Cyber Threat Hunting

Useful Links for “Hunting” for Details on Network and Endpoint Anomalies!

Below are a series of hotlinks and short descriptions of what the website offers.

  • https://www.spamhaus.org/– is a very large database used to store information on botnets, phishing attacks, and other types of spam. They have a searchable form that can be filled out. (Webteam, T. S. (n.d.). The Spamhaus Project. Retrieved December 26, 2016, from https://www.spamhaus.org/)
  • http://www.malware-traffic-analysis.net/ – This blog provides many entries regarding malware and exploit traffic. As stated on the site directly “Almost every post on this site has pcap files and/or malware samples.” (Malware-Traffic-Analysis.net. (n.d.). Retrieved December 26, 2016, from http://www.malware-traffic-analysis.net/)
  • http://www.domaintools.com/products/domain-research/ – This page gives its own list of tools that they have developed. These tools are very useful for IP and Domain tracking and research. (DomainTools. (2016). Retrieved December 26, 2016, from http://www.domaintools.com)
  • https://www.threatminer.org/index.php – is a control center for finding information on malware, domains, hosts, or addresses that may be involved in an attack, and allows an analyst to find information extremely fast. (Data Mining for Threat Intelligence. (n.d.). Retrieved December 26, 2016, from https://www.threatminer.org/)
  • http://www.unphp.net/ – An online service that gives the user the ability to upload PHP code that may be malicious and analyze it. (UnPHP – The Online PHP Decoder. (n.d.). Retrieved December 26, 2016, from http://www.unphp.net/)
  • http://deobfuscatejavascript.com/ – A tool used to de-obfuscate JavaScript code. Note, the code must be just JavaScript, and cannot contain errors. (C:> deobfuscate javascript. (n.d.). Retrieved December 26, 2016, from http://deobfuscatejavascript.com/)
  • http://meyerweb.com/eric/tools/dencoder/ – Allows the encoding or decoding of URL’s to hide or reveal JavaScript URL’s into or from nonsense. (Meyer, E. A., & Meyer, K. S. (1995). Meyerweb.com. Retrieved December 26, 2016, from http://meyerweb.com/)
  • https://regex101.com/ – A program that helps you learn or understand regular expressions. As you type in the regular expression, a description of what your expression does is shown below. (Dib, F. (n.d.). Online regex tester and debugger: PHP, PCRE, Python, Golang and JavaScript. Retrieved December 26, 2016, from https://regex101.com/)
  • http://jsbeautifier.org/ – Gives the ability to Unpack, Obfuscate, or Butify JavaScript or HTML code, and can export to JSON or JSONP. (Lielmanis, E. (n.d.). Online JavaScript beautifier (L. Newman, Ed.). Retrieved December 26, 2016, from http://jsbeautifier.org/)
  • https://haveibeenpwned.com/ – HaveIBeenPwnd is an extremely useful site for checking if any of your accounts have been a part of recent leaks or attacks on larger companies. You simply type your username, or email, and you are given a list of attacks that your account has been a part of and what year the attack occurred. (Troy Hunt. (n.d.). Retrieved December 26, 2016, from https://www.troyhunt.com/)
  • https://techhelplist.com/spam-list – Spam List is a simple list, tracking any accounts of spam that can be categorized as very dangerous, and keeps users up to date on any recent spam emails sent. (TechHelpList. (2016). Retrieved December 26, 2016, from https://techhelplist.com/)
  • http://threatstop.com/checkip-allows the user to check IP addresses or Domain names against their extensive database. An account can be created to gain additional information. (Check an IP address or domain name. (n.d.). Retrieved December 26, 2016, from http://threatstop.com/checkip)
  • https://trustedsource.org/-is a tool that allows the user to check if the specified URL is categorized in Intel’s security database. (Customer URL Ticketing System. (n.d.). Retrieved December 26, 2016, from https://trustedsource.org/)
  • http://multirbl.valli.org/ Aggregated blacklist check tool (Retrieved June 20, 2018)

Useful tools!