Infosec Tools

Here’s a collection of tools that I’ve collected over the years. This page is a work in progress.

Random

  • IP Subnet calc - the Perl script is also downloadable…I use it a fair amount.
  • Windows Linux Subsystem - Because bash!
  • Grammarly - Love the Chrome/Mozilla plugins
  • Todoist - great task mgmt app for iPhone/Win10/Mac/Web
  • Duo - I use this for two factor auth both for push and to replace Google Authenticator code generation.
    • This is one I need to watch now that Cisco has announced it will acquire it. Usually doesn’t end well for ‘free’ resources
  • ioc-parser - excellent for stripping out IOC’s from various feeds.
  • Attack Maps

Firewall Egress Testing

Malware Analysis

  • VirusTotal - Great for checking to see if others have already seen a file hash
    • I should write up my process for generating file hashes from email attachments
  • https://www.hybrid-analysis.com/
  • https://www.joesandbox.com/
    • Offers both Basic (Free) and Pro tier. Provides some comprehensive analysis and IoC’s.
  • urlscan.io - “A sandbox for the web.” You give it a URL, it gives youa break down.

Recon/Investigations

  • Robtex
  • Url Expansion
    • http://checkshorturl.com/expand.php
    • https://csi.websense.com/
  • Shodan
    • Search Example: net:”165.166.101.64/26”) see https://danielmiessler.com/study/shodan/
  • DNS Tool - DNS Audit Report
  • ThreatMiner - “Designed to be the analyst’s first portal to visit when doing threat research.”
    • I need to investigate this one more but looks powerful.

Nmap notes/tips

SSL Testing

  • https://www.sslchecker.com/ - validate SSL
  • https://www.ssllabs.com/ssltest - a more in-depth test of SSL settings (TLS,etc.)

OSINT Resources

  • So you wanna OSINT? Resources and Reading for those interested in OSINT
  • PasteBin
  • Shodan
  • http://osintframework.com
  • Alienvault OTX
  • Cmon.io
  • Threatcrowd
  • Virustotal
  • Team-cymru.org
  • Hybrid-analysis.com
  • Metadefender.com/#!/hash-lookup
  • Virusshare.com (have to login to search)
  • Threatexpert.com
  • Search for hash on
  • github
  • Search hash on google
  • Threat Miner
  • https://www.eyeonthre.at/site/

Phone/VoIP Resources

  • https://www.freecarrierlookup.com/

Incident Management

Playbooks

  • coming soon

    Threat Intel Reporting

  • Defang all the things - How to use python to ‘defang’ threat IOC’s
  • Templates (coming soon)

As the list grows, I will start sorting it out better.