Student Innovation Project

SpookySOC – A Scarily Good SOC Toolkit

SpookySOC has been in development for a handful of years, since I was a senior in highschool. I always hated how many tabs I had open when I was looking at sketchy websites or possible malware samples. Initially written in Powershell, SpookySOC now only requires Python3 and Python libraries – no external tools are utilized! A responsive and accurate terminal prompt sends you through all the motions, queries (free) external sources, and returns data in a multitude of usable formats. Most organizations require you sanitize data collected before documenting it or sending it to a customer: “defang” IP addresses/domains, anonymize users/workstation names,etc; SpookySOC makes this significantly easier by taking the manual work out of the equation.For later expansion, plaintext email “templates” can be provided in a configuration file and information will be populated into a template accordingly, ready to be copy and pasted into your ticketing system or documentation platform.

Video Pitch

SIP Brief

This document contains the most recent SIP brief, completed for SIP311.

Demonstration

For a real-time demonstration with more results, please view the Video Pitch above. An example run can be found below, checking solely the IP address.