EvidenceWiki
EvidenceWiki copied to clipboard
All of my threat intel recommendations for aspiring Information Security Analyst. This section contains information about evidence at analyst's disposal IP, domain, email, hash, files.
EvidenceWiki
All of my threat intel recommendations for aspiring Information Security Analyst. This section contains information about evidence at analyst's disposal IP
, domain
, email
, hash
, files
.
- 💻 Domain & IP
- 📁 Files, Hash & Sandbox
- 🐟 Phishing
- 👤 UserAgent
- ⛏️ Miner
- 🖹 Encoder/Decoder
- 🔎 Google Dorks
- 🌐 OSINT
- 📖 Dumps
- 🐛 Vulnerabilities
- 🔄 URL Sshorteners
- 🔑 List of Default Passwords
- 🧰 Forensic
- 📋 Cheatsheet
- ✍️ Effective writing
- 👩🎓 Education resources
Useful Extention
- Mitaka - Chrome - for searching IP, domain, URL, hash, etc. via the context menu.
- Mitaka - Firefox - for searching IP, domain, URL, hash, etc. via the context menu.
Threat Intel Resources
Threat intel resource used by analysts on a daily basis.
💻 Domain & IP (top 6 are the most used by me)
- AbuseIPDB
- Talos Intelligence
- VirtusTotal
- URL Query - employs a diverse range of threat detection systems to ensure comprehensive security analysis of URLs.
- CyberGordon - provides you threat and risk information about observables like IP address or web domain
- Abuse.ch - to identify and track malware and botnets
- URL2PNG - does a screenshot of the website
- URLScan
- Robtex - used for various kinds of research of IP numbers, Domain names, etc
- AlienVault
- RiskIQ
- ThreatCrowd
- IPVoid
- TI Search Engine
- Shodan - IoT search
- Gray Hat Warfare - public buckets
- GrayNoise
- DNSdumpster
- URLVoid
- Polyswarm
- Forecpoint CSI (URL/IP)
- Domain Dossier
- URLhaus
- Browse Botnet C&Cs
- Etherscan - Blockchain Explorer
- ReversDNS
- DNSRecord
- CentralOPS - domain check
- Have I been Squatted - Check if a domain has been typosquatted
📁 Files, Hash & Sandbox (DO NOT upload internal files!)
- VirtusTotal
- InQuest Labs
- ThreatMiner - sata mining for threat intelligence (hash/IP/URL)
- Metadefender Cloud - OPSWAT
- Any.Run - sandbox
- VirSCAN.org
- TotalHash
- Malwares
- Intezer analyze - All malware analysis tools under one platform
- Cuckoo - sandbox
- Joe Sandbox
- Analyzing Malicious Documents Cheat sheet
- 30 Online Malware Analysis Sandboxes / Static Analyzers
🐟 Phishing
- EmailRep
- Verify-Email
- Phishtool
- Hunter.io
- PublicEmailRecords
- EmailBlackist
- PhishTank
- Spy Dialer
- CheckPhish
- Reverse Email Lookup
- Confense webinar "Remote Work Phishing Threats and How to Stop Them"
- Have I Been Pwned
- Have I Been Sold
👤 UserAgent:
⛏️ Miner/Blockchain
- Block Cypher - search the block chain
- Ether Chain - The Ethereum Block Chain Explorer
🖹 Encode/Decode
- CyberChef - encryption, encoding, compression and data analysis.
- Puny Coder - is a special encoding used to convert Unicode characters to ASCII, which is a smaller, restricted character set. Punycode is used to encode internationalized domain names (IDN).
- BASE64 - Decode from Base64 format or encode into it with various advanced options.
- Hexed - analyse and edit binary files everywhere
- Uncoder - Universal sigma rule converter for various siem, edr, and ntdr formats
- ShellCheck - finds bugs in your shell scripts.
- Explain shell code - write down a command-line to see the help text that matches each argument
- Dan's Tools - Base64
- Code Decode/Encoder
- Script converter - These tools include several formatters, validators, code minifiers, string escapers, encoders and decoders, message digesters, web resources and more
- Hash Analyzer
- Hashes examples
- Filecrypt - The simple, secure file-hosting application
🔎 Google Dorks
🌐 OSINT
- OSINT Framework
- Start.me The Ultimate OSINT collection
- OSINT ME
- Start.me OSINT
- Start.me OSINT Tools
- Start.me Open Source Intelligence (OSINT)
- OSINT collection github
- Explot Database
- DSNTwits - TypoSquatting
- IntelTechniques by Michael Bazzell
📖 Dumps
🐛 Vulnerabilities
Malware
- Dasmalwerk - malware samples
- Malware Traffic Analysis - traffic analysis exercises
🔄 URL Shorteners
- bit.ly - You can verify the destination of any Bitly link by adding a plus symbol ("+") at the end of the URL (e.g. bitly.is/meta+)
- s.id
- smarturl.it
- tiny.pl
- tinyurl.com
- x.co