There are so many lists of “tools” of “free resources” for “cyber” etc. Well I don’t want to make a list of stuff for social media, this isn’t the TOP x tools, this is simply some resources that I use on a regular basis that should give people a fairly good idea of where to start looking. Cyber sleuthing is a mixture of:
- HUMINT
- OSINT
- CSINT
- RUMINT
- SIGINT
- SOCMINT
And all the INTS!
This post is NOT a guide to intelligence gathering, it’s not a 101 for Threat Intelligence, it’s not the complete ULTIMATE TOP X resources, it’s just some tools etc. that I use in my work and research.
Why do we need “Threat Intelligence”?
I think this should be fairly obvious, it’s a bit like why do we need marketing and sales in business? We need to understand our environment and marketplace etc. In the Security world that’s through intelligence activities, when we consider the environment we have:
- People
- Threats
- Assets
- Risks
- Vulnerabilities
- Capabilities
By understanding we can make informed decisions. If we don’t understand things we might make bad or misinformed decisions. A good example of this is here:
Threat Intelligence Cycle
Threat intelligence is an iterative process with the following being MACRO areas of activity:
- Planning & Requirements
- Collection
- Analysis & Production of Intelligence Products
- Dissemination
Threat Intelligence Theory
The UK Police and Government publish some good resources in this space, you can use your sleuthing skills to find more but this is a good starting point:
https://www.college.police.uk/app/intelligence-management/analysis/delivering-effective-analysis
Number 1 hacking tool in the world
There are others as well… like:
- Bing
- Yahoo
- Yandex (Russian)
- Baidu (Chinese)
Second Best Hacker Tool
You need tunes right!
SOCMINT Sites
- Twitter (check out tweetdeck as well)
- LinkedIn (my favorite /S )
- Instragram
- SnapChat
- TikTok
- Youtube
- VK (Russia)
- WeChat (China)
- Mastodon
oh and this one especially:
- TELEGRAM
but also don’t forget other IM tools like:
- SIGNAL
- TOX (be careful this is not safe in it’s default config)
- Facebook Messenger
The Cyber Swiss Army Knife
https://gchq.github.io/CyberChef/
Protection
- Use virtual machines.
- Consider using differencing disks and encryption.
- Use VPNs
- Use TOR
- Use Proxies (if you control them)
Stay legal, it’s not hard to find really nasty stuff, don’t tread where you aren’t comfortable etc.
Reverse Image Search
Threat Intel & Sharing Platforms
Ok so you might want to develop something in house, I mean a sharepoint library will work but you might also need more, you will however likely want to look at intelligence sharing. If we think about this just from a collection pov, you might want to consume the intel from a range of places such as:
CISCO Talos IP reputation center
you will also probably want to join discords/slacks and other intelligence sharing groups! You can do some leg work to find those 😉 you also need to speak to people, don’t undervalue HUMINT and relationships! people make the world go round!
Now there is a “cool” platform called MISP… however it comes with a range of challenges…
(I don’t use MISP daily, I have done before, it’s a complex platform IMHO)
There’s also data exchange formats like: STIX and TAXI (I don’t use these, largely because my comms method for intel is via reports and blogs or DMs, however these are useful to know!)
https://oasis-open.github.io/cti-documentation/
Translator
https://translate.google.co.uk/
Maps
Internet Infrastructure Investigations
https://securitytrails.com/dns-trails
https://projectdiscovery.io/#/
https://www.team-cymru.com/ip-asn-mapping
Facial Recognition
Internet Search Engines
https://www.zoomeye.org/discover
Internet Honeypot Networks
Malware Samples and Online Sandboxes
https://www.vx-underground.org/ (remember to tweet them asking for the password 😉)
Ransomware Leak Sites
https[:]//ransomwatch[.]telemetry[.]ltd/
“Hacker” & Crime Forums
https[:]//xss[.]is/
https[:]//breached[.]vc/
There’s a good list here:
Threat Actors Dox site
Paste Sites
(Do not put anything sensitive in these they are run by threat intelligence organisations etc.)
Web Archive and Paywall Bypass
Communities
https://www.bleepingcomputer.com/forums
Tools
I can’t list every tool in the world, nor would it be helpful, I use the following tools quite a lot
- Maltego
- SpiderFoot
- Microsoft Visio (also draw.io is super cool!)
- Microsoft Excel
- Microsoft PowerPoint
- Microsoft Word
- Notepad
- OneNote
- SharePoint
- CANVA (Thanks to my friend Migo for showing me this, it’s a great tool for creating content!)
- Web Broswers 🙂
- notepad
- notepad++
- Snipping Tool
- Screenshot tools (like PRNTSCRN or go look for tools like FLAME etc.)
And loads loads more!
Also you might notice I haven’t mentioned MITRE ATT&CK etc. that’s on purpose… they are great tools/resources but people are treating them like they are all things to all people and nothing in science/cyber/digital works like that. I think they are great tools, but I also think outcomes, understanding and creativity are really important.
Summary
Hopefully if you are interested in this space this has given you a boost to get you thinking about Cyber Threat Intelligence, as I said it’s not EVERYTHING, the process of intelligence collection and analysis involves exploring, when you see the PRODUCTS of this, that’s largely because people have done significant research/work. If you are working in IT or in a dedicated CYBER SECURITY role then you will almost certainly be familiar with some of the tools, processes and activities in this space. Oh and remember, most of this stuff is a game of EXCEL not a bloody tactik00l black op for the CIA… it’s normal people doing normal (ok normal…ish) things and creating reports with information, analysis etc.
It does however make for super fun work times, and the people in this space are great! (the goodies, not the baddies obviously!)