Below is a collated list of useful online tools for anybody working in Information Security particularly in Security Operations or within a SOC (Security Operations Centre) as a Security Analyst.
Tools
A list of Security Tools to Investigate URL’s, IP’s, Emails and Files can be found here.
📓 CyberChef – A GCHQ built resource which can be downloaded locally that is the swiss army knife of Security.
📓 CyberChef Recipes – A useful cheatsheet of CyberChef Recipes.
📓 Regex101 – Easily build and learn Regex queries which can be powerful in scripts and queries.
📓 Privnote – Send notes to anybody which will self destruct after being read. This is particular useful for sending passwords if no other process has been setup.
📓 Unicoder.io – Easily and quickly translate SIEM alerting rules between technologies.
📓 OSINT Framework – A easy to digest and traverse visualisation of the OSINT Framework. This is particular useful for Defenders to block or mitigate potential threats in a network.
📓 Ransom Wiki – Check if your company or partner has been claim to have suffered a ransomware attack.
📓 HaveIbeenpwned – Easy tool to check as well as monitor if your email or phone has been breached. Note notifications can be setup for your personal email address/addresses as well as company corporate domains.
📓 DNSTwist & DNSTwister – Enumerate a list of potential domains similar to the one entered which can be used to either setup detection rules or to actively block or even buy.
📓 Dehashed – Query a database of assets compromised in attacks.
📓 Hunter.io – This tool lets you find email addresses for domains which have been published online. This is particularly helpful to add additional protection mechanisms and identify areas of heightened risk.
📓 Jai Minton – An invaluable resource for anything Blue team or Red team.
📓 Port Finder – Enter in any port number to quickly and easily find what it is most commonly used for.
📓 CVE Details – Retrieve details about any CVE published.
📓 Rex Swain’s HTTP Viewer – View the HTTP of any site without actually needing to go to it.
📓 Any.run – An interactive and very useful Sandbox. This sandbox is most effective for URL analysis and can be used for free, although there is a paid version which comes with a few very useful features.
📓 Scan Maldoc – Scan a PDF file for malware. Note only use this if approved by the business.
📓 Cobalt Strike Cheatsheet – A cheatsheet of the Cobalt Strike C2 framework.
📓 MITRE ATT&CK – The MITRE Att&ck framework which documents tactics and techniques of observed attacks.
📓 Attack Coverage – An Excel approach for mapping and managing the MITRE ATT&CK yactics and techniques.
📓 Default Password – A list of default passwords from a number of vendors/manufacturers.
📓 CIRT – Another list of default passwords from a number of vendors/manufacturers.
📓 SecLists, Pwdb & Nerdlist – Lists of weak passwords.
📓 APT CyberCriminals – A GitHub repository full of APT attacks which can be used to learn from.