphishing emails, generates a popup that asks for credentials to connect to C&C server hxxp://f1ds32f1sd[.]cn/2134/ 149 | * SHA265 - [5243349a4ad00902e3d415b622cf27987a0170a786ca3a1f991a521bff645789](URL to source) 150 | 151 | #### Tools 152 | * Name - pwdump7, any other name known by 153 | * Functionality - Dumps password hashes from the Windows registry 154 | * URL - http://www.tarasco.org/security/pwdump_7/ 155 | 156 | ### Report 157 | * [Examinging Examplus Hackerus, One Year On](URL to pdf/blog post etc) - Since 2018, RandomAV Firm has investigated computer security breaches at hundreds of organizations. The details we have analyzed during hundreds of investigations convince us that a specific group is based primarily in Lorem Ipsum and that the Lorem Ipsum Government is aware of them. We refer to this group as APT2000, a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2018. Our analysis has led us to conclude that APT2000 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. One year on we have attributed APT2000 to the 23rd Military Intelligence Division of Lorem Ipsum. Since their exposure last year they have not undertaken any coherent campaigns, seeming to target critical infrastructure providers across the world based on opportunity. 158 | 159 | ## Raw Intelligence 160 | Any further notes to be added to the framework would be added here. 161 | 162 | ## Links 163 | Any new articles would be added here. 164 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![alt tag](https://user-images.githubusercontent.com/24201238/29351849-9c3087b4-82b8-11e7-8fed-350e3b8b4945.png) 2 | 3 | # Panopticon Project 4 | 5 | ## Welcome 6 | Thank you for checking out Panopticon Project (P2)! 7 | 8 | ## Table of Contents 9 | 10 | - [What is Panopticon Project?](#what-is-panopticon-project) 11 | - [Why does Panopticon Project exist?](#why-does-panopticon-project-exist) 12 | - [How will P2 change things?](#how-will-p2-change-things) 13 | - [I don't know much about these topics and need a primer](#i-dont-know-much-about-these-topics-and-need-a-primer) 14 | - [Who can contribute to P2?](#who-can-contribute-to-p2) 15 | - [How can I get involved?](#how-can-i-get-involved) 16 | - [What does P2 need?](#what-does-p2-need) 17 | - [I want to get in touch with P2](#i-want-to-get-in-touch-with-p2) 18 | - [I want to leak something to P2](#i-want-to-leak-something-to-p2) 19 | - [I still need to get in touch with P2 in a secure manner](#i-still-need-to-get-in-touch-with-p2-in-a-secure-manner) 20 | - [How do I start?](#how-do-i-start) 21 | - [There is one thing I'd ask of you](#there-is-one-thing-id-ask-of-you) 22 | - [Licenses](#licenses) 23 | - [The connection between Panopticon Project and the idea of the Open Web](#the-connection-between-panopticon-project-and-the-idea-of-the-open-web) 24 | - [I have objections to this project!](#i-have-objections-to-this-project) 25 | - [Thank you](#thank-you) 26 | 27 | ## What is Panopticon Project? 28 | Panopticon Project (P2) is an open database of open source intelligence (OSINT) covering the negative electronic capabilities of institutionalised malicious parties. 29 | 30 | That was a lot in that so let's [break it down](https://www.youtube.com/watch?v=FQD_WpsYtiU) quickly. [Open source](https://en.wikipedia.org/wiki/Open-source_model) is anything that allows people to add to it, collaborate on it, take it, do their own thing with it. It's the opposite of [proprietary](https://en.wikipedia.org/wiki/Proprietary), which denotes ownership. We often see the terms open source and proprietary in relation to software, meaning software that anyone can add to the code base of, like Linux, and software you can't add to the code base of because it is under copyright, namely Windows and Mac. But as you can see, open source can also apply to things like troves information and even information gathering techniques. 31 | 32 | [OSINT](https://en.wikipedia.org/wiki/Open-source_intelligence) refers to the gathering of information in the public domain that anyone can do. You could also see P2 as [citizen journalism](https://en.wikipedia.org/wiki/Citizen_journalism). 33 | 34 | Negative electronic capabilities includes, but is not limited to the below: 35 | * [Surveillance](https://en.wikipedia.org/wiki/Surveillance). It is worth noting that while [surveillance itself is corrosive to society](https://www.theatlantic.com/politics/archive/2013/08/the-surveillance-state-is-corrosive-the-case-of-pamela-jones/278846/), surveillance can be used to support physical operations that can include locating people for arrest or even [assassination](https://www.businessinsider.com/russia-assassination-abroad-2017-6). 36 | * [Influence operations](https://www.rand.org/topics/information-operations.html) 37 | * [Electronic warfare](https://en.wikipedia.org/wiki/Electronic_warfare) 38 | * [Psychological warfare](https://en.wikipedia.org/wiki/Psychological_warfare) that uses technology, like the Internet, as a medium 39 | * [Hacking](https://en.wikipedia.org/wiki/Hacker) 40 | * Authoring, spreading, or otherwise using [malware](https://en.wikipedia.org/wiki/Malware) 41 | * [Cybercrime](https://en.wikipedia.org/wiki/Cybercrime) 42 | * Using data gained from individuals without their informed consent. 43 | * Using data gained from individuals for any purpose other than the explicit purpose stated for collection. 44 | * Adversely impacting individuals through the application of any form of technology, such as [algorithms](https://en.wikipedia.org/wiki/Algorithm) 45 | 46 | Institutionalised malicious parties includes, but is not limited to the below: 47 | * Advanced persistent threats, groups largely backed by nation states 48 | * Nation states 49 | * Corporations 50 | 51 | ## Why does Panopticon Project exist? 52 | P2 exists, in short, because the world is changing. 53 | 54 | State sponsored hackers are infiltrating critical infrastructure, so far having proven their ability to act on the real world by causing [blackouts](https://www.wired.com/story/russian-hackers-attack-ukraine), among other things. Repressive regimes are the most intrusive [surveillance states](https://www.technologyreview.com/f/614277/apple-says-chinas-uighur-muslims-were-targeted-in-iphone-hacking-campaign/) in history. Corporations [collect vast amounts of information on their users](http://www.huffingtonpost.com/nathan-newman/why-googles-spying-on-use_b_3530296.html) without their knowledge or consent. In the not too distant past this was science fiction, now it is reality. 55 | 56 | For many of us it is not a reality we chose or desire. Few understand how bad reality has gotten, and that suits those who have made the world the way it is just fine. However, there is a great deal of information lying in the public domain that can be used to learn about what is going on. By informing ourselves we can make informed decisions about how we interact with the world. By contributing to projects like P2, you can also learn how to better access information in the public domain. From checking facts to some [OSINT sleuthing of your own](http://www.news24.com/SouthAfrica/News/exclusive-indian-it-guru-linked-to-fake-wmc-sites-20170726), P2 empowers you to interact in a more informed manner with the world. 57 | 58 | The long term vision for P2 is that people will be able to download the READMEs of repositories that refer to APTs, such as this [example](https://github.com/Panopticon-Project/panopticon-Gallmaker/blob/master/README.md) here, feed the contents to a network monitoring device to look for Indicators of Compromise (IOCs) and read the README for helpful advice on detecting the attacker and evicting them from the network. How the READMEs for nation states and corporations will be used, past general information, is still being determined. 59 | 60 | ## How will P2 change things? 61 | Our [Theory of Change](https://github.com/Panopticon-Project/panopticon-admin/blob/master/Theory_of_Change.md) defines the goals for the project, creating a better world, and lays out a plan for achieving them. 62 | 63 | ## I don't know much about these topics and need a primer 64 | We have you [covered](https://github.com/Panopticon-Project/panopticon-primer). 65 | 66 | ## Who can contribute to P2? 67 | Anyone with an internet connection and basic reading abilities. 68 | 69 | ## How can I get involved? 70 | Check out our contributing guidelines. 71 | 72 | ## What does P2 need? 73 | Eyes and time. For the most part we need people to look for news articles, declassified and leaked files now in the public domain, threat intelligence reports from cyber security companies, the list goes on. Then they need to be read and verified where possible. Anyone can contribute to this. 74 | 75 | Those of you with visual arts abilities, we need a website and promotional material. 76 | 77 | If you happen to have technical skills, even basic technical skills, there are more advanced ways for you to contribute. See our contributing guide for more details. 78 | 79 | ## I want to get in touch with P2 80 | Email panopticonproject at protonmail dot com 81 | 82 | ## I want to leak something to P2 83 | Seriously, just don't. This project is not equipped to handle leaked material not already in the public domain. Do your research and find a reputable news outlet that has a proven track record in handling leaked material in a responsible and safe manner. 84 | 85 | ## I still need to get in touch with P2 in a secure manner 86 | Create a [ProtonMail](https://mail.protonmail.com) account if you don't already have one and email panopticonproject at protonmail dot com, emails over ProtonMail are end to end encrypted. 