Analyse your weird URLs the easy way
2023-07-04, 09:15–09:50 (Europe/Paris), Amphitheater

Websites are a hellish mess and even when you're lucky enough to have a still-working URL they will often have widely different outcomes depending on your browser settings, your location and the instant you try to load it. This talk will show you a few examples and a complete suite of tools to integrate such an analysis in your day-to-day workflow.

You might have heard of Lookyloo before, but this talk will not be limited to it. We will show you that you can integrate it in a complete tool suite:

  • Pandora: to analyze files and emails (which can be forwarded from your mailbox), extract attachments and observable such as URLs and submitting them to Lookyloo
  • Process URLs pointing to a downloadable file in Lookyloo and submitting them to Pandora
  • Once a URL is analyzed, it can be submitted to a monitoring interface which will compare capture across time and inform you when something relevant changes - could be the URL being taken down, or your website serving malware

Or maybe you Just want to capture URLs and don't care about Lookyloo? Well, we also have you sorted and developed a standalone capturing interface called Lacus, which is already used in production by AIL Framework.

All of that has (obviously) an integration with MISP for long term storage and sharing with your community.

In short, we're going to present you a complete suite of OSS tools that you can use either independently, or all together to hopefully make your life easier.

See also: slides

Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.