Skip to content

Latest commit

 

History

History
70 lines (56 loc) · 30 KB

README.md

File metadata and controls

70 lines (56 loc) · 30 KB

Awesome-Security-Analyst-Tools

This is a curated list of awesome security tools used by analyst on the daily basis for Blue Teaming.

MALWARE

Malware aka Malicious Software is a file or code,usually delivered over a N/W that infects, explores, steals or conducts malicious activity. It is a collective term for viruses, trojans and other destructive computer programs used by ATP(Advanced Persistent Threat Actor)

Tool Description Official Link
Virus Total Virus Total is a free service founded in 2004 that analyses files and URLs for viruses, worms, trojans and other kind of malicious content.
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
Virus Total
Hybrid Analysis Hybrid Analysis . com is a free web based page that can be used for malware analysis service for the community, in-depth static and dynamic analysis Hybrid Analysis
Alien Vault- Open Threat Exchange The Alien Labs® Open Threat Exchange® (OTX™) is the world’s first and largest truly open threat intelligence community. OTX provides access to a global community of threat researchers and security professionals, with more than 100,000 participants in 140 countries, who contribute over 19 million threat indicators daily. OTX allows anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, thereby helping one another strengthen cyber defenses and raise awareness of emerging threats on a global level. Alien Vault
Joe Sandbox Joe Security, founded in 2011 by Stefan Bühlmann is a Swiss-based, privately owned software development company. Joe Security is the developer of Joe Sandbox, industry's deepest malware analysis system. Joe Sandbox is actively used by leading CERTs, CIRTS, SOCs, malware analysts and incident responders around the world to defend malware. Joe Security is one of the first movers in the field of dynamic malware analysis and has invented several
unique analysis technologies, including hybrid code analysis and hypervisor based inspection.
Joe Sandbox
ANY.RUN Interactive online malware analysis service for dynamic and static research of most types of threats using any environments.
Replaces a set of tools for research. The service can be used for a convenient in-depth analysis of new (unidentified) malicious objects, as well as for the investigation of cyber incidentals.
Any Run

THREAT INTELLIGENCE

Tool Description Official Link
Microsoft Defender Threat Intelligence Microsoft Defender Threat Intelligence (Defender TI) is a platform that streamlines triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows when conducting threat infrastructure analysis and gathering threat intelligence. Defender TI
Virus Total Virus Total is a free service founded in 2004 that analyses files and URLs for viruses, worms, trojans and other kind of malicious content.
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
Virus Total
Alien Vault- Open Threat Exchange The Alien Labs® Open Threat Exchange® (OTX™) is the world’s first and largest truly open threat intelligence community. OTX provides access to a global community of threat researchers and security professionals, with more than 100,000 participants in 140 countries, who contribute over 19 million threat indicators daily. OTX allows anyone in the security community to actively discuss, research, validate, and share the latest threat data, trends, and techniques, thereby helping one another strengthen cyber defenses and raise awareness of emerging threats on a global level. Alien Vault
Threat Miner ThreatMiner is a threat intelligence portal designed to enable analysts to research under a single interface. It is used in the SANS FOR578 Cyber Threat Intelligence course . API integration is available for many industry leading platforms including:

Malware Information Sharing Platform (MISP)
Splunk
Demisto
Rapid7 InsightConnect
IBM Resilient
ThreatMiner
IBM X-Force Exchange IBM® X-Force Exchange is a cloud-based, threat intelligence sharing platform that you can use to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human- and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats IBM X-FORCE Exchange
PulseDive Pulsedive is a bootstrapped cybersecurity company focused on high-fidelity, high-value threat intelligence solutions to help organizations proactively improve their security posture.
Pulsedive ingests millions of IPs, domains, and URLs collected from dozens of feeds and user submissions worldwide. With our user community actively submitting new IOCs every day, Pulsedive has data that no one else has
PulseDive