87 | 88 | If encryption is your thing and you've got this, you don't need a ProtonMail account, check out our [public key](https://github.com/Panopticon-Project/panopticon-admin/blob/master/publickey.panopticonproject%40protonmail.com.txt) 89 | 90 | Only incoming messages in inline OpenPGP format are currently supported. 91 | 92 | ## How do I start? 93 | Make sure you have read through the [Contributing](https://github.com/Panopticon-Project/panopticon-admin/blob/master/CONTRIBUTING.md) file. Once you're up to speed, drop an email to panopticonproject at protonmail dot com 94 | 95 | ## There is one thing I'd ask of you 96 | If you happen to find P2 useful, for whatever reason, even if just for the content that's provided to you, please share the project. Tell someone about it that might also find it useful, post on social media, spread the word however you want. Panopticon Project is designed to be open and accessible for all. If it's helped you in some way, please pay it forward. 97 | 98 | ## Licenses 99 | Written content is licensed under the [Creative Commons Attribution Share Alike 4.0 license](https://github.com/Panopticon-Project/panopticon-admin/blob/master/LICENSE.md). Code is licensed as per the license in each repository. 100 | 101 | ## The connection between Panopticon Project and the idea of the Open Web 102 | From Wikipedia, *The Open Web movement asserts a special role for public, cooperative, and standard World Wide Web communications; it opposes private, exclusive, proprietary Web solutions.* Strictly speaking it doesn't look like there is a lot P2 offers to the notion of the Open Web as P2 isn't concerned about private, exclusive or proprietary Web solutions (though its contributors might). 103 | 104 | However, there is a [wider definition](https://www.youtube.com/watch?time_continue=169&v=tDDVAErOI5U) of the Open Web as defined by [Mozilla](https://www.youtube.com/watch?v=Xm5i5kbIXzc). 105 | 106 | *"Our mission is to ensure the Internet is a global public resource, open and accessible to all. An Internet that truly puts people first, where individuals can shape their own experience and are empowered, safe and independent."* 107 | 108 | Currently internet users are not empowered, safe or independent as outlined under *Why does Panopticon Project exist?* above. Mozilla's take on this: 109 | 110 | *"There are hidden interests. Monopolies. Silos. Surveillance. Fear. Insecurity. Public apathy, that are locking the right to imagine and shape what’s possible in the future of the Internet. This is why we are fuelling a worldwide movement. A movement of heroes to drive the next wave of open. [These are advocates, developers, makers, researchers, mentors, educators… leaders like you](https://www.youtube.com/watch?time_continue=130&v=LuyBGkbzTjs) who fight to protect and advance the open Internet in diverse ways."* 111 | 112 | These are the five most pressing issues facing the Internet today according to Mozilla: 113 | * Online Privacy & Security - People understand and can meaningfully control how their data is collected and used online, and trust that it’s safe. In parallel, companies and governments work to protect our data and enhance our ownership over our digital identities. 114 | * Open Innovation - Open is the default: open source and open standards continue to be at the heart of the Internet, and influence organisations and industries products, policies and practices. As a result, entrepreneurs and everyday Internet users can create, innovate and compete online without asking permission. 115 | * Decentralisation - The technologies and platforms people use every day are interoperable and based on open standards. People expect and demand systems that allow seamless flow and transfer of information and content. 116 | * Web Literacy - People have the skills to read, write and participate in the digital world. Together, these informed digital citizens move beyond just consuming content, to creating, shaping and defending the web. 117 | * Digital Inclusion - People everywhere can access and have the opportunity to participate in building the entire Internet. Subsequently, everyone on the Internet has the opportunity to access and shape our digital world. The Internet reflects the diversity of the people who use it. 118 | 119 | And this is how P2 contributes to each of these points: 120 | * Online Privacy & Security - P2 helps people understand how their data is collected and used online. It shows how [companies and governments](http://www.philly.com/philly/business/the-equifax-hack-has-the-hallmarks-of-state-sponsored-pros-20170929.html) in many cases don't work to protect their data. In fact, they either collect if without your permission, store it insecurely, deliberately monetise it and sell it, or steal it. P2 also shows people what they can do about it. 121 | * Open Innovation - Open is the standard with P2. We're bringing what is usually only available in proprietary threat intelligence feeds to the masses and anyone can contribute 122 | * Decentralisation - We're using open standards for creating the content of P2 so that others can perform the same work P2 does, either in conjunction with us or by doing their own thing. There is no central authority, this is just individuals sharing information 123 | * Web Literacy - By contributing to P2 people learn the skills to read, write and participate in the digital world. From analysing the exploits of state sponsored hackers to simply applying critical reading skills to news stories, this project teaches and promotes web literacy 124 | * Digital Inclusion - People everywhere can access and have the opportunity to participate in this project, which is one of the foundations of a healthy internet 125 | 126 | Panopticon Project is training a movement of people to expose those who would do us harm online. By gathering information and disseminating it openly we can inform people about what's really going on in the world. People can make informed choices about how they interact with government and big business. 127 | 128 | ## I have objections to this project! 129 | They may be covered [here](https://github.com/Panopticon-Project/panopticon-admin/blob/master/objections.md). 130 | 131 | ## Thank you 132 | 133 | Seriously, thank you! It means a lot that you read this far! If you want go a step further and help to build a better world through Panopticon Project, feel free to join in. 134 | -------------------------------------------------------------------------------- /FRAMEWORK.md: -------------------------------------------------------------------------------- 1 | ![alt tag](https://user-images.githubusercontent.com/24201238/29351849-9c3087b4-82b8-11e7-8fed-350e3b8b4945.png) 2 | 3 | # Panopticon Project 4 | 5 | ## The Charon framework for sharing threat intelligence 6 | Charon is a formatting standardisation using the markdown language and an intelligence framework based on [STIX](https://oasis-open.github.io/cti-documentation/) and [MITRE ATT&CK™](https://attack.mitre.org/). It is designed to be easier to approach than STIX. In Greek mythology Styx is a river and Charon is the person who gets people across it. STIX is the river as far as being muchh deeper than the Charon standardisation, but Charon is the tool used to bridge the gap for the newcomer. Charon is also a person, not an object, and the Charon framework was built with people in mind. 7 | 8 | As part of the roadmap for Panopticon Project (P2), it is planned to have a converter that can take a markup file containing Charon and generate a JSON file of STIX. Charon has been written specifically for APTs. As part of the roadmap for P2 it is planned to also have Charon framework for Corporations and Nation States. 9 | 10 | ### Using Charon 11 | For APTs (Nation States and Corporations coming soon), copy and paste [this](https://github.com/Panopticon-Project/panopticon-admin/edit/master/FRAMEWORK.md) into the README for the repo if it's not there already. I've given you the link straight to the edited file to copy out the markdown as I've not figured out how to get markdown formatting to show without formatting the content, so you can just copy and paste. In case it doesn't work, you will need to edit this file to get the raw markdown code. Click the pencil in the upper right-hand order of the file. Then, copy and paste the code from FRAMEWORK.md into the README of your chosen repo. 12 | 13 | Once you have your framework, start reading articles or perform your own research to fill the raw intelligence section. When you are ready, move the intelligence into its appropriate category. If an existing category does not cover what you need to add, contact a project maintainer on panopticonproject at protonmail dot com to add a section to Charon. When dealing with multiple campaigns or multiple timeframes, copy everything from Campaign or Date Range through to and including Reports and fill in those sections again. The sections at the beginning of the framework, Name, Aliases, Overview, and the sections at the end of the framework, Raw Intelligence and Links are static and form the header and footer. The sections from Campaign or Date Range through to Reports are contextual to time and therefore will continue to be repeated for different time frames. Try to keep timeframes to roughly one year in length unless there is a clear need to do otherwise. 14 | 15 | ### An example of Charon 16 | Have a look [here](https://github.com/Panopticon-Project/panopticon-admin/blob/master/EXAMPLE_APT.md). 17 | 18 | # Charon Framework 19 | 20 | ## Name - start of header 21 | Common name of the threat actor. Use one of the listed labels. 22 | * Label - Advanced Persistent Threat (APT) / Corporation / Nation State 23 | 24 | ## Aliases 25 | Other names the threat actor is known by. 26 | Use list 27 | * [Alias](URL to source) 28 | * [Alias](URL to source) 29 | 30 | ## Overview - end of header 31 | A high-level summary of the threat actor. 