Infosec Tools

Here’s a collection of tools that I’ve collected over the years. This page is a work in progress.

Random

• IP Subnet calc - the Perl script is also downloadable…I use it a fair amount.
• Windows Linux Subsystem - Because bash!
• Grammarly - Love the Chrome/Mozilla plugins
• Todoist - great task mgmt app for iPhone/Win10/Mac/Web
• Duo - I use this for two factor auth both for push and to replace Google Authenticator code generation.
  • This is one I need to watch now that Cisco has announced it will acquire it. Usually doesn’t end well for ‘free’ resources
• ioc-parser - excellent for stripping out IOC’s from various feeds.
  • Good info on how to use
• Attack Maps
  • RedShift VOIP Attack Map

Firewall Egress Testing

Malware Analysis

• VirusTotal - Great for checking to see if others have already seen a file hash
  • I should write up my process for generating file hashes from email attachments
• https://www.hybrid-analysis.com/
• https://www.joesandbox.com/
  • Offers both Basic (Free) and Pro tier. Provides some comprehensive analysis and IoC’s.
• urlscan.io - “A sandbox for the web.” You give it a URL, it gives youa break down.
• URLVoid - Scan a website with multiple website reputation engines and domain blacklisting services.

Malicous Document Analysis

• Analyzing Malicious Documents Cheat Sheet - Lenny Zeltser’s blog post on the tools he uses to analyze maldocs.
• Analyzing PDF and Office Documents Delivered Via Malspam - SecurityIntelligence post on maldoc analysis tips

Recon/Investigations

• Robtex
• Url Expansion
  • http://checkshorturl.com/expand.php
  • https://csi.websense.com/
• Shodan
  • Search Example: net:”165.166.101.64/26”) see https://danielmiessler.com/study/shodan/
• DNS Tool - DNS Audit Report
• ThreatMiner - “Designed to be the analyst’s first portal to visit when doing threat research.”
  • I need to investigate this one more but looks powerful.
• Recon-ng Framework - Recon-ng contains plugins to pull a great deal of OSINT on a target
  • Reconnaissance with Recon-Ng, Part 1 (Getting Started) - great stepping off resource
• Google Dorking
  • Google Hacking Database
  • SAN Cheatsheet

Nmap notes/tips

• NMAP tips for avoiding firewalls 10/01/2018

SSL Testing

• https://www.sslchecker.com/ - validate SSL
• https://www.ssllabs.com/ssltest - a more in-depth test of SSL settings (TLS,etc.)

OSINT Resources

• So you wanna OSINT? Resources and Reading for those interested in OSINT
• PasteBin
• Shodan
• http://osintframework.com
• Alienvault OTX
• Cmon.io
• Threatcrowd
• Virustotal
• Team-cymru.org
• Hybrid-analysis.com
• Metadefender.com/#!/hash-lookup
• Virusshare.com (have to login to search)
• Threatexpert.com
• Search for hash on
• github
• Search hash on google
• Threat Miner
• https://www.eyeonthre.at/site/

Phone/VoIP Resources

• https://www.freecarrierlookup.com/

Incident Management

Playbooks

• coming soon

  Threat Intel Reporting

• Defang all the things - How to use python to ‘defang’ threat IOC’s
• Templates (coming soon)

As the list grows, I will start sorting it out better.