EvidenceWiki

All of my threat intel recommendations for aspiring Information Security Analyst. This section contains information about evidence at analyst's disposal IP, domain, email, hash, files.

• 💻 Domain & IP
• 📁 Files, Hash & Sandbox
• 🐟 Phishing
• 👤 UserAgent
• ⛏️ Miner
• 🖹 Encoder/Decoder
• 🔎 Google Dorks
• 🌐 OSINT
• 📖 Dumps
• 🐛 Vulnerabilities
• 🔄 URL Sshorteners
• 🔑 List of Default Passwords
• 🧰 Forensic
• 📋 Cheatsheet
• ✍️ Effective writing
• 👩‍🎓 Education resources

Useful Extention

• Mitaka - Chrome - for searching IP, domain, URL, hash, etc. via the context menu.
• Mitaka - Firefox - for searching IP, domain, URL, hash, etc. via the context menu.

Threat Intel Resources

Threat intel resource used by analysts on a daily basis.

💻 Domain & IP (top 6 are the most used by me)

• AbuseIPDB
• Talos Intelligence
• VirtusTotal
• URL2PNG - does a screenshot of the website
• URLScan
• AlienVault
• RiskIQ
• ThreatCrowd
• IPVoid
• TI Search Engine
• Shodan - IoT search
• Gray Hat Warfare - public buckets
• GrayNoise
• DNSdumpster
• URLVoid
• Polyswarm
• Forecpoint CSI (URL/IP)
• Domain Dossier
• URLhaus
• Browse Botnet C&Cs
• Etherscan - Blockchain Explorer
• ReversDNS
• DNSRecord

📁 Files, Hash & Sandbox (DO NOT upload internal files!)

• VirtusTotal
• ThreatMiner - sata mining for threat intelligence (hash/IP/URL)
• Metadefender Cloud - OPSWAT
• Any.Run - sandbox
• VirSCAN.org
• TotalHash
• Malwares
• Intezer analyze - All malware analysis tools under one platform
• Cuckoo - sandbox
• Joe Sandbox
• Analyzing Malicious Documents Cheat sheet
• 30 Online Malware Analysis Sandboxes / Static Analyzers

🐟 Phishing

• EmailRep
• Verify-Email
• Hunter.io
• PublicEmailRecords
• EmailBlackist
• PhishTank
• Spy Dialer
• CheckPhish
• Reverse Email Lookup
• Confense webinar "Remote Work Phishing Threats and How to Stop Them"
• Have I Been Pwned
• Have I Been Sold

👤 UserAgent:

• UserAgentString
• ParseUserAegnt
• History of the browser user-agent string

⛏️ Miner/Blockchain

• Block Cypher - search the block chain
• Ether Chain - The Ethereum Block Chain Explorer

🖹 Encode/Decode

• CyberChef - encryption, encoding, compression and data analysis
• BASE64 - Decode from Base64 format or encode into it with various advanced options.
• Hexed - analyse and edit binary files everywhere
• Uncoder - Universal sigma rule converter for various siem, edr, and ntdr formats
• ShellCheck - finds bugs in your shell scripts.
• Explain shell code - write down a command-line to see the help text that matches each argument
• Dan's Tools - Base64
• Code Decode/Encoder
• Script converter - These tools include several formatters, validators, code minifiers, string escapers, encoders and decoders, message digesters, web resources and more
• Hash Analyzer
• Hashes examples
• Filecrypt - The simple, secure file-hosting application

🔎 Google Dorks

• OSINTcurio.us
• ahrefs
• Cheatsheet

🌐 OSINT

• OSINT Framework
• Start.me The Ultimate OSINT collection
• OSINT ME
• Start.me OSINT
• Start.me OSINT Tools
• Start.me Open Source Intelligence (OSINT)
• OSINT collection github
• Explot Database
• DSNTwits - TypoSquatting
• IntelTechniques by Michael Bazzell

📖 Dumps

• PSbdmp
• Pastebin

🐛 Vulnerabilities

• CVE Trends
• Exploit DB
• AttackerKB
• Rapid7 DB
• NIST NVD
• MITRE CVE
• CVE details

Malware

• Dasmalwerk - malware samples
• Malware Traffic Analysis - traffic analysis exercises

🔄 URL Shorteners

• bit.ly - You can verify the destination of any Bitly link by adding a plus symbol ("+") at the end of the URL (e.g. bitly.is/meta+)
• s.id
• smarturl.it
• tiny.pl
• tinyurl.com
• x.co

🔑 List of Default Passwords

• Data Recovery

🧰 Forensic

• Start.me Forensics
• Start.me Digital Forensic

OTHER

📋 CheatSheets

• DIRF cheatsheet
• Zelter's Security Incident Survey Cheat Sheet

✍️ Effective Writing

• Better Threat Reports
• Language Tool
• Grammarly
• How to Ask Questions to Succeed with Security Projects