32 | Use list 33 | * Description goes here 34 | * 35 | 36 | ## Time context starts 37 | 38 | ## Campaign or Date Range - start of repeatable time contextual section 39 | Use either a campaign with a specific timeframe or a date range not associated with a specific campaign. About is a short description of the campaign and should be removed if using date range. Dates should be in the format of DD Month Year e.g. 01 January 2019. 40 | * Campaign / Date Range 41 | * About - [Targeting infrastructure in South East Asia](URL to source) 42 | * Active from - XX Month 20XX 43 | * Active to - XX Month 20XX 44 | 45 | ### Attributes 46 | Listed after Campaign or Date Range as attributes can shift over time. Use one of the resource levels. Use one of the sophistication grades. Amateur is defined as using all prewritten tools and/or showing overall poor tradecraft. Expert is defined as using at least some self-written tools and/or showing overall good tradecraft. Advanced Expert is defined as consistently using self-written tools and showing consistently good tradecraft. Primary activity is a short description of what the groups mostly does. 47 | * Resource level - [Individual / Group / Corporation / Government](URL to source) 48 | * Sophistication - [Amateur / Expert / Advanced Expert](URL to source) 49 | * Primary activities - Description goes here 50 | 51 | ### Attack Pattern 52 | See the [Enterprise Matrix](https://attack.mitre.org/) for definitions of each of the below areas. Use in the order they occur and state no information for entries that don't yet have any information. ID is found on the right hand side of Technique pages of Mitre Att&ck. 53 | Use list 54 | * Initial Access 55 | * [Attack Pattern](URL to source) 56 | * ID - 57 | * Description 58 | * Execution 59 | * [Attack Pattern](URL to source) 60 | * ID - 61 | * Description 62 | * Persistence 63 | * [Attack Pattern](URL to source) 64 | * ID - 65 | * Description 66 | * Privilege Escalation 67 | * [Attack Pattern](URL to source) 68 | * ID - 69 | * Description 70 | * Defence Evasion 71 | * [Attack Pattern](URL to source) 72 | * ID - 73 | * Description 74 | * Credential Access 75 | * [Attack Pattern](URL to source) 76 | * ID - 77 | * Description 78 | * Discovery 79 | * [Attack Pattern](URL to source) 80 | * ID - 81 | * Description 82 | * Lateral Movement 83 | * [Attack Pattern](URL to source) 84 | * ID - 85 | * Description 86 | * Collection 87 | * [Attack Pattern](URL to source) 88 | * ID - 89 | * Description 90 | * Command and Control 91 | * [Attack Pattern](URL to source) 92 | * ID - 93 | * Description 94 | * Exfiltration 95 | * [Attack Pattern](URL to source) 96 | * ID - 97 | * Description 98 | * Impact 99 | * [Attack Pattern](URL to source) 100 | * ID - 101 | * Description 102 | 103 | ### Vulnerabilities 104 | A mistake in software that can be directly used by an attacker to gain access to a system or network. Link to a writeup in the exploit repo where possible (example, CVEs) or to external sources. Format should be in the format of vulnerability is exploited by name of the thing exploiting it, usually malware or a hacking tool. State no information if no information is available. 105 | Use list 106 | * [Vulnerability](URL to outline of how vulnerability is exploited) is exploited by name of malware / name of tool. [1](URL to source) 107 | * [Vulnerability](URL to outline of how vulnerability is exploited) is exploited by name of malware / name of tool. [2](URL to source) 108 | 109 | ### Identity 110 | Individuals, organizations, or groups. These are represented as individual entries under the heading of Identity. 111 | 112 | #### Individuals 113 | Specific members of threat actor. State no information for entries that don't yet have any information. 114 | Use list 115 | * [Name](URL to source) 116 | * [Name](URL to source) 117 | 118 | #### Affiliated organisations 119 | Specific official organisations the threat actor is connected to. State no information for entries that don't yet have any information. 120 | Use list 121 | * [Organisation](URL to source) 122 | * Attribution - Add attribution or reasoning. 123 | * [Organisation](URL to source) 124 | * Attribution - Add attribution or reasoning. 125 | 126 | #### Affiliated groups 127 | Specific known but unofficial groups the threat actor is connected to. State no information for entries that don't yet have any information. 128 | Use list 129 | * [Group](URL to source) 130 | * Attribution - Add attribution or reasoning. 131 | * [Group](URL to source) 132 | * Attribution - Add attribution or reasoning. 133 | 134 | ### Intrusion Set 135 | A grouped set of adversarial behaviours and resources with common properties believed to be orchestrated by a single threat actor. These are represented as individual categories under the heading of Intrusion Set. If an existing category does not cover what you need to add, contact a project maintainer on panopticonproject at protonmail dot com to add a section to Charon. 136 | 137 | #### Malware 138 | Details of malware used. Multiple names should be listed on the same line and separated by a comma. Functionality should be short, preferably one word. Example: keylogger. Multiple functionalities should be listed on the same line and separated by a comma. Hash should have a -, the type of hashing function used, another -, and the hash itself. Example: Hash - MD5 - 002ae76872d80801692ff942308c64t6. Notes should be a short description of anything else important, like the family the malware belongs to or variants. State no information for entries that don't yet have any information. 139 | * Names - [Name of malware](URL to source) 140 | * Functionality - add functionality 141 | * Hash - [Function] - [Actual hash](URL to source) 142 | * Notes - Description goes here 143 | 144 | #### Website 145 | A website used by the attacker. URLs should be in the format of hxxp so people don't accidentablly navigate to the URL by clicking on it. IP addresses shouldhave square brackets [] arond the last separator so people don't accidentally navigate to the address. Dates should be in the format of DD Month Year e.g. 01 January 2019. State no information for entries that don't yet have any information. 146 | * Name - Name of website 147 | * About - Description goes here 148 | * URL - [hxxp://address[.]com](URL to source) 149 | * IP - [000.000.000[.]000](URL to source) 150 | * Valid from - [XX Month 20XX](URL to source) 151 | * Valid to - [XX Month 20XX](URL to source) 152 | 153 | #### Infrastructure 154 | A server or domain used by the attackers to send commands to malware and to receive commands and exfiltrated information from the malware. 155 | * About - Short description. IP addresses should have square brackets [] around the last separator so people don't accidentally navigate to the address. Dates should be in the format of DD Month Year e.g. 01 January 2019. 156 | * IP - [000.000.000[.]000](URL to source) 157 | * Domain - [domain[.]com](URL to source) 158 | * Subdomains - [domain[.]com](URL to source) 159 | * Valid from - [XX Month 20XX](URL to source) - if dates are not precise just add month year or year and add note below 160 | * Valid to - [XX Month 20XX](URL to source) - if dates are not precise just add month year or year and add note below 161 | * Note on timeframe - short description if dates are not precise. 162 | * [SSH host key] (URL to source) 163 | * RSA - fingerprint 164 | * ECDSA - fingerprint 165 | * ED25519 - fingerprint 166 | * [SSL Certificate](URL to source) 167 | * Issuer - Name 168 | * Public key type - RSA etc 169 | * Public key bits - Bit length 170 | * Signature algorithm - name of algorithm 171 | * Not valid before - XX Month 20XX 172 | * Not valid after - XX Month 20XX 173 | * MD5 - MD5 hash 174 | * SHA-1 - SHA-1 hash 175 | * WHOIS 176 | * Add WHOIS entry here 177 | * Server location - [Location](URL to source) 178 | * ISP - [ISP](URL to source) 179 | * MX Record 180 | * Add WHOIS entry here 181 | * SOA Record 182 | * Add WHOIS entry here 183 | * A Record 184 | * Add WHOIS entry here 185 | * NS Record 186 | * Add WHOIS entry here 187 | * TXT Record 188 | * Add WHOIS entry here 189 | * SPF Record 190 | * Add WHOIS entry here 191 | * Banner 192 | * Add WHOIS entry here 193 | * Notes 194 | * notes go here. 195 | * notes go here. 196 | 197 | #### Documents 198 | A document used by the attackers, usually as part of phishing. About should be a short description of how the document was used. Hash should have a -, the type of hashing function used, another -, and the hash itself. Example: Hash - MD5 - 002ae76872d80801692ff942308c64t6. 199 | * Filename - [Name](URL to source) 200 | * About - Description goes here 201 | * Hash - Function - Actual hash 202 | * Notes - Notes go here 203 | 204 | #### Tools 205 | A tool used by the attacker. Multiple names should be listed on the same line and separated by a comma. functionalities should be short, preferably one word. Example: keylogger. Multiple functionalites should be listed on the same line and separated by a comma. URL should be the online address, if any, the tool can be publicly sourced from. 206 | * Names - [Name of tool](URL to source) 207 | * Functionality - Functionality, functionality 208 | * URL - http://address.com 209 | 210 | ## Time context ends 211 | 212 | ### Detection - end of repeatable time contextual section 213 | An action taken to detect an Attack Pattern entry. These should address the Attack Patterns listed above. State no information if no information is available. 