Bookmarks - wr0ng.name

IntelTechniques.com | OSINT & Privacy Services by Michael Bazzell | Open Source Intelligence

Tue Feb 26 12:23:21 2019

Welcome to the new IntelTechniques Search Tool. Use the links to the left to access all of the custom search tools and resources. This repository contains hundreds of online search utilities. Click any category to expand the selection. The first option offers an automated search tool, while the remaining options offer additional resources if needed.

Docs - ANY.RUN

Mon Sep 24 15:39:02 2018

Interactive online malware analysis service for dynamic and static research of most types of threats using any environments. Replaces a set of tools for research.

💀 Sploitus | Exploit & Hacktool Search Engine

Mon Sep 17 11:30:31 2018

Sploitus is а convenient central place for identifying the newest exploits and finding attacks that exploit known vulnerabilities.

Cyber Threat Intelligence Technical Committee

Mon Sep 10 09:40:57 2018

The OASIS Cyber Threat Intelligence (CTI) TC supports automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis. STIX and TAXII.

Ransomware Overview

Tue Aug 21 16:39:26 2018

Ransomware Overview

MITRE ATT&CK

Mon Jun 25 13:35:42 2018

MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

Note: A MITRE Partnership Network (MPN) account is not required to view and use the ATT&CK site.

VirusShare.com

Wed Jul 5 10:19:06 2017

VirusShare.com is a repository of malware samples to provide security researchers, incident responders, forensic analysts, and the morbidly curious access to samples of live malicious code.

VirusTotal Intelligence - Your malware research telescope (login required)

Tue Jul 4 12:29:22 2017

VirusTotal Intelligence allows you to search through our dataset in order to identify files that match certain criteria (antivirus detections, binary content, metadata, submission file names, file format structural properties, file size, etc.). We could say that it is pretty much like the "Google" of malware.
In order to ease the use of the application we have classified the search queries and modifiers into the following categories, you can combine any number of them in the same query, moreover, you can use AND, OR and NOT operators to tweak your searches.

Free Automated Malware Analysis Service - powered by VxStream Sandbox

Wed Jun 21 10:02:03 2017

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
This free malware analysis service is running VxStream Sandbox v6.70 in the backend. Supporting PE, Office, PDF, APK files and more (e.g. EML). Maximum upload size is 100 MB.

Zero Day Initiative

Wed Jun 14 10:06:22 2017

The Zero Day Initiative (ZDI), founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. Depending on who you are, here are a few links to get you started:
Researchers: Learn how we pay for your vulnerability discoveries, register for the ZDI or login.
Vendors: Read our disclosure policy or join our security partner program
Press, Curiosity Seeker: Learn more about ZDI or read answers to some frequently asked questions
Please contact us at zdi [at] trendmicro [dot] com with any questions or queries. For sensitive e-mail communications, please use our PGP key.

InfoSec Resources - IT Security Training & Resources by InfoSec Institute

Tue May 23 17:05:50 2017

About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

AlienVault - Open Threat Exchange

Thu May 18 10:52:29 2017

Learn about the latest online threats.
Share and collaborate in developing threat intelligence.
Protect yourself and the community against today’s latest threats.

At the heart of Open Threat Exchange is the pulse, an investigation of an online threat. Pulses describe any type of online threat including malware, fraud campaigns, and even state sponsored hacking.

Pulses are comprised of indicators of compromise (or IoCs), which describe the infrastructure of that threat – including IPs, file hashes, e-mail addresses affiliated with the threat, etc.

Free Automated Malware Analysis Service - powered by VxStream Sandbox

Tue May 16 12:45:11 2017

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Malware Corpus Tracker - Malicious Download Sites - locky

Tue May 16 10:09:48 2017

Having this as hobby project I usually have time to focus on following only single malware threat at a time - now I have main focus on Locky download sites. If I read some interesting whitepaper, I will probably import some links/hashes to tracker database here and there, but in general I do not verirify or follow on those. This site is considered to be mainly research platform and directly using the data for blacklisting is not recommended. At least you should make sure to filter out with some reasonable whitelist. For example if some malware will be connecting to for example 'http://google.com/70.exe?1' (as Teslacrypt did to query connection) or to '//plus.google.com/u/0/115747778649102578052/about' or 'https://twitter.com/linketelin' (as PlugX samples d9af894d51ba61075c7cd329b0be52df, 02a175b81144b8fa22414e9cf281f71c did) then such links can be found in the listings of tracker although I am not saying the sites as such should be blocked.

PunkSPIDER

Tue May 16 10:07:26 2017

Welcome to PunkSPIDER: a global web application vulnerability search engine.
Deeper, faster, harder scans

ThreatMiner.org | Data Mining for Threat Intelligence

Tue May 16 09:59:30 2017

ThreatMiner is designed to be an analyst's first portal to visit when doing threat research and here's why.

Threat intelligence and intrusion analysts who regularly perform research into malware and network infrastructure often find the need to rely on mutliple websites that individually holds a small piece of the larger puzzle.

Furthermore, it is often the case where pivoting directly from an open source research report is unavailable and that it is sometimes difficult to remember if an indicator has alredy been reported and/or attributed. All these small but frustrating obstacles distract an analyst from what they do best: analyse.

IBM X-Force Exchange

Fri Apr 14 16:41:28 2017

IBM X-Force Exchange Threat Feed Manager

Introducing threat feed manager: you can now view external sources of threat intelligence within XFE.

Ransomware Tracker

Fri Feb 17 16:05:00 2017

Ransomware Tracker tracks and monitors the status of domain names, IP addresses and URLs that are associated with Ransomware, such as Botnet C&C servers, distribution sites and payment sites.
Ransomware Tracker provides a short guideline for both home users and enterprises on how to avoid becoming a victim of Ransomware.
Ransomware Tracker offers various blocklists. These blocklists allows enterprises to block malicious traffic towards known Ransomware infrastructure at the network edge, e.g. by blocking them on the corporate firewall, web proxy or in the local DNS server.