Resources

Below you will find tools and resources that I utilize to perform open source research, malware analysis, threat intelligence, as well as various blogs and news outlets that I follow.

Blogs/News:

  • https://malware-traffic-analysis.net/
  • https://broadanalysis.net/
  • https://blog.malwarebytes.com/
  • https://myonlinesecurity.co.uk/
  • https://cofense.com/blog/
  • https://threatpost.com/blog/
  • https://krebsonsecurity.com/
  • https://blog.trendmicro.com/trendlabs-security-intelligence/
  • https://unit42.paloaltonetworks.com/
  • https://blog.paloaltonetworks.com/
  • https://www.zscaler.com/blogs/research
  • https://securelist.com/
  • https://www.wired.com/category/threatlevel/
  • https://www.proofpoint.com/us/blog
  • https://www.sentinelone.com/blog/
  • https://www.zdnet.com/
  • https://thehackernews.com/
  • https://www.bleepingcomputer.com/
  • https://www.flashpoint-intel.com/blog/
  • https://research.checkpoint.com/
  • https://blogs.cisco.com/security
  • https://www.cyberbit.com/blog/
  • https://www.fireeye.com/blog.html
  • https://nakedsecurity.sophos.com/
  • https://isc.sans.edu

Automated Analysis/Sandboxes:

  • https://app.sndbox.com/
  • https://app.any.run/
  • https://hybrid-analysis.com/
  • https://virustotal.com/
  • https://analyze.intezer.com/

Hash/URL/IP/MAC/UA/Reputation Lookups:

  • https://tools.wmflabs.org/whois/gateway.py?
  • http://whois.domaintools.com/
  • https://centralops.net/co/DomainDossier.aspx
  • https://www.abuseipdb.com/
  • http://www.kloth.net/services/
  • https://macvendors.com
  • https://developers.whatismybrowser.com
  • https://exonerator.torproject.org/
  • https://metadefender.opswat.com/
  • https://dnslytics.com/
  • https://crt.sh/
  • http://www.ipvoid.com/
  • https://www.brightcloud.com/tools/url-ip-lookup.php
  • https://www.threatcrowd.org/
  • http://app.webinspector.com/
  • https://urlscan.io/
  • https://zulu.zscaler.com/
  • http://sitereview.bluecoat.com
  • https://www.scumware.org/search.php
  • https://totalhash.cymru.com/

Threat Intel/Research:

  • https://pulsedive.com/
  • https://talosintelligence.com/
  • https://community.riskiq.com/home
  • https://otx.alienvault.com/
  • https://www.threatminer.org/
  • https://exchange.xforce.ibmcloud.com/
  • http://www.threatglass.com/
  • https://www.shodan.io/
  • https://www.binaryedge.io/
  • https://pan-unit42.github.io/playbook_viewer
  • https://apt.threattracking.com/
  • https://publicwww.com/
  • https://findsubdomains.com
  • https://dnsdumpster.com/
  • https://censys.io
  • https://mxtoolbox.com/

Misc:

  • https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx
  • https://www.itextpad.com/
  • https://shrib.com/
  • https://iplogger.org/
  • https://malshare.com/
  • https://start.me/p/rxRbpo/ti
  • https://onlinedisassembler.com/odaweb/
  • https://gchq.github.io/CyberChef/

Analysis tools

  • Wireshark - (https://www.wireshark.org/)
  • Fiddler - (https://www.telerik.com/fiddler)
  • Process Hacker - (https://github.com/processhacker)
  • Volitility - (https://www.volatilityfoundation.org)
  • Redline - (https://www.fireeye.com/services/freeware/redline.html)
  • Ghidra - (https://ghidra-sre.org/)
  • SysInternals Suite - (https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite)
  • PEBEAR - (https://github.com/hasherezade/pe-bear-releases/releases/tag/0.3.9.5)
  • INETSIM - (https://www.inetsim.org/)
  • Various KahuSecurity Tools - (https://www.kahusecurity.com/tools.html)
  • Process Spawn Control - (https://github.com/felixweyne/ProcessSpawnControl)
  • NetworkMiner - (https://www.netresec.com/?page=networkminer)