214 | Use list 215 | * [Attack Pattern or Vulnerability entry goes here](URL to source) 216 | * Description 217 | 218 | ### Course of Action 219 | An action taken to either prevent an attack or respond to an attack. These should address the Attack Patterns and Vulnerabilities listed above. If the course of action is connected to something in this report, such as a CVE for example, that should be referenced. Example: Apply patch 5678 to ICS systems to patch CVE-2019-0254. State no information if no information is available. 220 | Use list 221 | * [Attack Pattern or Vulnerability entry goes here](URL to source) 222 | * Description 223 | 224 | ### YARA rules 225 | Rules for detecting indicators of compromise. State no information where the rule would be pasted if no information is available. Use douible spaces at the end of a line to force line breaks in Markdown. 226 | Use list 227 | * Rule - Paste on next line 228 | 229 | * URL - http://address.com 230 | 231 | ### Reports 232 | Collections of threat intelligence focused on one or more topics, such as a description of a threat actor, malware, or attack technique, including contextual details. The description should be a short outline of the report. 233 | Use list 234 | * [Name of report](URL to pdf/blog post etc) - Description goes here 235 | * [Name of report](URL to pdf/blog post etc) - Description goes here 236 | 237 | ## Copy and paste everything from Campaign or Date Range through to Reports for a new campaign or date range 238 | 239 | ## Raw Intelligence - start of footer 240 | Any further notes to be added to the framework would be added here. 241 | 242 | ## Links - end of footer 243 | Any new articles to be added here. 244 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Attribution-ShareAlike 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More_considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution-ShareAlike 4.0 International Public 58 | License 59 | 60 | By exercising the Licensed Rights (defined below), You accept and agree 61 | to be bound by the terms and conditions of this Creative Commons 62 | Attribution-ShareAlike 4.0 International Public License ("Public 63 | License"). To the extent this Public License may be interpreted as a 64 | contract, You are granted the Licensed Rights in consideration of Your 65 | acceptance of these terms and conditions, and the Licensor grants You 66 | such rights in consideration of benefits the Licensor receives from 67 | making the Licensed Material available under these terms and 68 | conditions. 69 | 70 | 71 | Section 1 -- Definitions. 72 | 73 | a. Adapted Material means material subject to Copyright and Similar 74 | Rights that is derived from or based upon the Licensed Material 75 | and in which the Licensed Material is translated, altered, 76 | arranged, transformed, or otherwise modified in a manner requiring 77 | permission under the Copyright and Similar Rights held by the 78 | Licensor. For purposes of this Public License, where the Licensed 79 | Material is a musical work, performance, or sound recording, 80 | Adapted Material is always produced where the Licensed Material is 81 | synched in timed relation with a moving image. 82 | 83 | b. Adapter's License means the license You apply to Your Copyright 84 | and Similar Rights in Your contributions to Adapted Material in 85 | accordance with the terms and conditions of this Public License. 86 | 87 | c. BY-SA Compatible License means a license listed at 88 | creativecommons.org/compatiblelicenses, approved by Creative 89 | Commons as essentially the equivalent of this Public License. 90 | 91 | d. Copyright and Similar Rights means copyright and/or similar rights 92 | closely related to copyright including, without limitation, 93 | performance, broadcast, sound recording, and Sui Generis Database 94 | Rights, without regard to how the rights are labeled or 95 | categorized. For purposes of this Public License, the rights 96 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 97 | Rights. 98 | 99 | e. Effective Technological Measures means those measures that, in the 100 | absence of proper authority, may not be circumvented under laws 101 | fulfilling obligations under Article 11 of the WIPO Copyright 102 | Treaty adopted on December 20, 1996, and/or similar international 103 | agreements. 104 | 105 | f. Exceptions and Limitations means fair use, fair dealing, and/or 106 | any other exception or limitation to Copyright and Similar Rights 107 | that applies to Your use of the Licensed Material. 108 | 109 | g. License Elements means the license attributes listed in the name 110 | of a Creative Commons Public License. The License Elements of this 111 | Public License are Attribution and ShareAlike. 112 | 113 | h. Licensed Material means the artistic or literary work, database, 114 | or other material to which the Licensor applied this Public 115 | License. 116 | 117 | i. Licensed Rights means the rights granted to You subject to the 118 | terms and conditions of this Public License, which are limited to 119 | all Copyright and Similar Rights that apply to Your use of the 120 | Licensed Material and that the Licensor has authority to license. 121 | 122 | j. Licensor means the individual(s) or entity(ies) granting rights 123 | under this Public License. 124 | 125 | k. Share means to provide material to the public by any means or 126 | process that requires permission under the Licensed Rights, such 127 | as reproduction, public display, public performance, distribution, 128 | dissemination, communication, or importation, and to make material 129 | available to the public including in ways that members of the 130 | public may access the material from a place and at a time 131 | individually chosen by them. 132 | 133 | l. Sui Generis Database Rights means rights other than copyright 134 | resulting from Directive 96/9/EC of the European Parliament and of 135 | the Council of 11 March 1996 on the legal protection of databases, 136 | as amended and/or succeeded, as well as other essentially 137 | equivalent rights anywhere in the world. 138 | 139 | m. You means the individual or entity exercising the Licensed Rights 140 | under this Public License. Your has a corresponding meaning. 141 | 142 | 143 | Section 2 -- Scope. 144 | 145 | a. License grant. 146 | 147 | 1. Subject to the terms and conditions of this Public License, 148 | the Licensor hereby grants You a worldwide, royalty-free, 149 | non-sublicensable, non-exclusive, irrevocable license to 150 | exercise the Licensed Rights in the Licensed Material to: 151 | 152 | a. reproduce and Share the Licensed Material, in whole or 153 | in part; and 154 | 155 | b. produce, reproduce, and Share Adapted Material. 156 | 157 | 2. Exceptions and Limitations. For the avoidance of doubt, where 158 | Exceptions and Limitations apply to Your use, this Public 159 | License does not apply, and You do not need to comply with 160 | its terms and conditions. 161 | 162 | 3. Term. The term of this Public License is specified in Section 163 | 6(a). 164 | 165 | 4. Media and formats; technical modifications allowed. The 166 | Licensor authorizes You to exercise the Licensed Rights in 167 | all media and formats whether now known or hereafter created, 168 | and to make technical modifications necessary to do so. The 169 | Licensor waives and/or agrees not to assert any right or 170 | authority to forbid You from making technical modifications 171 | necessary to exercise the Licensed Rights, including 172 | technical modifications necessary to circumvent Effective 173 | Technological Measures. For purposes of this Public License, 174 | simply making modifications authorized by this Section 2(a) 175 | (4) never produces Adapted Material. 176 | 177 | 5. Downstream recipients. 178 | 179 | a. Offer from the Licensor -- Licensed Material. Every 180 | recipient of the Licensed Material automatically 181 | receives an offer from the Licensor to exercise the 182 | Licensed Rights under the terms and conditions of this 183 | Public License. 184 | 185 | b. Additional offer from the Licensor -- Adapted Material. 186 | Every recipient of Adapted Material from You 187 | automatically receives an offer from the Licensor to 188 | exercise the Licensed Rights in the Adapted Material 189 | under the conditions of the Adapter's License You apply. 190 | 191 | c. No downstream restrictions. You may not offer or impose 192 | any additional or different terms or conditions on, or 193 | apply any Effective Technological Measures to, the 194 | Licensed Material if doing so restricts exercise of the 195 | Licensed Rights by any recipient of the Licensed 196 | Material. 197 | 198 | 6. No endorsement. Nothing in this Public License constitutes or 199 | may be construed as permission to assert or imply that You 200 | are, or that Your use of the Licensed Material is, connected 201 | with, or sponsored, endorsed, or granted official status by, 202 | the Licensor or others designated to receive attribution as 203 | provided in Section 3(a)(1)(A)(i). 204 | 205 | b. Other rights. 206 | 207 | 1. Moral rights, such as the right of integrity, are not 208 | licensed under this Public License, nor are publicity, 209 | privacy, and/or other similar personality rights; however, to 210 | the extent possible, the Licensor waives and/or agrees not to 211 | assert any such rights held by the Licensor to the limited 212 | extent necessary to allow You to exercise the Licensed 213 | Rights, but not otherwise. 214 | 215 | 2. Patent and trademark rights are not licensed under this 216 | Public License. 217 | 218 | 3. To the extent possible, the Licensor waives any right to 219 | collect royalties from You for the exercise of the Licensed 220 | Rights, whether directly or through a collecting society 221 | under any voluntary or waivable statutory or compulsory 222 | licensing scheme. In all other cases the Licensor expressly 223 | reserves any right to collect such royalties. 