Zararlı yazılım analizi, tehdit istihbaratı, güvenlik olayları analizi, kaynağı bilinmeyen ağ trafiği analizi ve ioc bilgileri vb. kontrolü için sıklıkla online ücretli, ücretsiz farklı platformları güvenlik olayları analizi ile uğraşırken kullanıyoruz. Bu platformlar kimi zaman bir tehditi anlamlandırmaya, kimi zaman bir domainin kime ait olduğunu sorgulamaya, kimi zaman lokasyon farketmeksizin başlayan bir spear phishing kampanyasından haberdar olmaya kadar SOME personeline bu olayları daha iyi anlaması ve analiz etmesi konusunda imkan sağlıyor. Bende zaman zaman analiz yaparken bu araçlardan işimi kolaylaştıracağı ölçüde faydalanıyorum. OSINT tanım olarak değerlendirecek olursak; herkesin erişimine açık kaynaklar üzerinden yapılan araştırmalar neticesinde hedef hakkında bilgiler elde edilmesine Açık kaynak istihbaratı(OSINT) deniyor. Bu yazıyı yazmamdaki amacım sıklıkla kullandığım araçlar ile ilgili bu listeyi oluşturup blogumu ziyaret edenlerinde yapmış oldukları analizde daha önce kullanmamış oldukları bir araç varsa bundan faydalanıyor olabilmeleri. Ki umarım faydası olur. OSINT ile ilgili aşağıdaki görsel bize linkteki domain aslında OSINT yaparken nelerden faydalanabileceğimiz ile ilgili bize fırsatlar sağlıyor. Sizde daha detaylı bilgi için ziyaret edip baloncuklar üzerine tıklayarak faydalanabilirsiniz.
Automated Analysis/Sandboxes:
- https://app.any.run
- https://analyze.intezer.com/
- https://www.hybrid-analysis.com/
- https://www.virustotal.com/gui/home/upload
- https://app.sndbox.com/
- https://cuckoo.cert.ee/
- https://cape.contextis.com/
- https://sandbox.anlyz.io/dashboard
- https://valkyrie.comodo.com
- http://cloud.iobit.com
- https://detux.org/index.php
- https://quicksand.io/
- https://totalhash.cymru.com/upload/
- https://x.threatbook.cn/about
- https://nodistribute.com/
- https://vicheck.com/submitfile.php
Threat Intelligence/Research:
- https://mxtoolbox.com/
- https://dnsdumpster.com/
- https://censys.io/
- https://findsubdomains.com/
- https://publicwww.com/
- https://apt.threattracking.com/
- https://pan-unit42.github.io/playbook_viewer
- https://www.binaryedge.io/
- https://www.shodan.io/
- https://exchange.xforce.ibmcloud.com/
- https://www.threatminer.org/
- https://otx.alienvault.com/
- https://community.riskiq.com/home
- https://talosintelligence.com/
- https://pulsedive.com/
- https://ui.threatstream.com/login?redirect=%2Fdashboard
- https://threatpoint.checkpoint.com/ThreatPortal/emulation
- https://analyze.intezer.com/#/
- https://exchange.xforce.ibmcloud.com/
- https://threatintelligenceplatform.com/
- https://dnsdumpster.com/
Reputation Lookups Tools(IP/Hash/Url/Mac/Ssl/Dns/Seo):
- https://totalhash.cymru.com/
- https://www.scumware.org/search.php
- http://sitereview.bluecoat.com
- https://zulu.zscaler.com/
- https://urlscan.io/
- http://app.webinspector.com/
- https://www.threatcrowd.org/
- https://www.brightcloud.com/tools/url-ip-lookup.php
- http://www.ipvoid.com/
- https://crt.sh/
- https://dnslytics.com/
- https://metadefender.opswat.com/
- https://exonerator.torproject.org/
- https://developers.whatismybrowser.com
- https://macvendors.com
- https://www.abuseipdb.com/
- https://centralops.net/co/DomainDossier.aspx
- http://whois.domaintools.com/
- https://tools.wmflabs.org/whois/gateway.py?
