Ronin OSINT Demo

Objective

Demonstrate how open source intelligence tools can identify threat actors like the Lazarus Group, using the Ronin Bridge Hack as a real-world case study.

Stack

SpiderFoot (OSINT scanner)
Docker
GitHub
NTFY (optional alerting)
MITRE ATT&CK + AADAPT for emulation

Quick Start

docker-compose -f docker/docker-compose.yaml up --build

Run a Scan

docker exec -it spiderfoot python3 sf.py -s ronin.network -o csv -m ip,domain,whois -F output/ronin_lazarus_report.csv

Send Alert

python3 alerts/ntfy_alert_handler.py

Emulation Plan

See threat_emulation/ for details on MITRE and AADAPT.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.github/workflows		.github/workflows
README.md		README.md
aadapt_emulation_plan.md		aadapt_emulation_plan.md
docker-compose.yaml		docker-compose.yaml
mitre_attack_mapping.md		mitre_attack_mapping.md
ntfy_alert_handler.py		ntfy_alert_handler.py
spiderfoot.Dockerfile		spiderfoot.Dockerfile

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Ronin OSINT Demo

Objective

Stack

Quick Start

Run a Scan

Send Alert

Emulation Plan

About

Uh oh!

Releases

Packages

Languages

desimic/Ronin_OSINT

Folders and files

Latest commit

History

Repository files navigation

Ronin OSINT Demo

Objective

Stack

Quick Start

Run a Scan

Send Alert

Emulation Plan

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages