SOC Tools and Useful Links

by
This entry is part 9 of 28 in the series Threat Detection Engineering

Views: 114

1- IP & URL Reputation

1. Virus Total : https://www.virustotal.com/gui/home/upload
2. URL Scan : https://urlscan.io/
3. AbuseIPDB: https://www.abuseipdb.com/
4. Cisco Talos: https://www.talosintelligence.com/
5. IBM X-Force: https://lnkd.in/gt8iyHE5
6. URL Filtering(Palo Alto): https://lnkd.in/e4bkm5Eq
7. URL Filtering(Symantec): https://lnkd.in/g4qQGsHG
8. IP Void: https://www.ipvoid.com/
9. URL Void: https://www.urlvoid.com/

2- File | Hash | Search | Analysis | Sandboxing

1. File Extension >>https://filesec.io/#
2. LOLBAS >>https://lnkd.in/dDa8XgiM
3. GTFOBins >>https://lnkd.in/dRVzVz87
4. File Hash Check >> https://lnkd.in/gNqxtn4d
5. Hash Search >> https://lnkd.in/eMjdTB2t
6. Hash Search >> https://www.malwares.com/
7. MetaDefender >> https://lnkd.in/e6r4mGv5
8. Kaspersky Threat Intel. >> https://lnkd.in/eSNMn7au
9. Cuckoo Sabdbox >> https://cuckoosandbox.org/
10. AnyRun >> Online sandboxing >> https://any.run/
11. Hybrid-Analysis >> https://lnkd.in/gaRGY8kB
12. Joe Sandbox >> https://lnkd.in/gTJJ9GiC
13. VMRay Sandbox >> https://www.vmray.com/
14. Triage >> http://tria.ge/
15. Browser Sandbox >> https://lnkd.in/gjA-QqdX

3- Getting File hash

HashTools> Windows > https://lnkd.in/gTjru2RQ
Powershell :
Get-FileHash -Path C:\path\to\file.txt -Algorithm MD5
Get-FileHash -InputObject “This is a string” -Algorithm MD5
QuickHash > MacOS > https://lnkd.in/gZc8FYpU
Terminal: shasum -a 256 filename

4- Find Suspicious Artifacts | Reverse Engineer | Debug Files

1. PeStudio: https://lnkd.in/gjYKbyge
2. CFF Explorer: https://lnkd.in/ggTCTeAi
3. DocGuard files: https://www.docguard.io/
4. File Scan: https://lnkd.in/ejBt5R7C
5. Ghidra >> https://ghidra-sre.org/
6. IDA Pro >>https://lnkd.in/eWA9MnMY
7. Radare2/Cutter >>https://lnkd.in/gV4k5Gsw
https://lnkd.in/gdb3MQn2

5- Monitor System Resources | Detect malware

1. Process Hacker >> https://lnkd.in/gxV3PAnG
2. Process Monitor >> https://lnkd.in/gPqzyB7K
3. ProcDot >> https://www.procdot.com/
4. Autoruns >> https://lnkd.in/gkZqkZrd
5. TcpView >>https://lnkd.in/gQZM_SJz

6- Web proxy

Fiddler >> https://lnkd.in/gnJ9BvFN

7- Malware Samples

1- Malware Samples – Abuse.ch
2. MalwareBazaar ==> https://bazaar.abuse.ch/
3. FeodoTracker ==> https://lnkd.in/gyN_diCQ
4. SSLBlacklist ==> https://sslbl.abuse.ch/
5. URLHaus ==> https://urlhaus.abuse.ch/
6. ThreatFox ==> https://lnkd.in/gB2gDZUd
7. YARAIfy ==> https://yaraify.abuse.ch/

8- Malware Traffic | Pcap & Malware Samples

✅ Samples.: https://lnkd.in/gw5hcXDp

9- Free Malware Analysis Trainings

Malware Analysis BootCamp >> https://lnkd.in/gJCUyyvr
Malware Analysis In 5+ Hours >> https://lnkd.in/eTyuau69
Samples for Researchers : https://lnkd.in/e8xT9RHv

Series Navigation<< MITRE FrameworkELASTIC SIEM: Kibana Query Language (KQL)  >>

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by