You can find information on software tools released by the TU/e SEC group below and at the referenced links.
|THREAT/crawl||THREAT/crawl is a prototypical web crawler for underground community monitoring. The tool is a general purpose crawler that can be configured via a guided procedure to stealthily crawl different underground forums, mimicking human behavior, supporting multiple edge cases in the crawling, allowing to define custom sequences of actions for crawling in non-standard cases, and offering a range of tuning parameters to customize its operations.||THREAT/crawl|
|SAFAX||SAFAX is an extensible authorization framework offered as a service. SAFAX provides a novel XACML-based architectural framework tailored to the development of extensible authorization services for clouds. The key design principle underlying SAFAX is that all components are loosely coupled services, thus providing the flexibility, extensibility and scalability needed to manage authorizations in cloud environments.||SAFAX|
|TRIPLEX||TRIPLEX is a tool-supported framework for the analysis of data minimisation in privacy-enhancing protocols. TRIPLEX allows users to visually construct scenarios of different actors communicating using any kind of privacy-enhancing protocol. TRIPLEX automatically simulates these scenarios, and provides different analysis tools. The tools, geared towards non-cryptography-experts, allow users to analyse the knowledge that actors learn by executing communication protocols, as well as to verify protocol-independent privacy properties.||TRIPLEX|
|X2S||X2S is a formal framework for the analysis of XACML policies that employs Satisfiability Modulo Theories (SMT) as the underlying reasoning mechanism.||X2S|
|DALTIA||DALTIA is a tool for DAta Leakage deTection analysIs and visuAlization. DALTIA tackles the data leakage problem from different perspectives, namely Profiling, Detection, Quantification, Attack Classification and Visualization.||DALTIA|
|APD||The Anomalous Pattern Discovery Tool (APD) is a tool aimed at providing the user with a set of advanced functionalities to infer and explore deviations occurred in a set of past process executions.|
|A Toolkit for Tailored Phishing||The toolkit allows the deployment of sophisticated, tailored phishing campaigns at scale. It comprises two components: (i) an extension of Gophish for the specification of highly customizable phishing email templates and (ii) a bash script for the selection of credible phishing domains.||Link|
The data released by the SEC group to the public is referenced below alongside the reference publications. The column *access type* references whether the data is immediately available or requires additional steps to be taken first.
Licensed data is released under an academic and completely free license, and can be accessed by contacting email@example.com from an institutional email address, specifying the nature of the project for which the data is requested.
The license has to be compiled in the highlighted fields and sent back to the same address, signed by you (the recipient scientist), and by a Full Professor or by the Head of Department. Once we receive the signed license we will send back a copy signed on our side alongside the requested dataset(s).
|Data||Description||Reference paper||Access type||Link|
|INDICTED_CYBERCRIMINALS||List of indicted, convicted and arrested cybercriminals spanning from 2011 to 2021, extracted from https://arresttracker.com/ (currently offline). For each cybercriminal, the dataset reports name, surname, alias, date of indictment, conviction or arrest, short description of the accusations, and link to the source. Sources include the USA Department of Justice, Europol press releases, and media outlets.||M. Campobasso, L. Allodi (22nd Workshop on the Economics of Information Security (WEIS))||Licensed||Data sharing link. For support, contact g[dot]gankhuyag[at]tue[dot]nl|
|IMPAAS_ECONOMY_DATASETS||Information about the advertised products, namely user profiles, crawled from the listing of an underground market providing Impersonation-as-a-Service products. Two datasets are available: (1) contains detailed information about the 25% random sample of daily advertised profiles on the market, collected on a daily basis; (2) is a collection of short information regarding the profiles scraped during each daily capture contained in (1), collected over the following 6 days to infer which profiles have been sold over time. In addition, we provide the scripts used to perform the pre-processing of the data. Finally, we provide the crawling infrastructure adopted to scrape the data from the market.||M. Campobasso, L. Allodi (32nd USENIX Security Symposium 2023) - Preprint version||Licensed||Data sharing link. For support, contact g[dot]gankhuyag[at]tue[dot]nl|
|IMPAAS_DATASETS||Information about the advertised products, namely user profiles, crawled from the listing of an underground market providing Impersonation-as-a-Service products. Two datasets are available; the former contains general information about all products available at scraping time, the latter details a random subset of profiles with information such as which credentials have been stolen from. In addition, a file R with the statistical analysis used for the paper can be available.||M. Campobasso, L. Allodi (ACM CCS 2020) - Preprint version||Licensed||Download license|
|MALMARKET_VULNS||CVEs published in a prominent Russian cybercrime market (as of April 2017). Reports CVE identifiers, prices, vendors, vulnerability characteristics, type of packaging, date of publication, date of disclosure, among other fields. *Note:* the SYM dataset is released here.||L. Allodi (ACM CCS 2017); L. Allodi, F. Massacci (ACM TISSEC 2014)||Licensed||Download license|
|MALMARKET||Unstructured dataset with the dumps of the market forum interactions (in Russian) spawning from the CVE trading reported in MALMARKET_VULNS.||L. Allodi (ACM CCS 2017)||Ad hoc collaborations||Send a short (max 1 page) research proposal to Dr. L. Allodi|
|Cryptx||PCAP files of the Cryptx ransomware||to come||Direct download||Cryptx PCAP (approx. 700MB)|
|Jigsaw||PCAP files of the Jigsaw ransomware||to come||Direct download||Jigsaw PCAP (approx. 1GB)|
|Automotive Controller Area Network (CAN) Bus Intrusion Dataset||CAN bus datasets from three systems: two cars (Opel Astra and Renault Clio) and a CAN bus prototype we built ourselves. For each system, there are files consisting in normal data and attack data. The purpose is meant to evaluate CAN bus Network Intrusion Detection Systems (NIDS). See READMEs in folders for more details. CAN bus NIDS implementations can be obtained upon requests via email. This work has been supported by the APPSTACLE project.||G. Dupont et al. (IEEE ICCVE 2019)||Direct download||Datasets|
|Dmitry Zhdanov||Georgia State University||This dataset will be used to renareh supply and demand dynamics of dark markets over time. Our goal is to verify the economic dynamics model with these data.|
|Daniel Sadoc Menasche||Universidade Federal do Rio de Janeiro - UFRJ||The goal of our project is to contrast findings from different black markets.|
|Pierre Trepagnier||Utilizing traded black market exploits as one of a set of possible predictors indicating host risk of compromise.|