Intelligence Resources
| Revised Date | Comment |
|---|---|
| 27.10.2024 | Added page |
Introduction
As threat hunters, access to reliable threat intelligence resources is crucial in our defenses against malicious activities. The following table is my personal and curated list of valuable tools and platforms that security professionals can leverage for various purposes, including threat detection, analysis, and response.
These resources encompass a range of functionalities, from IP reputation checks and malware analysis to community-driven threat intelligence sharing. By utilizing these platforms, we can gain insights into emerging threats, understand attacker methodologies, and enhance their overall security posture. Each entry in the table includes a clickable link to the resource, a brief description of its purpose, and its primary use case in the realm of cybersecurity.
Many of these resources offers API’s, or HTTP GET query arguments. If you know programming, you can easily make helper scripts to query multiple resources at the same time, and concatenate the results. This will save you valuable time. This is a route I have used many times and still find valuable. Some resources can also be plugged into your SIEM or SOAR, as well.
Explore the table below to discover tools that can aid in your threat hunting and incident response efforts.
Intelligence resources
| Title | Description |
|---|---|
| AbuseIPDB | A database for reporting and checking IP addresses associated with abusive behavior, such as spamming or hacking attempts, providing insight for incident response. |
| Alien Vault OTX | A community-driven threat intelligence platform where users can share and access threat data, helping organizations stay informed about current threats. |
| Brightcloud | A tool for IP and URL reputation checks, providing insights into malicious activity associated with a given address. |
| Censys.io | A search engine that allows users to discover and analyze every device connected to the internet, focusing on security and visibility into the internet’s infrastructure. |
| CyberChef | A web-based application for analyzing and decoding data, allowing users to perform various transformations and analyze potential threats efficiently. |
| Greynoise Vizualise | A platform for visualizing and querying data about noisy IPs on the internet, useful for threat intelligence and research on malicious activity. |
| IBM X-Force Exchange | A threat intelligence sharing platform that provides insights into security vulnerabilities, malware, and cyber threats to improve organizational defense. |
| Insecam | A directory of open IP cameras from around the world, allowing users to access live feeds and view vulnerabilities in unsecured cameras. |
| IntelX | A threat intelligence search engine that aggregates data from various sources to provide insights into cyber threats, vulnerabilities, and malicious activity. |
| Maltiverse | A threat intelligence platform that provides search capabilities for malware, allowing users to investigate suspicious hashes and IPs. |
| MISP | An open-source threat intelligence platform designed to improve the sharing of structured threat information across organizations and communities, enhancing collaborative defense strategies. |
| MITRE ATT&CK | A globally recognized knowledge base of adversary tactics and techniques based on real-world observations, used for threat modeling and detection. |
| Onyphe | A search engine for monitoring the cyber threat landscape, providing information on leaked data, malicious IPs, and domains. |
| OpenCTI | An open-source threat intelligence platform that allows organizations to collect, analyze, and share threat intelligence, enabling better detection and response capabilities. |
| PassiveDNS Mnemonic | A tool for analyzing passive DNS data, helping researchers identify domain name resolutions over time and understand malicious infrastructure. |
| Pulsedive | A threat intelligence platform that aggregates various threat data feeds, allowing users to investigate domains, IPs, and hashes associated with malicious activity. |
| Shadow Server | A service that provides various threat intelligence feeds, including information on compromised hosts and malware infections, assisting in incident response. |
| Shodan.io | A search engine for discovering devices connected to the internet, providing insights into their security vulnerabilities and configurations. |
| Unit 42 Palo Alto Networks | A threat intelligence team providing research and insights on emerging threats, malware, and vulnerabilities affecting organizations. |
| URL Void | A website reputation checker that analyzes URLs to determine if they are flagged as suspicious or malicious based on various databases and services. |
| Vigilante | A breach database that provides information on leaked credentials and compromised accounts, useful for threat hunting and security assessments. |
| VirusTotal | A widely used service for analyzing files and URLs for viruses, malware, and other malicious content, aggregating data from multiple antivirus engines. |
| VirusTotal (IP Address) | Similar to its file analysis service, this URL allows users to check IP addresses for malware and malicious activity. |
| Wigle | A platform for searching and mapping open Wi-Fi networks globally, useful for researchers and security professionals analyzing wireless vulnerabilities. |
| Zoomeye | A search engine for internet-connected devices, offering insights into their configurations and vulnerabilities, assisting in threat research. |