Skip to content

Latest commit

 

History

History
99 lines (74 loc) · 7.4 KB

README.md

File metadata and controls

99 lines (74 loc) · 7.4 KB

Online tools for Blue Team

This page will include online tools for information gatherings and analysis from a blue team perspective.

Exchange Platform

  1. Secuirty StackExchange - Plateform to exchange on security issues

Malware analysis:

All the following online tools are public. All sample submitted might be accessible by anyone. Please make sure to consider this before submitting samples*.*

  1. VirusTotal - Compare sample analysis from multiple AV vendors. Note that the analysis are base on signature detection for most AV vendors. Also perform sample download from URL.
  2. Malwr.com - Cuckoo sandbox
  3. Hybrid-analysis - CrowdStrike sandbox. Also perform sample download from URL.
  4. Any Run - Interactive online sandbox. Also perform sample download from URL.
  5. PDF Examiner - Automate malware PDF analysis
  6. Quicksand.io - Office document malware analysis
  7. Valkyrie comodo - File verdict system
  8. IntezerAnalyze Community Edition - Malware analysis and classification by code DNA mapping
  9. Detux Linux Sandbox - Multiplatform Linux Sandbox for malware on x86, x86-64, ARM, MIPS and MIPSEL cpu architecture
  10. Joe Sandbox Cloud Community Edition - Sandbox for Windows, Android, Mac OS, and iOS for suspicious activities.Also perform sample download from URL.
  11. Pikker - Cuckoo sandbox. Also perform sample download from URL.
  12. MalwareConfig - Extract config information from RAT
  13. YaraRules Analyzer - Cloud base analysis of file base on Yara rules
  14. IRIS-H - automated static analysis of Object Linking and Embedding Compound Files
  15. CERT.ee - Cuckoo sandbox. Also perform sample download from URL.

URL/IP/Domain analysis:

  1. VirusTotal - Compare URL categorization from multiple URL filtering solutions vendors.
  2. URLquery - Detecting and analyzing web-based malware. It provides detailed information about the activities a browser does while visiting a site and presents the information for further analysis.
  3. DomainBigData - Big database of domains and whois records.
  4. MultiRBL - IP check for sending Mailservers
  5. Robtex - Gather public information about IP numbers, domain names, host names, Autonomous systems, routes, etc.
  6. SSL Blacklist - List of "bad" SSL certificates identified by abuse.ch to be associated with malware or botnet activities.
  7. URLscan.io - Analyses websites and the resources they request. It will let you take a look at the individual resources that are requested when a site is loaded.
  8. DNStrails - World's Largest Repository of historical DNS data.
  9. URLVoid - Analyzes a website through multiple blacklist engines and online reputation tools.
  10. IPVoid - IP address tools to discover details about IP addresses.
  11. Google Safe Browsing - Check site status in Google Safe browsing database.
  12. Shodan.io - The world's first search engine for Internet-connected devices.
  13. ThreatCrowd - Domain, IP, Email or Organization search engine for threats.
  14. ThreatMiner - Free analysts from data collection and provide intelligence analysts
  15. Centralops.net - Investigate domains and IP addresses. Get registrant information, DNS records, and more—all in one report.
  16. RegistryDB - Database to find domain information from domain name, IP address, owner name or email address.
  17. DNSDumpster - Domain research tool that can discover hosts related to a domain.
  18. Hackertarget.com - Domain research tool that find all Forward DNS (A) records for a domain and all subdomains associated with that domain.
  19. DNSlytics - Find out everything about a domain name, IP address or provider.
  20. [1] - McAfee domain reputation

Threat Intelligence:

  1. Cymon.io - largest open tracker of malware, phishing, botnets, spam, and more.
  2. C1fApp - Open Source Cyber intelligence threat feeds.
  3. RiskIQ Community Edition - Free access to comprehensive internet data to hunt digital threats against their organization, defend their digital footprint, and reduce their attack surface across web, mobile, and social channels.
  4. Open Threat Exchange - World’s First Truly Open Threat Intelligence Community.
  5. CriticalStack Intel Feed - Free threat intelligence, parsed for the Bro network security monitoring platform.
  6. IBM X-Force Exchange - Threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers

Phishing:

  1. MXToolBox - Headers parser
  2. Google G Suite Toolbox- Headers parser
  3. HTML Viewer - Real-time HTML Editor
  4. UnPHP - Free service for analyzing obfuscated and malicious PHP code
  5. Code Beautify - HTML viewer

Vulnerabilities:

  1. VulDB - Vulnerability database worldwide with more than 111000 entries available
  2. Exploit Database - Archive of Exploits, Shellcode, and Security Papers

Reconnaissance:

  1. Paste Site Search - Search 90+ paste sites. Filter by source & keyword.

Data/Conversion:

  1. CyberChef - A web app for encryption, encoding, compression and data analysis

In-Browser Cryptomining detection:

  1. URLscan.io - Analyses websites and the resources they request. It will let you take a look at the individual resources that are requested when a site is loaded.
  2. NotMining - Detecting and listing websites performing in-browser cryptomining.

**Malware directly from following:

  1. Malc0de
  2. Malware Domain List
  3. Malware URLs
  4. VX Vault
  5. URLquery
  6. CleanMX
  7. ZeusTracker
  8. Viper