Security Operations/Security Analyst Tools


Below is a collated list of useful online tools for anybody working in Information Security particularly in Security Operations or within a SOC (Security Operations Centre) as a Security Analyst.

Tools


A list of Security Tools to Investigate URL’s, IP’s, Emails and Files can be found here.

📓 CyberChef – A GCHQ built resource which can be downloaded locally that is the swiss army knife of Security.

📓 CyberChef Recipes – A useful cheatsheet of CyberChef Recipes.

📓 Regex101 – Easily build and learn Regex queries which can be powerful in scripts and queries.

📓 Privnote – Send notes to anybody which will self destruct after being read. This is particular useful for sending passwords if no other process has been setup.

📓 Unicoder.io – Easily and quickly translate SIEM alerting rules between technologies.

📓 OSINT Framework – A easy to digest and traverse visualisation of the OSINT Framework. This is particular useful for Defenders to block or mitigate potential threats in a network.

📓 Ransom Wiki – Check if your company or partner has been claim to have suffered a ransomware attack.

📓 HaveIbeenpwned – Easy tool to check as well as monitor if your email or phone has been breached. Note notifications can be setup for your personal email address/addresses as well as company corporate domains.

📓 DNSTwist & DNSTwister – Enumerate a list of potential domains similar to the one entered which can be used to either setup detection rules or to actively block or even buy.

📓 Dehashed – Query a database of assets compromised in attacks.

📓 Hunter.io – This tool lets you find email addresses for domains which have been published online. This is particularly helpful to add additional protection mechanisms and identify areas of heightened risk.

📓 Jai Minton – An invaluable resource for anything Blue team or Red team.

📓 Port Finder – Enter in any port number to quickly and easily find what it is most commonly used for.

📓 CVE Details – Retrieve details about any CVE published.

📓 Rex Swain’s HTTP Viewer – View the HTTP of any site without actually needing to go to it.

📓 Any.run – An interactive and very useful Sandbox. This sandbox is most effective for URL analysis and can be used for free, although there is a paid version which comes with a few very useful features.

📓 Scan Maldoc – Scan a PDF file for malware. Note only use this if approved by the business.

📓 Cobalt Strike Cheatsheet – A cheatsheet of the Cobalt Strike C2 framework.

📓 MITRE ATT&CK – The MITRE Att&ck framework which documents tactics and techniques of observed attacks.

📓 Attack Coverage – An Excel approach for mapping and managing the MITRE ATT&CK yactics and techniques.

📓 Default Password – A list of default passwords from a number of vendors/manufacturers.

📓 CIRT – Another list of default passwords from a number of vendors/manufacturers.

📓 SecLists, Pwdb & Nerdlist – Lists of weak passwords.

📓 APT CyberCriminals – A GitHub repository full of APT attacks which can be used to learn from.