This document summarizes a security analyst toolset workshop. It lists various online tools and services for security analysis tasks like investigating file samples, hashes, domains, IPs, and extracting strings. Tools covered include URL scanners, passive DNS tools, Shodan, Virustotal, hybrid analysis, Any.Run, Cybereason Iris, Antivirus event analysis, and more. Twitter, pastebin, and other open sources are also mentioned for threat hunting and monitoring.
Maturity Model of Security Disciplines Florian Roth
A slide deck that was created for a private talk outlining the maturity model of security disciplines, recommendations on security monitoring, log source priority, low hanging fruits and some highlights
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Maturity Model of Security Disciplines Florian Roth
A slide deck that was created for a private talk outlining the maturity model of security disciplines, recommendations on security monitoring, log source priority, low hanging fruits and some highlights
How to Hunt for Lateral Movement on Your NetworkSqrrl
Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?
In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.
Different Methodology To Recon Your TargetsEslamAkl
"Different methodology to Recon your targets" is a technical session which presented at CAT Reloaded CyberSecurity circle.
Eslam Akl
Penetration tester
Most learning materials for web app pentesting focus on “old school” apps. Maybe they have a little jQuery sprinkled in, but most of the heavy-lifting happens server-side. With the dawn of frontend frameworks like AngularJS, Vue, and React and Single-Page Applications, the way web apps are developed is changing, and pentesters need to keep up. This talk runs through common security issues with and approaches to testing these new apps.
Find out how to threat hunt commonly found web shells in your infrastructure using the powerful Splunk querying language. Discover queries to hunt for various aspects of web shells and other malicious artifacts.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
This is a bug bounty hunter presentation given at Nullcon 2016 by Bugcrowd's Faraz Khan.
Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
DNS hijacking using cloud providers – No verification neededFrans Rosén
This is my talk from OWASP Appsec EU and also Security Fest 2017.
A few years ago, Frans and his team posted an article on Detectify Labs regarding domain hijacking using services like AWS, Heroku and GitHub. These issues still remains and are still affecting a lot of companies. Jonathan Claudius from Mozilla even calls “Subdomain takeover” “the new XSS”. Since then, many tools have popped up to spot these sorts of vulnerabilities. Frans will go through both the currently disclosed and the non-disclosed ways to take control over domains and will share the specific techniques involved.
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014Amazon Web Services
Log data contains some of the most valuable raw information you can gather and analyze about your infrastructure and applications. Amid the mess of confusing lines of seemingly random text can be hints about performance, security, flaws in code, user access patterns, and other operational data. Without the proper tools, finding insights in these logs can be like searching for a hay-colored needle in a haystack. In this session you learn what practices and patterns you can easily implement that can help you better understand your log files. You see how you can customize web logs to add more information to them, how to digest logs from around your infrastructure, and how to analyze your log files in near real time.
Different Methodology To Recon Your TargetsEslamAkl
"Different methodology to Recon your targets" is a technical session which presented at CAT Reloaded CyberSecurity circle.
Eslam Akl
Penetration tester
Most learning materials for web app pentesting focus on “old school” apps. Maybe they have a little jQuery sprinkled in, but most of the heavy-lifting happens server-side. With the dawn of frontend frameworks like AngularJS, Vue, and React and Single-Page Applications, the way web apps are developed is changing, and pentesters need to keep up. This talk runs through common security issues with and approaches to testing these new apps.
Find out how to threat hunt commonly found web shells in your infrastructure using the powerful Splunk querying language. Discover queries to hunt for various aspects of web shells and other malicious artifacts.
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
My slides for PHDays 2018 Threat Hunting Hands-On Lab - https://www.phdays.com/en/program/reports/build-your-own-threat-hunting-based-on-open-source-tools/
Virtual Machines for lab are available here - https://yadi.sk/d/qB1PNBj_3ViWHe
This is a bug bounty hunter presentation given at Nullcon 2016 by Bugcrowd's Faraz Khan.
Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
DNS hijacking using cloud providers – No verification neededFrans Rosén
This is my talk from OWASP Appsec EU and also Security Fest 2017.
A few years ago, Frans and his team posted an article on Detectify Labs regarding domain hijacking using services like AWS, Heroku and GitHub. These issues still remains and are still affecting a lot of companies. Jonathan Claudius from Mozilla even calls “Subdomain takeover” “the new XSS”. Since then, many tools have popped up to spot these sorts of vulnerabilities. Frans will go through both the currently disclosed and the non-disclosed ways to take control over domains and will share the specific techniques involved.
(WEB301) Operational Web Log Analysis | AWS re:Invent 2014Amazon Web Services
Log data contains some of the most valuable raw information you can gather and analyze about your infrastructure and applications. Amid the mess of confusing lines of seemingly random text can be hints about performance, security, flaws in code, user access patterns, and other operational data. Without the proper tools, finding insights in these logs can be like searching for a hay-colored needle in a haystack. In this session you learn what practices and patterns you can easily implement that can help you better understand your log files. You see how you can customize web logs to add more information to them, how to digest logs from around your infrastructure, and how to analyze your log files in near real time.
What You Need to Know About Web App Security Testing in 2018Ken DeSouza
See the associated webinar via https://www.softwaretestpro.com/what-you-need-to-know-about-web-app-security-testing-in-2018/ (there is a youtube link here)
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
In the agile, lean, devops communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
The Offensive Security Certified Professional (OSCP) is one of the most technical and most challenging certifications for information security professionals.
For More information please contact us : https://www.infosectrain.com/
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
2. This Workshop
- Sets of tools and services for analysis tasks
- Don’t expect a story line
- Slides contain: key features, links, examples, screenshots
6. Censys.io
§ IP address information
§ Website information
§ SSL Certificates (!)
https://censys.io/
Example
https://censys.io/certificates?q=%22pent
est%22
Real World
https://censys.io/ipv4?q=+443.https.tls.c
ertificate.parsed.names%3A%2Fo%5B10-
9%5D%7B4%2C4%7D%5C.(at%7Ccz%7Cro
%7Csk)%2F
7. ShodanHQ
§ Host Info
§ Open Ports
§ Banner
§ Services
§ Meta Data
Examples
https://www.shodan.io/explore/popular
8. String Extraction
Linux
(strings -a -td "$@" | sed 's/^(s*[0-9][0-9]*) (.*)$/1
A 2/' ; strings -a -td -el "$@" | sed 's/^(s*[0-9][0-9]*)
(.*)$/1 W 2/') | sort -n
macOS
(gstrings -a -td "$@" | gsed 's/^(s*[0-9][0-9]*)
(.*)$/1 A 2/' ; gstrings -a -td -el "$@" | gsed
's/^(s*[0-9][0-9]*) (.*)$/1 W 2/') | sort –n
https://gist.github.com/Neo23x0/cd4934a06a616ecf6c
f44e36f323e551
9. 010 Editor
§ Hex Editor
§ Great usability
§ Relevant Features
§ String Extraction
§ Binary Comparison
https://www.sweetscape.com/010e
ditor/
11. FireEye Stringsifter
§ String evaluation
§ ranks strings based on their relevance
for malware analysis
https://github.com/fireeye/stringsifter
Can be combined with 010 Editor
(script by my co-worker Tobias Michalski)
https://www.sweetscape.com/010editor/r
epository/scripts/file_info.php?file=RateStr
ings.1sc&type=1&sort=
Technical Blog Post
https://www.fireeye.com/blog/threat-
research/2019/05/learning-to-rank-strings-
output-for-speedier-malware-analysis.html
12. CyberChef
§ Swiss Army Knife for all encoding /
extraction / text based analysis
§ Many Functions
§ All types of encodings
(UTF16, Base64, hex, charcode …)
§ Compression (zlib, raw)
§ Extraction
(Regex, IOC parsing, embedded files)
§ Other cool stuff
(defang URLs, XOR Brute Force, CSV to JSON)
§ Recipes
§ Work like the “|” in the Linux command line
§ Can be saved as Bookmark or shared with ohers
https://gchq.github.io/CyberChef/
Recipes
https://github.com/mattnotmax/cyber-chef-
recipes
13. Top Base64 Encoding Learning Aid
§ Helps you learn the
most common Base64
patterns found in
malware
§ Features a mnemonic
aid and emoticon
(dual coding – learning
style)
https://gist.github.com/N
eo23x0/6af876ee72b5167
6c82a2db8d2cd3639
14. User Agent Analysis
§ Analyze User-Agent strings
(from Sandbox reports, proxy logs
etc.)