- https://urlfiltering.paloaltonetworks.com
- https://csi.forcepoint.com/
- https://fortiguard.com/webfilter
- http://urlquery.net/
- https://sitecheck.sucuri.net
- https://community.riskiq.com/search/
- https://metadefender.opswat.com/#!/scan-file
- https://cymon.io/
- https://www.malwareurl.com/listing-urls.php
- https://zulu.zscaler.com/
- https://talosintelligence.com/reputation_center/email_rep
- https://www.threatcrowd.org/
- https://www.threatminer.org/
- https://www.abuseipdb.com/
- https://spyse.com/search/certificate
- http://bs.org.tr/phishing-domain-list
- https://www.echotrail.io/insights/search/
- https://www.robtex.com/dns-lookup/
- http://moonsearch.com/
- https://www.malwares.com/search/tag?tag=ransomware
Miscellanous Tools:
- https://gchq.github.io/CyberChef/
- https://onlinedisassembler.com/odaweb/
- https://start.me/p/rxRbpo/ti
- https://malshare.com/
- https://iplogger.org/
- https://shrib.com/
- https://www.itextpad.com/
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx
- https://maltiverse.com/search
- http://moonsearch.com/
- https://labs.inquest.net/
- http://www.urlvir.com/
Online Test Tools:
- https://www.browserling.com/
- https://visualping.io/
- https://ping.eu/
- https://www.uptrends.com/tools/uptime
- https://urlscan.io/
- https://centralops.net/co/
- https://trumail.io/
- https://builtwith.com/
Security Blogs/News:
- https://malware-traffic-analysis.net/
- https://broadanalysis.net/
- https://blog.malwarebytes.com/
- https://myonlinesecurity.co.uk/
- https://cofense.com/blog/
- https://threatpost.com/blog/
- https://krebsonsecurity.com/
- https://blog.trendmicro.com/trendlabs-security-intelligence/
- https://unit42.paloaltonetworks.com/
- https://blog.paloaltonetworks.com/
- https://www.zscaler.com/blogs/research
- https://securelist.com/
- https://www.wired.com/category/threatlevel/
- https://www.proofpoint.com/us/blog
- https://www.sentinelone.com/blog/
- https://www.zdnet.com/
- https://thehackernews.com/
- https://www.bleepingcomputer.com/
- https://www.flashpoint-intel.com/blog/
- https://research.checkpoint.com/
- https://blogs.cisco.com/security
- https://www.cyberbit.com/blog/
- https://www.fireeye.com/blog.html
- https://nakedsecurity.sophos.com/
- https://isc.sans.edu
Malware/Threat Analysis Tools:
- https://www.packettotal.com/
- https://www.networktotal.com/analysis.phtml
- https://avcaesar.malware.lu/
- https://x.threatbook.cn/about
- https://www.randhome.io/blog/2018/02/23/harpoon-an-osint-/-threat-intelligence-tool/
Brand Protection:
- https://services.normshield.com/phishing-domain-search
- https://www.normshield.com/rapid-cyber-risk-scorecard/
- http://bs.org.tr/phishing-domain-list
- https://www.immuniweb.com/radar/?id=eQrS38Ky
- https://builtwith.com/
DeepWeb:
- https://darknetlive.com/
- https://github.com/CHEF-KOCH/ProjectX
- https://www.tor2web.org/
- https://fproxy.net/
- https://xmrchain.net/
Threat Feed
- https://urlhaus.abuse.ch/
- https://ransomwaretracker.abuse.ch/
- https://threatfeeds.io/
- https://phishstats.info/
- https://infosec.cert-pa.it/analyze/listdomains.txt
Ddos & Attack Monitoring:
- https://ddosmon.net/
- https://www.digitalattackmap.com/
- https://horizon.netscout.com/
- https://threatmap.checkpoint.com/
- https://cybermap.kaspersky.com/
- https://threatmap.fortiguard.com/
- https://www.fireeye.com/cyber-map/threat-map.html
- https://threatmap.bitdefender.com/
- https://map.lookingglasscyber.com/
- http://www.parsecuremap.com/#2/42.3/-17.7
- https://securitycenter.sonicwall.com/m/page/worldwide-attacks
Passive Dns Data:
- https://securitytrails.com/dns-trails#/
- https://passivedns.mnemonic.no/search
- http://ptrarchive.com/
- https://www.d4-project.org/
- http://research.domaintools.com/research/hosting-history/
- https://completedns.com/dns-history/
- https://whoisrequest.com/
- https://www.deteque.com/news/passive-dns/
- https://crt.sh/
- https://www.sslshopper.com/ssl-checker.html
- https://www.digicert.com/help/
- https://www.mrdomain.com/products/ssl/tools/ssl-checker/
- https://www.websecurity.digicert.com/support/ssl-checker
Malicious Samples:
- https://malshare.com/index.php
- https://malquarium.org/
- https://virusshare.com/
Yara Rules:
- https://github.com/kevthehermit/YaraRules
Twitter Intelligence:
- http://tweettioc.com/search
Malware Tracker:
Sigma Rules:
- http://malwares.com
- http://vxvault.net/ViriList.php
Sigma Rules:
- https://github.com/Neo23x0/sigma/tree/master/rules
- https://socprime.com/en/blog/sigma-rules-guide-for-arcsight/
- https://github.com/Neo23x0/sigma
- https://www.nextron-systems.com/2018/02/10/write-sigma-rules/
- https://uncoder.io/
Lookup Tools:
- https://www.ultratools.com/tools/spamDBLookup
- https://mxtoolbox.com/blacklists.aspx
- https://w3dt.net/tools/dnsbl
- https://www.abuseipdb.com/
- https://apility.io/
- https://megritools.com/blacklist-lookup
Referanslar:
Hiç yorum yok :
Yorum Gönder