224 | 225 | 226 | Section 3 -- License Conditions. 227 | 228 | Your exercise of the Licensed Rights is expressly made subject to the 229 | following conditions. 230 | 231 | a. Attribution. 232 | 233 | 1. If You Share the Licensed Material (including in modified 234 | form), You must: 235 | 236 | a. retain the following if it is supplied by the Licensor 237 | with the Licensed Material: 238 | 239 | i. identification of the creator(s) of the Licensed 240 | Material and any others designated to receive 241 | attribution, in any reasonable manner requested by 242 | the Licensor (including by pseudonym if 243 | designated); 244 | 245 | ii. a copyright notice; 246 | 247 | iii. a notice that refers to this Public License; 248 | 249 | iv. a notice that refers to the disclaimer of 250 | warranties; 251 | 252 | v. a URI or hyperlink to the Licensed Material to the 253 | extent reasonably practicable; 254 | 255 | b. indicate if You modified the Licensed Material and 256 | retain an indication of any previous modifications; and 257 | 258 | c. indicate the Licensed Material is licensed under this 259 | Public License, and include the text of, or the URI or 260 | hyperlink to, this Public License. 261 | 262 | 2. You may satisfy the conditions in Section 3(a)(1) in any 263 | reasonable manner based on the medium, means, and context in 264 | which You Share the Licensed Material. For example, it may be 265 | reasonable to satisfy the conditions by providing a URI or 266 | hyperlink to a resource that includes the required 267 | information. 268 | 269 | 3. If requested by the Licensor, You must remove any of the 270 | information required by Section 3(a)(1)(A) to the extent 271 | reasonably practicable. 272 | 273 | b. ShareAlike. 274 | 275 | In addition to the conditions in Section 3(a), if You Share 276 | Adapted Material You produce, the following conditions also apply. 277 | 278 | 1. The Adapter's License You apply must be a Creative Commons 279 | license with the same License Elements, this version or 280 | later, or a BY-SA Compatible License. 281 | 282 | 2. You must include the text of, or the URI or hyperlink to, the 283 | Adapter's License You apply. You may satisfy this condition 284 | in any reasonable manner based on the medium, means, and 285 | context in which You Share Adapted Material. 286 | 287 | 3. You may not offer or impose any additional or different terms 288 | or conditions on, or apply any Effective Technological 289 | Measures to, Adapted Material that restrict exercise of the 290 | rights granted under the Adapter's License You apply. 291 | 292 | 293 | Section 4 -- Sui Generis Database Rights. 294 | 295 | Where the Licensed Rights include Sui Generis Database Rights that 296 | apply to Your use of the Licensed Material: 297 | 298 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 299 | to extract, reuse, reproduce, and Share all or a substantial 300 | portion of the contents of the database; 301 | 302 | b. if You include all or a substantial portion of the database 303 | contents in a database in which You have Sui Generis Database 304 | Rights, then the database in which You have Sui Generis Database 305 | Rights (but not its individual contents) is Adapted Material, 306 | 307 | including for purposes of Section 3(b); and 308 | c. You must comply with the conditions in Section 3(a) if You Share 309 | all or a substantial portion of the contents of the database. 310 | 311 | For the avoidance of doubt, this Section 4 supplements and does not 312 | replace Your obligations under this Public License where the Licensed 313 | Rights include other Copyright and Similar Rights. 314 | 315 | 316 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 317 | 318 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 319 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 320 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 321 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 322 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 323 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 324 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 325 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 326 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 327 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 328 | 329 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 330 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 331 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 332 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 333 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 334 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 335 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 336 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 337 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 338 | 339 | c. The disclaimer of warranties and limitation of liability provided 340 | above shall be interpreted in a manner that, to the extent 341 | possible, most closely approximates an absolute disclaimer and 342 | waiver of all liability. 343 | 344 | 345 | Section 6 -- Term and Termination. 346 | 347 | a. This Public License applies for the term of the Copyright and 348 | Similar Rights licensed here. However, if You fail to comply with 349 | this Public License, then Your rights under this Public License 350 | terminate automatically. 351 | 352 | b. Where Your right to use the Licensed Material has terminated under 353 | Section 6(a), it reinstates: 354 | 355 | 1. automatically as of the date the violation is cured, provided 356 | it is cured within 30 days of Your discovery of the 357 | violation; or 358 | 359 | 2. upon express reinstatement by the Licensor. 360 | 361 | For the avoidance of doubt, this Section 6(b) does not affect any 362 | right the Licensor may have to seek remedies for Your violations 363 | of this Public License. 364 | 365 | c. For the avoidance of doubt, the Licensor may also offer the 366 | Licensed Material under separate terms or conditions or stop 367 | distributing the Licensed Material at any time; however, doing so 368 | will not terminate this Public License. 369 | 370 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 371 | License. 372 | 373 | 374 | Section 7 -- Other Terms and Conditions. 375 | 376 | a. The Licensor shall not be bound by any additional or different 377 | terms or conditions communicated by You unless expressly agreed. 378 | 379 | b. Any arrangements, understandings, or agreements regarding the 380 | Licensed Material not stated herein are separate from and 381 | independent of the terms and conditions of this Public License. 382 | 383 | 384 | Section 8 -- Interpretation. 385 | 386 | a. For the avoidance of doubt, this Public License does not, and 387 | shall not be interpreted to, reduce, limit, restrict, or impose 388 | conditions on any use of the Licensed Material that could lawfully 389 | be made without permission under this Public License. 390 | 391 | b. To the extent possible, if any provision of this Public License is 392 | deemed unenforceable, it shall be automatically reformed to the 393 | minimum extent necessary to make it enforceable. If the provision 394 | cannot be reformed, it shall be severed from this Public License 395 | without affecting the enforceability of the remaining terms and 396 | conditions. 397 | 398 | c. No term or condition of this Public License will be waived and no 399 | failure to comply consented to unless expressly agreed to by the 400 | Licensor. 401 | 402 | d. Nothing in this Public License constitutes or may be interpreted 403 | as a limitation upon, or waiver of, any privileges and immunities 404 | that apply to the Licensor or You, including from the legal 405 | processes of any jurisdiction or authority. 406 | 407 | 408 | ======================================================================= 409 | 410 | Creative Commons is not a party to its public 411 | licenses. Notwithstanding, Creative Commons may elect to apply one of 412 | its public licenses to material it publishes and in those instances 413 | will be considered the “Licensor.” The text of the Creative Commons 414 | public licenses is dedicated to the public domain under the CC0 Public 415 | Domain Dedication. Except for the limited purpose of indicating that 416 | material is shared under a Creative Commons public license or as 417 | otherwise permitted by the Creative Commons policies published at 418 | creativecommons.org/policies, Creative Commons does not authorize the 419 | use of the trademark "Creative Commons" or any other trademark or logo 420 | of Creative Commons without its prior written consent including, 421 | without limitation, in connection with any unauthorized modifications 422 | to any of its public licenses or any other arrangements, 423 | understandings, or agreements concerning use of licensed material. For 424 | the avoidance of doubt, this paragraph does not form part of the 425 | public licenses. 426 | 427 | Creative Commons may be contacted at creativecommons.org. 428 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | ![alt tag](https://user-images.githubusercontent.com/24201238/29351849-9c3087b4-82b8-11e7-8fed-350e3b8b4945.png) 2 | 3 | # Panopticon Project 4 | 5 | ## Contributing Guidelines 6 | 7 | Thank you for wanting to contribute! 