§ Get info on the string components
and their meanings
§ Evaluate how prevalent a certain
User-Agent is
(is it usable for detection?
E.g. BRONZE Butler UA
Mozilla/4.0 (compatible; MSIE 11.0; Windows
NT 6.1; SV1)
https://developers.whatismybrowser.c
om/useragents/parse/
15. Virustotal
50 Shades of Virustotal
§ Sample Uploads (the
obvious)
§ Sample Info (the obvious)
§ Info on Domains / Hosts
§ Info on IP Addresses
16. Virustotal – Domain Info
Domain / Host Info
- Passive DNS
Replication
- Related samples
- URLs
- Domain Siblings
Example
https://www.virustotal.com/#/domain/cdnveri
fy.net
17. Virustotal – Sample Analysis
Examples
https://www.virustotal.com/en/file/
59869db34853933b239f1e2219cf7
d431da006aa919635478511fabbfc
8849d2/analysis/
https://www.virustotal.com/en/file/e7
ba0e7123aaf3a3176b0224f0e374fac3
ecde370eedf3c18ea7d68812eba112/a
nalysis/
Fun - hash in many IOC lists:
https://otx.alienvault.com/indicator/fil
e/620f0b67a91f7f74151bc5be745b71
10
https://www.virustotal.com/en/file/f8
babc70915006740c600e1af5adaaa70
e6ba3d75b16dc4088c569a85b93d519
/analysis/
https://www.virustotal.com/#/file/5a8
8b8d682d63e3319d113a8a573580b88
81e4b7b41e913e8af8358ac4927fb1/c
ommunity
18. Virustotal – Browser Shortcuts
Use the browser’s
search engine
integration for quick
access
19. Virustotal – IP Info
IP Info
- Passive DNS Replication
- Related samples
- URLs
Example
https://www.virustotal.com/#/ip-
address/209.99.40.222
Warning:
§ IP address mapping changes
§ Multiple domains can be registered to a single
provider IP
22. Virustotal – Content Search
Search for content in sample
base
§ Strings
content:”string”
§ Byte Chains
content:{b1 1e 5f 11 35}
https://www.virustotal.com/
gui/
23. Virustotal – Graph
§ Graph based analysis
§ Pivoting to related
samples / domains
Example
https://www.virustotal.com/
graph/g1d606f8f877f92c844
7e2a775d8666a99cd8725d6
43fffc8419ac8196b7b3457/
drawer/node-
summary/node/nwinoxior.tk
/1552468646010
Demo
https://www.youtube.com/w
atch?v=17yRtGFq9xc
24. Malware.one
§ Free / Registration required
§ String / Bytes search on big (12 TB)
but unknown malware corpus
§ Search visible to all other users
§ Result download as TXT
§ Sample download on request
https://malware.one
25. Hybrid-Analysis
§ Public Sandbox
§ Commercial: CrowdStrike’s Falcon
Sandbox
§ Extra Features:
§ String Search
§ YARA Search
§ Imphash Search > Report Serach >
Advanced > More Options
https://www.hybrid-analysis.com/
Example
https://www.hybrid-
analysis.com/sample/c8f27a014db8fa34
fed08f6d7d50b728a8d49084dc20becdb2
3fff2851bae9cb?environmentId=100
26. Hybrid-Analysis – String Search
Examples:
§ certutil.exe
§ 706f7765727368656c6c
(hex encoded “powershell”)
CyberChef will help
https://gchq.github.io/CyberChef/#recip
e=Encode_text('UTF16LE%20(1200)'/disa
bled)To_Hex('None')&input=cG93ZXJzaG
