SOC Tools and Useful Links

by
Sharing is caring
This entry is part 13 of 17 in the series Threat Detection Engineering
wp-content/uploads/2024/03/DE01.png
Threat Detection Engineering

Views: 19

1- IP & URL Reputation

1. Virus Total : https://www.virustotal.com/gui/home/upload
2. URL Scan : https://urlscan.io/
3. AbuseIPDB: https://www.abuseipdb.com/
4. Cisco Talos: https://www.talosintelligence.com/
5. IBM X-Force: https://lnkd.in/gt8iyHE5
6. URL Filtering(Palo Alto): https://lnkd.in/e4bkm5Eq
7. URL Filtering(Symantec): https://lnkd.in/g4qQGsHG
8. IP Void: https://www.ipvoid.com/
9. URL Void: https://www.urlvoid.com/

2- File | Hash | Search | Analysis | Sandboxing

1. File Extension >>https://filesec.io/#
2. LOLBAS >>https://lnkd.in/dDa8XgiM
3. GTFOBins >>https://lnkd.in/dRVzVz87
4. File Hash Check >> https://lnkd.in/gNqxtn4d
5. Hash Search >> https://lnkd.in/eMjdTB2t
6. Hash Search >> https://www.malwares.com/
7. MetaDefender >> https://lnkd.in/e6r4mGv5
8. Kaspersky Threat Intel. >> https://lnkd.in/eSNMn7au
9. Cuckoo Sabdbox >> https://cuckoosandbox.org/
10. AnyRun >> Online sandboxing >> https://any.run/
11. Hybrid-Analysis >> https://lnkd.in/gaRGY8kB
12. Joe Sandbox >> https://lnkd.in/gTJJ9GiC
13. VMRay Sandbox >> https://www.vmray.com/
14. Triage >> http://tria.ge/
15. Browser Sandbox >> https://lnkd.in/gjA-QqdX

3- Getting File hash

HashTools> Windows > https://lnkd.in/gTjru2RQ
Powershell :
Get-FileHash -Path C:\path\to\file.txt -Algorithm MD5
Get-FileHash -InputObject “This is a string” -Algorithm MD5
QuickHash > MacOS > https://lnkd.in/gZc8FYpU
Terminal: shasum -a 256 filename

4- Find Suspicious Artifacts | Reverse Engineer | Debug Files

1. PeStudio: https://lnkd.in/gjYKbyge
2. CFF Explorer: https://lnkd.in/ggTCTeAi
3. DocGuard files: https://www.docguard.io/
4. File Scan: https://lnkd.in/ejBt5R7C
5. Ghidra >> https://ghidra-sre.org/
6. IDA Pro >>https://lnkd.in/eWA9MnMY
7. Radare2/Cutter >>https://lnkd.in/gV4k5Gsw
https://lnkd.in/gdb3MQn2

5- Monitor System Resources | Detect malware

1. Process Hacker >> https://lnkd.in/gxV3PAnG
2. Process Monitor >> https://lnkd.in/gPqzyB7K
3. ProcDot >> https://www.procdot.com/
4. Autoruns >> https://lnkd.in/gkZqkZrd
5. TcpView >>https://lnkd.in/gQZM_SJz

6- Web proxy

Fiddler >> https://lnkd.in/gnJ9BvFN

7- Malware Samples

1- Malware Samples – Abuse.ch
2. MalwareBazaar ==> https://bazaar.abuse.ch/
3. FeodoTracker ==> https://lnkd.in/gyN_diCQ
4. SSLBlacklist ==> https://sslbl.abuse.ch/
5. URLHaus ==> https://urlhaus.abuse.ch/
6. ThreatFox ==> https://lnkd.in/gB2gDZUd
7. YARAIfy ==> https://yaraify.abuse.ch/

8- Malware Traffic | Pcap & Malware Samples

✅ Samples.: https://lnkd.in/gw5hcXDp

9- Free Malware Analysis Trainings

Malware Analysis BootCamp >> https://lnkd.in/gJCUyyvr
Malware Analysis In 5+ Hours >> https://lnkd.in/eTyuau69
Samples for Researchers : https://lnkd.in/e8xT9RHv

Series Navigation<< MITRE FrameworkSOC Home LAB: Elastic SIEM Installation >>