8 | 9 | ### Table of contents 10 | 11 | - [What should I know before I get started?](#what-should-i-know-before-i-get-started) 12 | - [The vision for P2](#the-vision-for-p2) 13 | - [The Code of Conduct](#the-code-of-conduct) 14 | - [What's already been done and what's underway](#whats-already-been-done-and-whats-underway) 15 | - [How to contact the maintainers to discuss contributions, where to interact with other contributors and how to ask for help](#how-to-contact-the-maintainers-to-discuss-contributions-where-to-interact-with-other-contributors-and-how-to-ask-for-help) 16 | - [The basic structure of P2](#the-basic-structure-of-p2) 17 | - [Organisation](#organisation) 18 | - [Groups this project gathers information on](#groups-this-project-gathers-information-on) 19 | - [Why are APTs and Nation States separate?](#why-are-apts-and-nation-states-separate) 20 | - [Posting your work to GitHub, where possible, is required](#posting-your-work-to-github-where-possible-is-required) 21 | - [Comments are required](#comments-are-required) 22 | - [The standards maintainers will adhere to](#the-standards-maintainers-will-adhere-to) 23 | - [How can I contribute?](#how-can-i-contribute) 24 | - [Types of contributions](#types-of-contributions) 25 | - [How do I find things people have already flagged as needing work?](#how-do-i-find-things-people-have-already-flagged-as-needing-work) 26 | - [I have something I want to work on, what's the next step?](#i-have-something-i-want-to-work-on-whats-the-next-step) 27 | - [Gathering intelligence](#gathering-intelligence) 28 | - [The Panopitcon Project Intelligence Cycle](#the-panopitcon-project-intelligence-cycle) 29 | - [Adding to a repository](#adding-to-a-repository) 30 | - [Advice for reading through written material](#advice-for-reading-through-written-material) 31 | - [The Charon Framework](#the-charon-framework) 32 | - [Searches to run IPs, Domains etc through to get you started](#searches-to-run-ips-domains-etc-through-to-get-you-started) 33 | - [Use brackets in URLs, domain names, email addresses and server names](#use-brackets-in-urls-domain-names-email-addresses-and-server-names) 34 | - [Recomended software](#recomended-software) 35 | - [Maltego](#maltego) 36 | - [Kali Linux](#kali-linux) 37 | - [Virtualisation software](#virtualisation-software) 38 | - [Advice for using Maltego](#advice-for-using-maltego) 39 | - [I would like an example repository](i-would-like-an-example-repository) 40 | - [Coding](#coding) 41 | - [I want to work with GitHub and or Git](#i-want-to-work-with-github-and-or-git) 42 | - [Report bugs](#report-bugs) 43 | - [Enhancements](#enhancements) 44 | - [Making an enhancement](#making-an-enhancement) 45 | - [Suggesting an enhancement](#suggesting-an-enhancement) 46 | - [Beginner issues](#beginner-issues) 47 | - [Pull requests](#pull-requests) 48 | - [Style Guide](#style-guide) 49 | 50 | ## What should I know before I get started? 51 | 52 | ### The vision for P2 53 | 54 | Panopticon Project (P2) is an open database of open source intelligence (OSINT) covering the electronic capabilities of Advanced Persistent Threats (APTs), nation states, and corporations that exercise nation state capabilities. The [README](https://github.com/Panopticon-Project/panopticon-admin/blob/master/README.md) is your introduction to the project and the overarching vision of what we are trying to achieve together. 55 | 56 | ### The Code of Conduct 57 | 58 | We have one, it is located [here](https://github.com/Panopticon-Project/panopticon-admin/blob/master/code_of_conduct.md), please look over before contributing. 59 | 60 | ### What's already been done and what's underway 61 | 62 | To give you an idea of where we've come from, what ground we've already covered, where we are going and what needs doing, check out our [roadmap](https://github.com/Panopticon-Project/panopticon-admin/blob/master/ROADMAP.md). 63 | 64 | ### How to contact the maintainers to discuss contributions, where to interact with other contributors and how to ask for help 65 | 66 | * You can email the maintainer on panopticonproject at protonmail.com to discuss your contribution 67 | * We are small at the moment and the community is still forming. Currently it's suggested if you want to talk to others contributing to the project, reach out to them on the email address/social media details listed in their GitHub profiles. 68 | * As the community grows and other communication channels become popular we will look at setting those up. 69 | * We are integrating with the [Commons Platform](https://commonsplatform.org/) and will have a specific forum for members of the Commons Platform who want to contribute to P2. You can join the Commons Platform by emailing welcome at commonsplatform.org 70 | 71 | ### The basic structure of P2 72 | 73 | To ensure you are contributing to the right repository (repo) it's a good idea to look over the repos to get an idea for what goes where. 74 | 75 | #### Organisation 76 | 77 | * [**panopticon-admin**](https://github.com/Panopticon-Project/panopticon-admin) - information about the project and its organisation, such as the project README, licence file, etc. (You're in this repo right now!) 78 | 79 | #### Resources 80 | 81 | * [**panopticon-Primer**](https://github.com/Panopticon-Project/panopticon-Primer) - Readings if you have no idea about a particular topic. This is your orientation into the fundamentals of the project to get you on the right page before contributing. 82 | 83 | * [**panopticon-T-T**](https://github.com/Panopticon-Project/panopticon-T-T) - T-T stands for tools and techniques. This is where all the information on different tools available to people, along with examples of action OSINT investigations are kept. If you don't know how to contribute, read other this repo and it should give you some starting points. Try them out. Come back and read more. This is your classroom and as you learn new things that aren't in this repo, feel free to contribute. 84 | 85 | #### Groups this project gathers information on 86 | 87 | These are broken into three types: 88 | 89 | * Nation State 90 | * APT 91 | * Corporation 92 | 93 | #### Why are APTs and Nation States separate? 94 | 95 | Because attribution is rarely one hundred per cent provable. The nation state repos will link to the APTs its strongly believed they sponsor and vice versa. Nation state repos will also cover things that are specific to the overall nation state but not specific to particular APTs. 96 | 97 | ### Posting your work to GitHub, where possible, is required 98 | 99 | If you are working on something like gathering intelligence, processing raw intelligence, anything that can be saved rather can contributions like posting to social media etc., it's asked you post the material to GitHub. This will give oversight to your work, not just for the maintainers so they can track progress but for other volunteers as well so they can see where work is at, enabling volunteers to clearly see where and how they can contribute. 100 | 101 | Please also give periodic updates if you're working on something spanning a length of time. Every two weeks is a good rule of thumb. 102 | 103 | ### Comments are required 104 | 105 | If your contribution will take place in any way on GitHub or you use Git please read over [this](https://chris.beams.io/posts/git-commit/) blogpost. It's heavy on using Git from the command line but the fundamentals are still relevent. Comments make things easier for everyone, so please leave comments when making commits. Taken from the aforementioned blogpost, please follow these seven rules: 106 | 107 | * Separate subject from body with a blank line (Github does this automatically) 108 | * Limit the subject line to 50 characters (GitHub will warn you of this but not restrict you) 109 | * Capitalize the subject line 110 | * Do not end the subject line with a period 111 | * Use the imperative mood in the subject line (your subject should be able to complete the following sentence: If applied, this commit will *your subject line here*) 112 | * Wrap the body at 72 characters 113 | * Use the body to explain what and why vs. how (unless the title is explanation enough, in which case leave the body out) 114 | 115 | Examples: 116 | 117 | Stop Embark crashing (*"If applied, this commit will stop embark crashing"* is a workable sentence as per the above rule) 118 | 119 | This addition to the flux capacitor stablises Embark. 120 | 121 | or the one liner: 122 | 123 | Fix a typo in the Contributing guidelines 124 | 125 | ### The standards maintainers will adhere to 126 | 127 | With the caveat that this is a volunteer project and everything is provided on a best efforts basis, below are the standards that maintaiers will adhere to and anyone wanting to be a maintainer will aspire to: 128 | 129 | * Acknowledge when a new issue is posted by a contributor 130 | * Notify users when you start and finish work 131 | * Summarize the state of the issue 132 | * Give periodic status updates 133 | * Inform everyone if you slip 134 | * Inform everyone if you’re on track 135 | * Make responsibility handoffs clear 136 | * Notify when new functionality is added to the project, and when fixes are made 137 | * Always use a non-threatening tone and correct grammar to increase legibility 138 | 139 | ## How can I contribute? 140 | 141 | ### Types of contributions 142 | 143 | P2 is a community, so contributing takes many forms. 144 | 145 | * Do you want to contribute to P2 by finding and analysing articles? This is the traditional and entry level why people will contribute to this project. Below will run through the P2 intelligence cycle and STIX (Structured Threat Information Expression) which this project uses. 146 | 147 | * Do you want to contribute to P2 by performing your own research? The [Tools and Techniques](https://github.com/Panopticon-Project/panopticon-T-T) repo has resources to get you started on performing your own research. Read on below for specific instructions on how you should present your intelligence. Often, people will use tools like [Maltego](https://www.paterva.com/web7/) for displaying their reserach. Maltego and many other OSINT tools come bundled with [Kali Linux](https://www.kali.org/). 