Blue Team

This intends to be a curated list of all of the blue team related resources that I have gathered over the years and condensed into a single page that works for me and my daily work. As I come across new resources and useful information I will update this list accordingly.

Blue Team Resources: 

IP & URL Analysis: 

Virus Total - https://www.virustotal.com
Alien Vault OTX - https://otx.alienvault.com/browse/
GreyNoise - https://viz.greynoise.io
Shodan - https://www.shodan.io/
Censys - https://censys.io/ipv4

Malware Analysis & Sandboxing: 

Any Run - https://app.any.run/
Threat Fox - https://threatfox.abuse.ch/browse/
Malware Baazar - https://bazaar.abuse.ch/browse/
Hybrid Analysis - https://www.hybrid-analysis.com/
Joe Sandbox - https://www.joesandbox.com/#windows
Cuckoo Sandbox Online - https://sandbox.pikker.ee/
Triage - https://tria.ge/reports/public
Malshare - https://malshare.com/
Manalyzer - https://manalyzer.org/

OSINT & CTI:

Vuldb - https://vuldb.com/
Alien Vault OTX - https://otx.alienvault.com/browse/global/indicators
IBM X-Force Exchange - https://exchange.xforce.ibmcloud.com/
PulseDive Threat Feed - https://pulsedive.com/explore/threats/
Malpedia - https://malpedia.caad.fkie.fraunhofer.de/
Any-Run - https://any.run/malware-trends/
Risk IQ Community - https://community.riskiq.com/home
Lab52 Threat Mapping Tool - https://lab52.io/
vx-underground APT repository - https://vx-underground.org/samples/Families/APT/
Threat Actor Map - https://aptmap.netlify.app/
Intezer OST Map - https://intezer.com/ost-map/
Cyber Operations Tracker - https://www.cfr.org/cyber-operations
PCMatic Ransomware Tracker - https://www.pcmatic.com/ransomware/
Ransomware.Live Ransomware Tracker - https://www.ransomware.live/#/status

Threat Actors: 

MITRE Groups - https://attack.mitre.org/groups/
CrowdStrike Adversaries - https://www.crowdstrike.com/adversaries/?ref=adversary.crowdstrike.com
Mandiant APTs - https://www.mandiant.com/resources/insights/apt-groups
Mandiant UNCs - https://www.mandiant.com/resources/insights/uncategorized-unc-threat-groups
VX Underground APTs - https://vx-underground.org/APTs
Dragos Threat Groups - https://www.dragos.com/threat-groups/
Microsoft Threat Actors - https://www.microsoft.com/en-us/security/blog/threat-intelligence/threat-actors/
CyberMonitor APT Tracker - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections/

Comments

Post a Comment

Popular posts from this blog

TryHackMe CTF Walkthrough - "Simple CTF"

Image
Note: This is a reupload of a CTF walkthrough from my original website which no longer exists. Tonight I'll be providing a writeup on the TryHackMe box "Simple CTF" similar to my writeup on Blue. TryHackMe is another great and incredibly educational site dedicated to teaching learners about offensive and defensive cybersecurity. As always, it's typical to start with a basic Nmap scan.  This is one of the typical Nmap scans that I like to run on TryHackMe and HacktheBox machines. It will take longer than most scans due to the enumeration being performed by the vulnerability script. Another I will typically run is - nmap -sC -sV -A x.x.x.x This is an aggressive service scan with default scripts enabled. Here we have quite a bit of output, the bulk of it being a list of CVE's for the specific version of Apache web server running on the target machine. As we can see, Port 21 (FTP), Port 80 (HTTP), and Port 2222 (SSH) are currently open on the target machine. We can al...
Read more

Malware Overview - ZeuS

Image
 Note: This is a reupload of my writeup of the history of the ZeuS malware from my original website. INTRODUCTION:  Image Source:  https://www.bankinfosecurity.com/zeus-banking-trojan-spawn-alive-kicking-a-10471 When discussing the history of malware, you are more than likely going to hear the same few names over and over again. Conficker, Welchia, ILOVEYOU, Stuxnet, Flame, CryptoLocker, Dridex, and even newer malware like WannaCrypt0r, Emotet, and Maze.  What is left behind but stands atop the lesser remembered malware of the last fifteen years in particular is the ZeuS or Zbot Trojan and its successor, the Gameover ZeuS Trojan. This will be a historical summary of the ZeuS and Gameover ZeuS Trojans, beginning from its initial discovery and ending in the current year.  I will be using a variety of sources for my analysis. This is NOT a technical analysis of the malware, simply a historical account. I plan on writing a full technical analysis of the ZeuS and Gam...
Read more

Group Overview - Evil Corp

Image
This will be my first post in a series of posts summarizing various cyber actors, including APTs, Cybercrime outfits, and Hacktivist groups. I will be mainly discussing the history of the group and their known and documented activities throughout their existence. I plan on making additional summaries of each group that will delve further into their TTPs and other technical information to compliment this summary. The first group I will be discussing is the Evil Corp cybercrime outfit. The group is also known to many by the name INDRIK SPIDER, which was coined by the Cybersecurity company CrowdStrike. I decided to write about the Evil Corp group first due to the fact that they are still very relevant in 2020, as just a few days ago, Symantec published a report discussing a widespread attempted ransomware attack against various U.S. companies carried out by the Evil Corp group earlier this month. Evil Corp is an extremely sophisticated threat actor. They are capable of developing their ow...
Read more