README.md

EvidenceWiki

All of my threat intel recommendations for aspiring Information Security Analyst. This section contains information about evidence at analyst's disposal IP, domain, email, hash, files.

• 💻 Domain & IP
• 📁 Files, Hash & Sandbox
• 🐟 Phishing
• 👤 UserAgent
• ⛏️ Miner
• 🖹 Encoder/Decoder
• 🔎 Google Dorks
• 🌐 OSINT
• 📖 Dumps
• 🐛 Vulnerabilities
• 🔄 URL Sshorteners
• 🔑 List of Default Passwords
• 🧰 Forensic
• 📋 Cheatsheet
• ✍️ Effective writing
• 👩‍🎓 Education resources

Useful Extention

• Mitaka - Chrome - for searching IP, domain, URL, hash, etc. via the context menu.
• Mitaka - Firefox - for searching IP, domain, URL, hash, etc. via the context menu.

Threat Intel Resources

Threat intel resource used by analysts on a daily basis.

💻 Domain & IP (top 6 are the most used by me)

• AbuseIPDB
• Talos Intelligence
• VirtusTotal
• WhoIs
• Redirect tracker
• Cyren IP Reputation Check
• URL Query - employs a diverse range of threat detection systems to ensure comprehensive security analysis of URLs.
• CyberGordon - provides you threat and risk information about observables like IP address or web domain
• Abuse.ch - to identify and track malware and botnets
• URL2PNG - does a screenshot of the website
• URLScan
• Robtex - used for various kinds of research of IP numbers, Domain names, etc
• AlienVault
• RiskIQ
• ThreatCrowd
• IPVoid
• TI Search Engine
• Shodan - IoT search
• Gray Hat Warfare - public buckets
• GrayNoise
• DNSdumpster
• URLVoid
• Polyswarm
• Forecpoint CSI (URL/IP)
• Domain Dossier
• URLhaus
• Browse Botnet C&Cs
• Etherscan - Blockchain Explorer
• ReversDNS
• DNSRecord
• CentralOPS - domain check
• Have I been Squatted - Check if a domain has been typosquatted

📁 Files, Hash & Sandbox (DO NOT upload internal files!)

• VirtusTotal
• File Scan
• Malware Hash Registry (MHR) - checking hashes against malware data
• InQuest Labs
• ThreatMiner - sata mining for threat intelligence (hash/IP/URL)
• Metadefender Cloud - OPSWAT
• Any.Run - sandbox
• VirSCAN.org
• TotalHash
• CTX - korean website but really good
• Any run - one of the best sandboxes
• Intezer analyze - All malware analysis tools under one platform
• Cuckoo - sandbox
• Joe Sandbox
• Analyzing Malicious Documents Cheat sheet
• 30 Online Malware Analysis Sandboxes / Static Analyzers

🐟 Phishing

• EmailRep
• Verify-Email
• MX Toolbox - All of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
• PhishTank
• castrickclues
• Spy Dialer
• CheckPhish
• Reverse Email Lookup
• Have I Been Pwned
• Have I Been Sold
• email-finder - searching emails for a specific domain
• experte - searching emails for a specific domain
• Infoga - github - searching emails for a specific domain
• findemail - searching emails for a specific domain
• hunter - Domain search - searching emails for a specific domain
• minelead - searching emails for a specific domain
• intelbase - have I been pwned on steroids
• breachdirectory - CHECK IF YOUR EMAIL OR USERNAME WAS COMPROMISED
• scamsearch
• holehe - Efficiently finding registered accounts from emails.
• mailcat - The only cat who can find existing email addresses by nickname.
• Confense webinar "Remote Work Phishing Threats and How to Stop Them"

👤 UserAgent:

• UserAgentString
• ParseUserAegnt
• History of the browser user-agent string

⛏️ Miner/Blockchain

• Block Cypher - search the block chain
• Ether Chain - The Ethereum Block Chain Explorer

🖹 Encode/Decode

• CyberChef - encryption, encoding, compression and data analysis.
• Puny Coder - is a special encoding used to convert Unicode characters to ASCII, which is a smaller, restricted character set. Punycode is used to encode internationalized domain names (IDN).
• BASE64 - Decode from Base64 format or encode into it with various advanced options.
• Hexed - analyse and edit binary files everywhere
• Uncoder - Universal sigma rule converter for various siem, edr, and ntdr formats
• ShellCheck - finds bugs in your shell scripts.
• Explain shell code - write down a command-line to see the help text that matches each argument
• Dan's Tools - Base64
• Code Decode/Encoder
• Script converter - These tools include several formatters, validators, code minifiers, string escapers, encoders and decoders, message digesters, web resources and more
• Hash Analyzer
• Hashes examples
• Filecrypt - The simple, secure file-hosting application
• PSDecode - This is a PowerShell script for deobfuscating other encoded PowerShell scripts.

🔎 Google Dorks

• OSINTcurio.us
• ahrefs
• Cheatsheet

🌐 OSINT

• OSINT Framework
• Start.me The Ultimate OSINT collection
• OSINT ME
• Start.me OSINT
• Start.me OSINT Tools
• Start.me Open Source Intelligence (OSINT)
• OSINT collection github
• Explot Database
• DSNTwits - TypoSquatting
• IntelTechniques by Michael Bazzell

📖 Dumps

• PSbdmp
• Pastebin

🐛 Vulnerabilities

• CVE Trends
• Exploit DB
• AttackerKB
• Rapid7 DB
• NIST NVD
• MITRE CVE
• CVE details

Malware

• Dasmalwerk - malware samples
• Malware Traffic Analysis - traffic analysis exercises

🔄 URL Shorteners

• bit.ly - You can verify the destination of any Bitly link by adding a plus symbol ("+") at the end of the URL (e.g. bitly.is/meta+)
• s.id
• smarturl.it
• tiny.pl
• tinyurl.com
• x.co

🔑 List of Default Passwords

• Data Recovery

🧰 Forensic

• Start.me Forensics
• Start.me Digital Forensic

OTHER

📋 CheatSheets

• DIRF cheatsheet
• Zelter's Security Incident Survey Cheat Sheet

✍️ Effective Writing

• Better Threat Reports
• Language Tool
• Grammarly
• How to Ask Questions to Succeed with Security Projects