148 | 149 | * Do you want to contribute to P2 by writing code? P2 isn't a traditional open source project working on software, but there is a lot that can be contributed through code. As an example, there are lots of [tools](http://automatingosint.com/blog/) you could build a front end for. If that's your thing, this Contributing document outlines how you can do that. The below guidelines for contributing to code are just that, guidelines, not hard and fast rules that must be adhered to. We ask that you use your best judgement and as a rule of thumb, put yourself in the shoes of the project maintainers. If you ran a project and someone submitted what you are going to submit, does it make sense? Is it appropriate? 150 | 151 | * Do you want to contribute to P2 through other means (such as helping with social media or any other means that come to mind)? If so, please email the maintainers and contributions will be handled on a case by case basis. 152 | 153 | ### How do I find things people have already flagged as needing work? 154 | 155 | Each repository will have a README file. Generally, that file will have gathered information, but at the bottom it will have links to articles yet read. Check below for the Infomration Cycle, but basically you can read those documents, strip out the facts and add them to the applicable categories on the README. 156 | 157 | Each repository will also have issues. Issues are sometimes used for things other than issues, like hosting images or working notes (becuase it's the easiest place for them), but generally you should find issues contain actual issues. Feel free to look over the issues in each of the repositories, and action any you feel comfortable with. In the interest of making contribution as easy as possible as the project grows we will create labels for issues. 158 | 159 | Labels like *Good Beginner Issue* let people know that the particular issue might be a good place for someone new to P2 or someone who may not have a great deal of opensource experience to start. 160 | 161 | We also have labels corresponding with skillsets, so if you're looking for something in particular you should be able to find it. 162 | 163 | The maintainers of P2 can only take a best guess at the type of contributions you want to make, so we have created labels as best we can but if you don't see an issue that corresponds to your skillsets, do not fret. You can still look over the existing issues, but we would also suggest you email the maintainers on panopticonproject at protonmail dot com and let us know we should accomodate your skillset by adding labels for those skills. This will ensure that those with simmilar skills coming after you have a smooth journey. Helping the next person is all part of community building! 164 | 165 | ### I have something I want to work on, what's the next step? 166 | 167 | Please email the maintainers on panopticonproject at protonmail dot com, your email should be tended to within 24 hours in most instances. As the community grows we may consider a forum such as a Slack channel. 168 | 169 | ### Gathering intelligence 170 | 171 | There are a number of disciplines that fall under the broad term intelligence. [The Intelligence Cycle](https://en.wikipedia.org/wiki/Intelligence_cycle) walks through the creation of intelligence. 172 | 173 | * Direction - there is a need for intelligence and someone directs another party to provide it 174 | * Collection - the gathering of intelligence through [various means](https://en.wikipedia.org/wiki/List_of_intelligence_gathering_disciplines) such as HUMINT (human intelligence), IMINT (imagery intelligence), ELINT (electronic intelligence), SIGINT (Signals Intelligence), OSINT (open source, or publicly available intelligence), etc. 175 | * Processing - any process raw intelligence has to go through before analysis. This can include translation of materials from a foreign language, evaluation of relevance and reliability, and collation of intelligence 176 | * Analysis - creating the actual contents of a "report", deciding the significance and implications of processed intelligence, identifying collateral information and patterns by combining disparate pieces of information, then interpreting the significance of any newly developed knowledge 177 | * Dissemination - the actionable intelligence is given to the directing party in whatever format they wanted it in 178 | * Feedback - based on a number of different things, only one being the intelligence you provided, further direction will be given on new intelligence required 179 | 180 | We romanticise intelligence but this is what it is. Most people that have held down a desk job will recognise this process as creating the "executive summary", where a large amount of information needs to be conveyed to the higher ups and you pick and choose what the key messages are since you're the subject matter expert, and those key messages are generally all that is ever read. The key bit here is that the writer picks and chooses the key messages (the Analysis phase), it's terribly subjective. Intelligence can step away from being a science post the processing phase and can become an art. Or can just become an opinion piece. There is a lot of debate around the accuracy and usefulness of intelligence once it steps into the analysis phase. This is problematic for P2 as we're trying to adhere to verifiable facts. Some of the above steps also aren't applicable for P2. 181 | 182 | * Direction - No one is directing us in most cases, we're doing this because we see a general need rather than something specific. We might be interested in what a particular government is up to generally, rather than needing to know the specific people a specific APT is going to target at a specific time, for instance. 183 | * Collection - This is fundamentally what P2 is all about, so this step is applicable 184 | * Processing - Once we have the raw intelligence it needs to be presented in a logical and coherent manner, so yes this also applicable 185 | * Analysis - As stated above, this is where we start stepping into the world of inferences. Past attribution of actions we largely want to stay away from this area 186 | * Dissemination - In the case of P2, the information is disseminated online 187 | * Feedback - As there was no real direction this isn't terribly applicable 188 | 189 | #### The Panopitcon Project Intelligence Cycle 190 | 191 | This leaves us with the cut down Panopitcon Project Intelligence Cycle: 192 | * We need to understand what is going on online - we aren't being directed by anyone, but linking back to [Why Does Pantopicon Project Exist?](https://github.com/Panopticon-Project/panopticon-admin#why-does-panopticon-project-exist) from our README and our [Open Canvas](https://github.com/Panopticon-Project/panopticon-admin/blob/master/open-canvas.md) the world is becoming more dystopic, we need to understand what is going on as the first step at pushing back against it. P2's mission statement is "we need to understand the electronic capabilities of Advanced Persistent Threats (APTs), nation states, and corporations that exercise nation state capabilities. 193 | * Collection - the gathering of intelligence through [various means](https://en.wikipedia.org/wiki/List_of_intelligence_gathering_disciplines) largely through OSINT (open source, or publicly available intelligence) 194 | * Processing - logically presenting the intelligence here on the P2 GitHub repo 195 | * Dissemination - Comitting the intelligence to the P2 GitHub repo and elsewhere, should people want to store the data in multiple locations 196 | 197 | #### Adding to a repository 198 | When adding your own research to a repository, click create new file, then on the file name put the date in this format 00Month2018 (01Jan2018 for example), then press /, this creates a folder with the date your uploading the documents, then create a markdown file with a relevent name. This means individual research is grouped by date, which is important because research is often time sensitive. As an example, please see [this repository](https://github.com/Panopticon-Project/panopticon-fancybear/tree/master/01Jan2018). 199 | 200 | #### Advice for reading through written material 201 | 202 | * Stick to the piece you're reading - Given the nature of the web we can often be reading something with links to other articles, and those have links to other things and so on. You can end up reading something entirely unrelated and have no idea how you got here. Stick to the piece you're reading, note down links for further material, read them once you finish what you're reading right now. Jumping around and not being systematic is how things get missed. 203 | 204 | #### The Charon Framework 205 | For an overview of the markup standardisation and intelligece framework P2 uses, read [this](https://github.com/Panopticon-Project/panopticon-admin/blob/master/FRAMEWORK.md) then come back here to finish off. 206 | 207 | #### Searches to run IPs, Domains etc through to get you started 208 | * https://www.threatcrowd.org/ 209 | * [Shodan](https://shodan.io) 210 | * https://www.riskiq.com/products/community-edition/ 211 | * https://whois.domaintools.com/ - Whois is free 212 | * Whois from the command line on Linux operating systems 213 | * http://statuslite.com/domain/ 214 | * https://bgp.he.net/dns/ 215 | 216 | #### Use brackets in URLs, domain names, email addresses and server names 217 | so people don't accidentally nagivate to the address and potentially infect themselves 218 | In the instance there are multiple dots just do the last dot 219 | IP addresses can be left as is 220 | example 221 | unisecproper[.]org 222 | le0nard0@mail[.]com 223 | nemohosts[.]com 224 | ns1.nemohosts[.]com 225 | 226 | #### Recomended software 227 | ##### Maltego 228 | It's suggested that [Maltego](https://en.wikipedia.org/wiki/Maltego) be used to visually display the research and put it all in one file that can be easily downloaded and examined by others. Maltego is proprietary software, which is sad, but it has a free community addition, is relatively straight forward to use, and already has acceptance in the information security community. Maltego is pre-installed with Kali Linux. 229 | 230 | ##### Kali Linux 231 | It's also suggested you use [Kali Linux](https://en.wikipedia.org/wiki/Kali_Linux). As well as giving you Maltego, Kali comes with a number of other open source intelligence tools, again all free. Really though, you can use any linux distribution, if you aren't using one specifically built for hacking/information gathering though you might find yourself spending a lot of time hunting for and downloading tools, so unless you're an old hand Kali is a good option. 232 | 233 | ##### Virtualisation software 234 | Most people don't run Linux at home, but setting up a linux operating system isn't that difficult on Windows or Mac. For an easy route you can use virtualisation software, which will allow you to run multiple operating systems on the one computer. Installing an ISO file, the file type the linux operating system is downloaded in, on virtualisation software has a number of steps to it. Unless you've done this many times before I'd suggest searching for guides on how to install the particular Linux distribution you have on the particular virtualisation software you're using. YouTube is a good resource for this. Popular virtualisation software include VirtualBox and VMWare Player. 235 | 236 | ##### Advice for using Maltego 237 | 238 | * To get stared, Paterva have a good introduction video [here](https://www.youtube.com/watch?v=sP-Pl_SRQVo). 239 | * Make sure all the transforms you have access to are installed before you start building your graph. The transforms give you access to additional entities to save you having to create some yourself and then trying to get all the background entity information correct so the data mining you do later actually works. 240 | * Build your graph as you go. Compiling all your information in a text editor is fine but by visualising the data as you discover things your search will be informed. You'll see what threads should be tugged on next, what's missing and you will be able to see and focus in on what you need to know. 241 | 242 | #### I would like an example repository 243 | 244 | Comming Soon. 245 | 246 | Non coders, this is where you leave off. Coders continue on! This section is under construction as this isn't a huge part of the project, at least at the moment. 247 | 248 | ## Coding 249 | 250 | ### I want to work with GitHub and or Git 251 | 252 | Here are some resources: 253 | * [How to find stuff in Git](https://www.tygertec.com/find-stuff-git/) 254 | 255 | ### Report bugs 256 | 257 | First you must: 258 | 259 | * **Check** the [outstanding issues]() the repo has currently. Someone may have already reported it. 260 | * **Determine** which repo the issue should be opened against, this is why it is a good idea to have a rough idea of XXX's building blocks. Not how they work, just want they are. 261 | 262 | Once you have followed these steps you are ready to submit your bug report. Bugs are reported as GitHub issues. 263 | 264 | * navigate to the desired repo, click **Issues** from the options running along the top of the page, then click the green **"New Issue"** button. 265 | 266 | To make your bug report as useful to others as possible, please consider the below and try to answer as many of them as possible: 267 | 268 | **Explain the problem and include additional details to help maintainers reproduce the problem:** 269 | 270 | * Use a clear and descriptive title for the issue to identify the problem. 271 | * Describe the exact steps which reproduce the problem in as many details as possible. 272 | * Describe the behaviour you observed after following the steps and point out what exactly is the problem with that behaviour. 273 | * Explain what behaviour you expected to see instead and why. 274 | * Include screenshots where possible. 275 | * If you're reporting that Alethia crashed, include a crash report with a stack trace from the operating system if possible. Include the crash report in the issue in a code block, a file attachment, or put it in a gist and provide link to that gist. 276 | * If the problem is related to performance, include a CPU profile capture and a screenshot with your report if possible. 277 | * If the problem wasn't triggered by a specific action, describe what you were doing before the problem happened and share more information using the guidelines below. 278 | 279 | **Provide more context by answering these questions:** 280 | 281 | * Can you reproduce the problem in safe mode? 282 | * Did the problem start happening recently (e.g. after updating to a new version of Aletheia) or was this always a problem? 283 | * If the problem started happening recently, can you reproduce the problem in an older version of Aletheia? What's the most recent version in which the problem doesn't happen? 284 | * Can you reliably reproduce the issue? If not, provide details about how often the problem happens and under which conditions it normally happens. 285 | 286 | **Include details about your configuration and environment:** 287 | 288 | * Which version of XXX are you using? 289 | * What's the name and version of the OS you're using? 290 | * Are you running XXX in a virtual machine? If so, which VM software are you using and which operating systems and versions are used for the host and the guest? 291 | * Are you using XXX with multiple monitors? If so, can you reproduce the problem when you use a single monitor? 292 | * Which keyboard layout are you using? Are you using a US layout or some other layout? 293 | 294 | ### Enhancements 295 | 296 | It would be great if our software did exactly what we wanted, and it can, that's the whole point of open source. In that spirit if you have an enhancement you'd like to suggest and you know some programming, you are encouraged to work on the enhancement here on GitHub. If you don't know any programming you're encouraged to learn, it's a great skill! But in the meantime you can suggest an enhancement that someone else might build. 297 | 298 | ### Making an enhancement 299 | 300 | * **Check** the [outstanding issues]() XXX has currently. Someone may be planning to work on something similar. 301 | * **Read** the latest version of the [whitepaper]() (If there is one present) first. This will align you with the project vision. 302 | * **Email** panopticonproject at protonmail dot com to discuss your enhancement before you start. XXX has been designed to overcome problems in very particular ways, and we need to ensure the the enhancement meshes with the rest of XXX and isn't something already being worked on. We don't want your time and effort to go to waste. Down the track it is envisaged that the go/no go call for an enhancement will be made by the community in keeping with P2's principles of decentralisation. 303 | 304 | ### Suggesting an enhancement 305 | 306 | * **Check** the [outstanding issues]() XXX has currently. Someone may have already reported it. 307 | * **Determine** which repo the enhancement should be opened against; this is why it is a good idea to have a rough idea of XXX's building blocks. Not how they work, just want they are. 308 | 309 | Once you have followed these steps you are ready to submit your enhancement suggestion. Enhancements are suggested through GitHub issues much the same way bugs are reported. 310 | 311 | * navigate to the desired repo, click **Issues** from the options running along the top of the page, then click the green **"New Issue"** button. 312 | 313 | To make your enhancement suggestion as useful to others as possible, please consider the below and try to answer as many of them as possible: 314 | 315 | * Use a clear and descriptive title for the issue to identify the suggestion. 316 | * Provide a step-by-step description of the suggested enhancement in as many details as possible. 317 | * Provide specific examples to demonstrate the steps. Include copy/pasteable snippets which you use in those examples, as Markdown code blocks if possible. 318 | * Describe the current behaviour and explain which behaviour you expected to see instead and why. 319 | * Include screenshots which help you demonstrate the steps or point out the part of Aletheia which the suggestion is related to. 320 | * Explain why this enhancement would be useful to most XXX users. 321 | * List some other applications where this enhancement exists. 322 | * Specify which version of XXX you're using. 323 | * Specify the name and version of the OS you're using. 324 | 325 | ### Beginner issues 326 | 327 | Want to help build XXX but unsure where to start? We will mark good beginner issues with the label *Good beginner issue*. Click [here]() to see all the open ones, and pitch in! 328 | 329 | ### Pull requests 330 | 331 | * Please adhere to the contributing guidelines listed above. 332 | * Add unit tests for any contracts or code that can be tested. 333 | 334 | ### Style Guide 335 | 336 | * [**XXX-app**]() Uses [XXX Standard Style](). 337 | * The forked libraries each maintain their own code style standards. 338 | --------------------------------------------------------------------------------