Tools and Resources
Here's a dump of some my favourite places!
Not everything is here but hopefully I can add to it fairly frequently so that it may help you folk passing by!
IOC Sites and Breakdowns:
https://malware-traffic-analysis.net – EK Blog
https://broadanalysis.com – EK Blog
https://malwarebreakdown.com – EK Blog
https://otx.alienvault.com – Sig sharing
https://exchange.xforce.ibmcloud.com – IBMs intel platform
https://zerophagemalware.com – EK Blog
https://ransomwaretracker.abuse.ch/tracker – Ransomware domain tracker
http://blog.dynamoo.com – Spam/phishing blog
https://bleepingcomputer.com – Blogs
https://blog.malwarebytes.com – Blogs
https://any.run - Run samples in browser
Hunting Rules and Sigs:
https://github.com/Neo23x0/signature-base – Florian Roth's Yara goodies @cyb3rops
Guides, Techniques and Learning:
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet - Reverse shell cheat sheet
https://cybrary.it - Free Security courses
https://dca.immersivelabs.online - Interactive labs in your browser
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet - Pen test tools cheat sheet
https://tulpa-security.com/2017/07/18/288 - OSCP Prep
https://github.com/infosecn1nja/Red-Teaming-Toolkit - Red team tools
https://securitybytes.io - Vulnhub walkthroughs and other stuff
https://hackthebox.eu - Hack vulnerable machines for fun (hosted)
https://vulnhub.com/ - Hack vulnerable machines for fun (download VMs)
Samples:
https://malwaredomainlist.com/mdl.php – Bad domains
https://github.com/ytisf/theZoo – Linux based malware repo
http://offensivecomputing.net – Search for samples
http://vxvault.net – New samples
http://malc0de.com/database – Samples
https://virustotal.com – Much better with a VirusTotal Intelligence account
Scanning and Attribution:
https://urlquery.net – URL query search
https://virustotal.com – Scan sites with AV
https://hybrid-analysis.com – Dynamic malware analysis using sandboxes
https://malwr.com – Dynamic malware analysis using sandboxes
https://threatminer.org - Dig around IP and domain info
https://threatcrowd.org - Dig around IP and domain info
https://passivetotal.org - Dig around IP and domain info (Most recommended)
https://entrust.com/ct-search - Get some info on the certs
http://blacklistalert.org – Check you some blacklists
https://cymon.io – Domain scanning, blacklist correlation
https://urlscan.io - URL scanning and screenshotting
OSINT and Tools:
https://viewdns.info - DNS info
https://inteltechniques.com - OSINT techniques/stalking
https://hackertarget.com/find-dns-host-records - Find subdomains
https://dnsdumpster.com - Passive DNS recon
https://passivetotal.org - Already mentioned in above section
https://robtex.com - Whois resolving and much more
https://infobyip.com/ipbulklookup.php – Bulk IP/domain resolving <3
https://whois.domaintools.com - Can't believe I haven't mentioned this yet!
Other:
https://limacharlie.io - Free EDR solution. There is also an early open-source version below.
https://github.com/refractionPOINT/limacharlie
Here is a picture so that this post isn't just a wall of text.
Not everything is here but hopefully I can add to it fairly frequently so that it may help you folk passing by!
IOC Sites and Breakdowns:
https://malware-traffic-analysis.net – EK Blog
https://broadanalysis.com – EK Blog
https://malwarebreakdown.com – EK Blog
https://otx.alienvault.com – Sig sharing
https://exchange.xforce.ibmcloud.com – IBMs intel platform
https://zerophagemalware.com – EK Blog
https://ransomwaretracker.abuse.ch/tracker – Ransomware domain tracker
http://blog.dynamoo.com – Spam/phishing blog
https://bleepingcomputer.com – Blogs
https://blog.malwarebytes.com – Blogs
https://any.run - Run samples in browser
Hunting Rules and Sigs:
https://github.com/Neo23x0/signature-base – Florian Roth's Yara goodies @cyb3rops
Guides, Techniques and Learning:
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet - Reverse shell cheat sheet
https://cybrary.it - Free Security courses
https://dca.immersivelabs.online - Interactive labs in your browser
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet - Pen test tools cheat sheet
https://tulpa-security.com/2017/07/18/288 - OSCP Prep
https://github.com/infosecn1nja/Red-Teaming-Toolkit - Red team tools
https://securitybytes.io - Vulnhub walkthroughs and other stuff
https://hackthebox.eu - Hack vulnerable machines for fun (hosted)
https://vulnhub.com/ - Hack vulnerable machines for fun (download VMs)
Samples:
https://malwaredomainlist.com/mdl.php – Bad domains
https://github.com/ytisf/theZoo – Linux based malware repo
http://offensivecomputing.net – Search for samples
http://vxvault.net – New samples
http://malc0de.com/database – Samples
https://virustotal.com – Much better with a VirusTotal Intelligence account
Scanning and Attribution:
https://urlquery.net – URL query search
https://virustotal.com – Scan sites with AV
https://hybrid-analysis.com – Dynamic malware analysis using sandboxes
https://malwr.com – Dynamic malware analysis using sandboxes
https://threatminer.org - Dig around IP and domain info
https://threatcrowd.org - Dig around IP and domain info
https://passivetotal.org - Dig around IP and domain info (Most recommended)
https://entrust.com/ct-search - Get some info on the certs
http://blacklistalert.org – Check you some blacklists
https://cymon.io – Domain scanning, blacklist correlation
https://urlscan.io - URL scanning and screenshotting
OSINT and Tools:
https://viewdns.info - DNS info
https://inteltechniques.com - OSINT techniques/stalking
https://hackertarget.com/find-dns-host-records - Find subdomains
https://dnsdumpster.com - Passive DNS recon
https://passivetotal.org - Already mentioned in above section
https://robtex.com - Whois resolving and much more
https://infobyip.com/ipbulklookup.php – Bulk IP/domain resolving <3
https://whois.domaintools.com - Can't believe I haven't mentioned this yet!
Other:
https://limacharlie.io - Free EDR solution. There is also an early open-source version below.
https://github.com/refractionPOINT/limacharlie
Here is a picture so that this post isn't just a wall of text.
