CTI Resources

One of the core function of cyber threat intelligence analyst focuses on providing actionable information on adversaries in an effort to remain one step ahead. In my previous post I shared my love for Feedly, which allows me to review large amounts of information around the web, also provided a link to my exported OPML file for you to jump start your research.

In this post, I’m going to share some of my favorite tools used. Please note that this isn’t an exhaustive list, and will change overtime - be sure to check back often!

Name Purpose
Nerdy Data SourceCode Search Engine
Yandex Search Engine
Censys Search Engine
ATT&CK Curated KB & Model on Behavior
Ransomware Overview Large XLS of various Ransomware
APT Groups & Ops Large XLS of different APT groups
SecurityHeaders Views HTTP Headers
ThreatMiner Threat Intel Portal
Threat Crowd Threat Intel Portal
Anomali Threat Intel Portal
IBM X-Force Threat Intel Portal
AlienVault Threat Intel Portal
Critial Stack Intelligence Feed and Integration Portal
InfraGard Government Intelligence and Sharing
ThreatConnect Threat Intel Portal
VirusBay Live Malware Samples
Hybrid Analysis Malware Sandbox
PAN Threat Vault Threat Intel Portal
Any.Run Malware Sandbox
OSINT Framework Infromation Exchange

For a complete list of links associated with DFIR and Intel you should visit AboutDFIR. Additionally I am part of the following slack communities that provide a wealth of information:

Finally I have compiled a list of great resources on github:

comments powered by Disqus