All of my threat intel recommendations for aspiring Information Security Analyst. This section contains information about evidence at analyst's disposal IP
, domain
, email
, hash
, files
.
- 💻 Domain & IP
- 📁 Files, Hash & Sandbox
- 🐟 Phishing
- 👤 UserAgent
- ⛏️ Miner
- 🖹 Encoder/Decoder
- 🔎 Google Dorks
- 🌐 OSINT
- 📖 Dumps
- 🐛 Vulnerabilities
- 🔄 URL Sshorteners
- 🔑 List of Default Passwords
- 🧰 Forensic
- 📋 Cheatsheet
- ✍️ Effective writing
- 👩🎓 Education resources
- Mitaka - Chrome - for searching IP, domain, URL, hash, etc. via the context menu.
- Mitaka - Firefox - for searching IP, domain, URL, hash, etc. via the context menu.
Threat intel resource used by analysts on a daily basis.
- AbuseIPDB
- Talos Intelligence
- VirtusTotal
- Redirect tracker
- Cyren IP Reputation Check
- URL Query - employs a diverse range of threat detection systems to ensure comprehensive security analysis of URLs.
- CyberGordon - provides you threat and risk information about observables like IP address or web domain
- Abuse.ch - to identify and track malware and botnets
- URL2PNG - does a screenshot of the website
- URLScan
- Robtex - used for various kinds of research of IP numbers, Domain names, etc
- AlienVault
- RiskIQ
- ThreatCrowd
- IPVoid
- TI Search Engine
- Shodan - IoT search
- Gray Hat Warfare - public buckets
- GrayNoise
- DNSdumpster
- URLVoid
- Polyswarm
- Forecpoint CSI (URL/IP)
- Domain Dossier
- URLhaus
- Browse Botnet C&Cs
- Etherscan - Blockchain Explorer
- ReversDNS
- DNSRecord
- CentralOPS - domain check
- Have I been Squatted - Check if a domain has been typosquatted
- VirtusTotal
- Malware Hash Registry (MHR) - checking hashes against malware data
- InQuest Labs
- ThreatMiner - sata mining for threat intelligence (hash/IP/URL)
- Metadefender Cloud - OPSWAT
- Any.Run - sandbox
- VirSCAN.org
- TotalHash
- Malwares
- Intezer analyze - All malware analysis tools under one platform
- Cuckoo - sandbox
- Joe Sandbox
- Analyzing Malicious Documents Cheat sheet
- 30 Online Malware Analysis Sandboxes / Static Analyzers
- EmailRep
- Verify-Email
- Phishtool
- Hunter.io
- PublicEmailRecords
- EmailBlackist
- PhishTank
- Spy Dialer
- CheckPhish
- Reverse Email Lookup
- Confense webinar "Remote Work Phishing Threats and How to Stop Them"
- Have I Been Pwned
- Have I Been Sold
- email-finder - searching emails for a specific domain
- experte - searching emails for a specific domain
- Infoga - github - searching emails for a specific domain
- Infoga Email OSINT - searching emails for a specific domain
- findemail - searching emails for a specific domain
- hunter - Domain search - searching emails for a specific domain
- minelead - searching emails for a specific domain
- Block Cypher - search the block chain
- Ether Chain - The Ethereum Block Chain Explorer
- CyberChef - encryption, encoding, compression and data analysis.
- Puny Coder - is a special encoding used to convert Unicode characters to ASCII, which is a smaller, restricted character set. Punycode is used to encode internationalized domain names (IDN).
- BASE64 - Decode from Base64 format or encode into it with various advanced options.
- Hexed - analyse and edit binary files everywhere
- Uncoder - Universal sigma rule converter for various siem, edr, and ntdr formats
- ShellCheck - finds bugs in your shell scripts.
- Explain shell code - write down a command-line to see the help text that matches each argument
- Dan's Tools - Base64
- Code Decode/Encoder
- Script converter - These tools include several formatters, validators, code minifiers, string escapers, encoders and decoders, message digesters, web resources and more
- Hash Analyzer
- Hashes examples
- Filecrypt - The simple, secure file-hosting application
- OSINT Framework
- Start.me The Ultimate OSINT collection
- OSINT ME
- Start.me OSINT
- Start.me OSINT Tools
- Start.me Open Source Intelligence (OSINT)
- OSINT collection github
- Explot Database
- DSNTwits - TypoSquatting
- IntelTechniques by Michael Bazzell
- Dasmalwerk - malware samples
- Malware Traffic Analysis - traffic analysis exercises
- bit.ly - You can verify the destination of any Bitly link by adding a plus symbol ("+") at the end of the URL (e.g. bitly.is/meta+)
- s.id
- smarturl.it
- tiny.pl
- tinyurl.com
- x.co