A curated list of Opensource Intelligence resources for cybersecurity.
A concise definition of Threat Intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.
The following site can be used to gather intelligence of all types.
| OSINT Framework | Comprehensive list of OSINT sites sorted by multiple categories and sub-categories. This site is recommended for discovering new OSINT sources based off the type of information your are searching for. |
The follwing sites can be used for file analysis. Intelligence can include file reputation, known malware (used for analysis) and common processes that malware can utilize.
| Intezer Analyze | This site is used for opensource file scanning. Best used to dive deep into raw data file analysis to easily discover OSINT that can be used to block malicious IOCs. |
| VirusTotal | Opensource file and domain scanning tool. Used to easily analyze files and domains based on reputation from security vendors and the community. |
| Hybrid Analysis | Opensource file scanning tool. Hybrid Analysis offers in-depth analysis, execution screenshots and raw data analysis. |
| Triage | Tria.ge offers minimal file analysis based off the MITRE ATT&CK framework in combination with static and behavioral characteristics. |
| MalwareBazaar | Site used for downloading Malware samples. |
The follwing sites can be used for analyzing malicious URLs and domains. Intelligence can include phishing sites, DNS dumps, MX Records and common domain intelligence.
| Web Archive | This site is used for opensource file scanning. Best used to dive deep into raw data file analysis to easily discover OSINT that can be used to block malicious IOCs. |
The following sites can be used to gather intelligence on IP addresses. Intelligence can include reports, location, owner and IP grabbing.
| AbuseIPDB | Site used most commonly for checking if an IP address has been reported for abuse in the past. This site also lists the reason(s) an IP address has been reported. |
The following sites offer invaluable training in Information Security - both Red Team and Blue Team.
| HackTheBox | HackTheBox offers hands on training for Red Team and Blue Team TTPs. Progressively work your way through modules offering in-depth training on various topics, to sharpen your skills. |