- Threat Detection: Detecting a Webserver Attack
- Threat Intelligence for SOC
- Detection Engineering vs Threat Hunting
- Yara 101
- Threat Intelligence Tools – Abuse.ch
- Threat Intelligence Tools – URLScan.io
- Custom detection rule with the MITRE ATT&CK framework in Splunk
- Investigate SQLi attacks using Splunk
- Splunk: Search Processing Language (SPL) Basics
- Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot
- MITRE Framework
- SOC Tools and Useful Links
- ELASTIC SIEM: Kibana Query Language (KQL)
- SOC Home LAB: Elastic SIEM Installation
- MISP (Malware Information Sharing Platform)
Views: 50
Urlscan.io is a free service developed to assist in scanning and analysing websites. It is used to automate the process of browsing and crawling through websites to record activities and interactions.
When a URL is submitted, the information recorded includes the domains and IP addresses contacted, resources requested from the domains, a snapshot of the web page, technologies utilised and other metadata about the website.
Recent Scans View
LIVE Scans View
Scan Results
URL scan results provide ample information, with the following key areas being essential to look at:
- Summary: Provides general information about the URL, ranging from the identified IP address, domain registration details, page history and a screenshot of the site.
- HTTP: Provides information on the HTTP connections made by the scanner to the site, with details about the data fetched and the file types received.
- Redirects: Shows information on any identified HTTP and client-side redirects on the site.
- Links: Shows all the identified links outgoing from the site’s homepage.
- Behaviour: Provides details of the variables and cookies found on the site. These may be useful in identifying the frameworks used in developing the site.
- Indicators: Lists all IPs, domains and hashes associated with the site. These indicators do not imply malicious activity related to the site.
Scanning a URL
Scan Results