VsbA
27. Any.Run
§ Public Sandbox
§ Special Feature: User Interaction
§ Pros:
§ Intuitive layout, uncluttered views
§ Sample and dropped files download
§ Sample previews (hex, raw)
https://app.any.run/
Example:
https://app.any.run/tasks/7c83e4ca
-7569-4c8b-8b2d-56bf24f30494
28. IRIS-H
- Static Analysis of Office Docs
and the like
- Fast results
- Denis is working on a dockerized
version
https://iris-h.services/
Example:
https://iris-
h.services/#/pages/report/5971707
a8190abea8399a3ff93460b4bea403
252
29. Antivirus Event Analysis Cheat Sheet
§ Helps Security Analysts to
process Antivirus Events in a
purposeful way
§ Because: It is wrong to handle
Antivirus events based on
their status: Deleted, Deletion
Failed, Detected
§ It is much better to evaluate
an Antivirus event based on:
§ Virus Type
§ Location
§ User
§ System
§ Form
§ Time
https://www.nextron-
systems.com/2019/10/04/antivir
us-event-analysis-cheat-sheet-v1-
7-2/
30. Intezer
§ Static Analysis Platform
§ Comparisons based on so called “Genes”
§ “Strings” are also very interesting
https://analyze.intezer.com
Example
https://analyze.intezer.com/#/analyses/af471fdf-
4b91-405b-aa68-c5221aa3f2d2
31. APT Groups and Operations Overview
§ Threat Groups
§ Campaigns
§ Malware Mapping
https://docs.google.com/spreadsheets/d/1H
9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePF
X68EKU/
32. APT Search Engine
§ Custom Google Search Engine
§ Includes
§ Blogs of companies with frequent threat
research publications
§ Sandboxes
§ APT Notes
§ IOC Sharing Websites
https://cse.google.com/cse?cx=0032484457
20253387346:turlh5vi4xc
Sources of the Search
https://gist.github.com/Neo23x0/c4f4062934
2769ad0a8f3980942e21d3
33. Twitter / Tweetdeck
§ Search Based Panels
§ #DFIR OR #ThreatHunting OR #SIEM
§ virustotal.com OR app.any.run OR hybrid-
analysis.com OR reverseit.com OR virusbay.io
§ New Threats / Interesting Detection
Methods
https://tweetdeck.twitter.com/
34. Pastebin
§ Keyword Alerting
§ Email Addresses
§ MD5, SHA1, LM, NTLM Hash of
company’s default passwords
§ Internal AD Domain Names
§ Names of internal projects /
systems that should never appear
in public locations
(you personal project “Sauron”)
https://pastebin.com/
35. Munin
§ Process a list of Hash IOCs
§ Get many infos
§ AV detection rate
§ Imphah, filenames, type
§ First / Last submission
§ User comments (--intense)
§ Output
§ Command line output – colorized
§ CSV Export
§ Cached infos (JSON)
§ Lookups
§ Virustotal
§ Hybrid-Analysis
§ Virusbay
§ Malshare
https://github.com/Neo23x0/munin
36. Unfurl
§ takes a URL and expands it into a
directed graph
https://dfir.blog/unfurl/
Blog
https://dfir.blog/introducing-unfurl/
37. InQuest Labs
§ Different online tools, e.g.
§ Base64 regular expressions generator
§ Mixed ex case generator
https://labs.inquest.net/
