Python HTTP Server
Contents
Python HTTP Server#
Metadata#
Contributors |
Roberto Rodriguez @Cyb3rWard0g |
Creation Date |
2020/10/29 |
Modification Date |
2020/10/29 |
Tactics |
|
Techniques |
|
Tags |
None |
Dataset Description#
This dataset represents threat actors adding a FW inbound rule and starting a Python HTTP Server.
Datasets Downloads#
Type |
Link |
|---|---|
Host |
Adversary View#
Add Firewall Rule
-----------------
PS > & netsh advfirewall firewall add rule name="python.exe" dir=in action=allow description="python.exe" program="C:\users\wardog\appdata\local\programs\python\python39\python.exe" enable=yes localport=any protocol=tcp remoteip=any
Ok.
PS > & netsh advfirewall firewall add rule name="python.exe" dir=in action=allow description="python.exe" program="C:\users\wardog\appdata\local\programs\python\python39\python.exe" enable=yes localport=any protocol=udp remoteip=any
Ok.
Start HTTP Server
-----------------
PS > python -m http.server 8000
Serving HTTP on :: port 8000 (http://[::]:8000/) ...
Explore Datasets#
Download & Decompress Dataset#
import requests
from zipfile import ZipFile
from io import BytesIO
url = https://raw.githubusercontent.com/OTRF/Security-Datasets/master/datasets/atomic/windows/execution/host/psh_python_webserver.zip
zipFileRequest = requests.get(url)
zipFile = ZipFile(BytesIO(zipFileRequest.content))
datasetJSONPath = zipFile.extract(zipFile.namelist()[0])
Read JSON File#
from pandas.io import json
df = json.read_json(path_or_buf=datasetJSONPath, lines=True)
Access Security Events#
df.groupby(['Channel']).size().sort_values(ascending=False)