Delete helpful_osint.md

helpful_osint.md

@@ -1,172 +0,0 @@
-IP/Domain/
-Shared Domains on IP Address
-
-robtex.com
-
-IPs, Domains
-
-One of the best of breed tools to investigate Domains, IP addresses and more. 
-
-IP/Domain Information
-
-centralops.net
-
-IPs, Domains
-
-Investigate Domains and IP addresses.
-
-Geolocate IPs/Domains
-
-iplocation.net
-
-
-
-IPs, Domains
-
-Quick way to find the most up-to-date location of a IP from several different vendors.
-
-Geolocate IPs/Domains
-
-infosniper.net
-
-IPs, Domains
-
-Shows location and provides a nice map.
-
-PassiveDNS, SSL Certificates, Shared Domains on IP address
-
-passivetotal.org
-
-IPs, Domains
-
-Research Domains, IPs, passive DNS sources, SSL certs, and more.  Sign up for a free license.
-
-SSL Certificates
-
-censys.io
-
-SSL Certificate Hashes
-
-Scans the internet on a daily basis and allows researchers to search their library for information on SSL certs and more.
-
-Historical Whois information
-
-whoisology.com
-
-Domains, Emails, Keywords
-
-Search historical whois information.
-
-Passive DNS
-
-passivedns.mnemonic.no
-
-IPs, Domains,
-
-Look up domains and IPs and recent resolutions without performing an actual DNS query.
-
-Malware
-
-malwr.com
-
-File Hashes
-
-Free malware analysis service that allows you to submit files to an open source malware sandbox and search results with an account.
-
-Malware
-
-hybrid-analysis.com
-
-File Hashes
-
-Free malware analysis service that allows you to submit files to an open source malware sandbox and search results
-
-Malware (and more)
-
-virustotal.com
-
-File Hashes, IP addresses, Domains
-
-Best of breed free malware analysis service that allows you to submit files to an open source malware sandbox and search results. Users can submit URLs and files TO virustotal but this may result in tipping off adversaries to your action… Usually I recommend just passive research on VT.
-
-Domain
-
-threatcrowd.org
-
-File Hashes, IP address, Domains
-
-Search engine for threat data and open source intelligence reports and other cyber security sources
-
-URLs
-
-urlquery.net
-
-URLs
-
-Submit an URL and it will visit the site, take a snapshot, and analysis it to see if it is malicious. Beware of using this to analyze a link unless you are ok with tipping your hand to the adversary
-
-Search engine
-
-google.com
-
-Any field
-
-Google. No discussion needed. However, I’d recommend disabling pre-fetch https://www.technipages.com/google-chrome-prefetch
-
-Code
-
-github.com
-
-Any field
-
-Github is one of the largest code repositories on the internet. Often you can find interesting strings in the logs that may be in adversaries (or tool creators) Github repo.
-
-Domains, whois
-
-domaintools.com
-
-IPs, Domains,
-
-Best of breed for researching DNS history. For a fee, you can setup DNS branding detection and registration history of domains.
-
-BGP/ASN
-
-bgp.he.net
-
-
-
-IPs
-
-Often adversaries utilize the same ASN but different IP addresses. It can be worthwhile to find “malicious” ASNs and alert on them.
-
-PassiveDNS and more
-
-viewdns.info
-
-IPs, Domains, Names
-
-Provides several different DNS research tools. Can find out registrant histories of domains.
-
-Malware
-
-totalhash.cymru.com
-
-IPs, Domains, File Hashes
-
-One of the largest collections of malware on the internet. Great searching capabilities.
-
-APT reports
-
-threatminer.org
-
-Any IOC or key word
-
-Threatminer combines different threat feeds and a searchable repository of APT reports.
-
-IP
-
-ipinfo.io
-
-IPs
-
-Lightweight site that can quickly find out basic info regarding an IP address