IP/WEB REPUTATION

Tool Description Official Link
Cisco Talos Intelligence Group Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world, comprised of world-class researchers, analysts and engineers.Talos maintains the official rule sets of Snort.org, ClamAV and SpamCop CISCO TALOS
Virus Total Virus Total is a free service founded in 2004 that analyses files and URLs for viruses, worms, trojans and other kind of malicious content.
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal. VirusTotal offers a number of file submission methods, including the primary public web interface, desktop uploaders, browser extensions and a programmatic API. The web interface has the highest scanning priority among the publicly available submission methods. Submissions may be scripted in any programming language using the HTTP-based public API.
Virus Total
AbiuseIPDB AbuseIPDB is a project managed by Marathon Studios Inc. AbuseIPDB is a project dedicated to helping systems administrators and webmasters check and report IP addresses that are involved in malicious activity such as spamming, hack attempts, DDoS attacks, etc. AbuseIPDB
Grey Noise GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic. This data is made available through the web-based Visualizer and GreyNoise APIs so users can contextualize existing alerts, filter false-positives, identify compromised devices, and track emerging threats. Grey Noise
IBM X-Force Exchange IBM® X-Force Exchange is a cloud-based, threat intelligence sharing platform that you can use to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers. IBM X-Force Exchange, supported by human- and machine-generated intelligence, leverages the scale of IBM X-Force to help users stay ahead of emerging threats IBM X-FORCE Exchange
Bright Cloud by Open Text BrightCloud was the first threat intelligence platform to harness the cloud and artificial intelligence to stop zero-day threats in real time. The platform is used to secure businesses and their products worldwide with threat intelligence and protection for endpoints and networks BrightCloud

WEB ANALYSIS

Tool Description Official Link
Urlscan urlscan.io is a free service to scan and analyse websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc) requested from those domains, as well as additional information about the page itself. urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables, cookies created by the page, and a myriad of other observations. If the site is targeting the users one of the more than 900 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results. URLSCANS
Browserling Browserling solves cross-browser testing problem including SSH tunnels for local testing, Responsive testing, Screenshots, Access to latest browsers,Headless API Browserling
Kasm Workspace Streaming containerized apps and desktops to end-users. The Workspaces platform provides enterprise-class orchestration, data loss prevention, and web streaming technology to enable the delivery of containerized workloads to your browser. KASM

SANDBOX

Tool Description Official Link
ANY.RUN Interactive online malware analysis service for dynamic and static research of most types of threats using any environments.
Replaces a set of tools for research. The service can be used for a convenient in-depth analysis of new (unidentified) malicious objects, as well as for the investigation of cyber incidentals.
ANY RUN
Browserling Browserling solves cross-browser testing problem including SSH tunnels for local testing, Responsive testing, Screenshots, Access to latest browsers,Headless API Browserling
Hybrid Analysis Hybrid Analysis . com is a free web based page that can be used for malware analysis service for the community, in-depth static and dynamic analysis Hybrid Analysis
CAPE SandBox CAPE is an open source automated malware analysis system. It can be used to automatically run and analyse files and collect comprehensive analysis results that outline what the malware does while running inside an isolated windows operating system. CAPE SANDBOX
Joe Sandbox Joe Security, founded in 2011 by Stefan Bühlmann is a Swiss-based, privately owned software development company. Joe Security is the developer of Joe Sandbox, industry’s deepest malware analysis system. Joe Sandbox is actively used by leading CERTs, CIRTS, SOCs, malware analysts and incident responders around the world to defend malware. Joe Security is one of the first movers in the field of dynamic malware analysis and has invented several
unique analysis technologies, including hybrid code analysis and hypervisor based inspection.
JOE SANDBOX

USEFUL LINKS

RESOURCES Official Link
The DFIR Report - Real Intrusions by Real Attackers, The Truth Behind the Intrusion DFIR Report
The Blue Team Notes | Dray Agha BT Notes
Blog by Andrea Fortuna Andrea Fortuna Blog
Weekly Roundup of Digital Forensics and Incident Response News News Blog
TCP/IP cheatsheet Cheatsheet
WTFBins WTFbins
Cyber Chef Cyber Chef
GTFOBins : List of Unix Binaries GTFO
Blackhills Infosec Blog Blog
Hugs4bugs Hugs4bugs