IP & URL Reputation
📌 VirusTotal: https://www.virustotal.com/gui/home/upload – Analyzes files and URLs to detect malware and other threats using multiple antivirus engines.
🔹 URLScan.io: https://urlscan.io – Scans and analyzes websites to identify potentially malicious content and detailed site activity.
🔹 AbuseIPDB: https://abuseipdb.com – Allows reporting and checking IP addresses associated with malicious activity to combat abuse.
🔹 Cisco Talos: https://talosintelligence.com/reputation_center/ – Provides threat intelligence and research to help detect and respond to security threats.
🔹 IBM X-Force: https://exchange.xforce.ibmcloud.com/ – Offers threat intelligence, incident response, and research services to protect against global threats.
🔹 Palo Alto Networks URL Filtering: https://urlfiltering.paloaltonetworks.com/ – Controls web access and blocks malicious websites to protect users.
🔹 Symantec URL Filtering: https://sitereview.symantec.com/ – Blocks access to websites based on reputation and categorization to prevent web-based threats.
🔹 IPVoid: https://ipvoid.com – Provides information about IP addresses, including geolocation and abuse reports.
🔹 URLVoid: https://urlvoid.com – Analyzes websites for potential malicious activity using multiple blacklists and reputation services.
File | Hash | Search | Analysis | Sandboxing
🔹 File Extension: https://filesec.io/# – Identifies file types based on their extensions.
🔹 LOLBAS: https://lolbas-project.github.io/ – Documents legitimate Windows binaries that can be abused by attackers.
🔹 GTFOBins: https://gtfobins.github.io/ – Similar to LOLBAS, but for Unix-based systems.
🔹 File Hash Check: https://www.virustotal.com/gui/home/upload – Verifies file integrity by comparing hash values.
🔹 Hash Search: https://www.hybrid-analysis.com/ – Searches for information about file hashes to identify malware.
🔹 MetaDefender: https://metadefender.opswat.com/ – Uses multiple scanning engines to detect and block various types of malware.
🔹 Kaspersky Threat Intelligence: https://opentip.kaspersky.com/ – Provides information on emerging threats.
🔹 Cuckoo Sandbox: https://cuckoosandbox.org – An open-source automated malware analysis system.
🔹 AnyRun: https://any.run – An online malware analysis sandbox service.
🔹 Hybrid-Analysis: https://www.hybrid-analysis.com/ – Provides detailed reports on suspicious files.
🔹 Joe Sandbox: https://www.joesandbox.com/ – A commercial malware analysis sandbox solution.
🔹 VMRay Sandbox: https://vmray.com – Another commercial malware analysis sandbox.
🔹 Triage: http://tria.ge – An online malware analysis service.
🔹 Browser Sandbox: https://www.browserling.com/ – Runs websites in a controlled, isolated environment.
File Hash
🔹 HashTools (Windows): https://www.binaryfortress.com/HashTools/ – Generates and verifies file hashes on Windows.
🔹 QuickHash (macOS): https://quickhash-gui.org/ – Generates file hashes on macOS.
🔹 PowerShell:powershellGet-FileHash -Path C:\path\to\file.txt -Algorithm MD5
Get-FileHash -InputObject "This is a string" -Algorithm MD5
🔹 Terminal (macOS):
textshasum -a 256 filename
Find Suspicious Artifacts | Reverse Engineer | Debug Files
🔹 PeStudio: https://www.winitor.com/ – Analyzes Windows executable files to detect potential malware.
🔹 CFF Explorer: https://ntcore.com/?page_id=388 – Inspects and modifies the structure of Windows executable files.
🔹 DocGuard: https://docguard.io – Analyzes document files for potential malicious content.
🔹 File Scan: https://www.filescan.io/scan – Scans files for malware.
🔹 Ghidra: https://ghidra-sre.org – An open-source reverse engineering tool.
🔹 IDA Pro: https://hex-rays.com/ida-pro/ – A commercial reverse engineering tool.
🔹 Radare2/Cutter: https://rada.re/n/radare2.html and https://cutter.re/ – Open-source tools for reverse engineering and analyzing software.
Monitor System Resources | Detect Malware
🔹 Process Hacker: https://processhacker.sourceforge.io/ – Monitors and manages running processes on Windows.
🔹 Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon – Monitors and analyzes system activity on Windows.
🔹 ProcDot: https://procdot.com – Visualizes and analyzes process activity on Windows.
🔹 Autoruns: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns – Identifies and manages startup programs and services on Windows.
🔹 TcpView: https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview – Monitors network connections on Windows.
Web Proxy
🔹 Fiddler: https://www.telerik.com/fiddler – A web debugging proxy tool for monitoring and analyzing web traffic.
Malware Samples
🔹 MalwareBazaar: https://bazaar.abuse.ch – Provides access to malware samples for analysis.
🔹 FeodoTracker: https://feodotracker.abuse.ch/ – Tracks and provides information on Feodo botnet activity.
🔹 SSLBlacklist: https://sslbl.abuse.ch – Lists SSL certificates used by malware.
🔹 URLHaus: https://urlhaus.abuse.ch – Collects and shares URLs used for malware distribution.
🔹 ThreatFox: https://threatfox.abuse.ch – Provides indicators of compromise (IOCs) for threat intelligence.
🔹 YARAify: https://yaraify.abuse.ch – Offers YARA rules for malware detection.
These resources are invaluable for threat intelligence, malware analysis, and maintaining a strong security posture.
Copyright © 2024 WNTRPBK - All Rights Reserved.
Powered by GoDaddy
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.