General Blog

Open Source Intelligence (OSINT) Sites

Threrat Intelligence Platforms (T.I.P.)

All threat of these platforms are free, but not all of the functions are available for the free versions. They are still great to be able to look up IOCs (indicators of compromise) on threat actors. All of these platforms you will have to register for, but are worth it.

  1. ThreatConnect – Home – ThreatConnect
  2. RiskIQ – RiskIQ | Digital Risk | Cyber Threat Intelligence | Incident Response
  3. Mandiant Advantage – Threat Intelligence Platform | Threat Intelligence Tools | Mandiant
  4. Recorded Future – Use Recorded Future for Free | Recorded Future (this link is not a platform but is a daily free threat intelligence email)
  5. AlienVault OTX – AlienVault – Open Threat Exchange

Sites to Check Indicators of Compromise (IOC)

  1. AbuseIPDB – AbuseIPDB – IP address abuse reports – Making the Internet safer, one IP at a time (gives a confidence report on if a particular IP is malicious or not and what the public has seen that IP doing such as SSH brute force)
  2. VirusTotal – VirusTotal (a site to check the reputation of URLs and IPs as well as upload files to and see if they are detected by the Anti-Virus programs; remember this is a public site so any files that are uploaded can be seen by anyone)
  3. ThreatCrowd – Threat Crowd | Threatcrowd.org Open Source Threat Intelligence (a search engine for threats, can look up domains, IPs, Emails or Organizations)
  4. Cybercrime Tracker – CyberCrime (can search for a particular URL to see if it is connected with malicious activity)
  5. Maltiverse – Maltiverse (can search for IPs and URLs and will indicate if it is malicious or not)
  6. Malbeacon – MalBeacon (site where you can check if an IP or URL is associated with C2 servers)
  7. URLhaus – URLhaus – Malware URL exchange (site to check URLs and see what malware is associated with them)
  8. Abuse – abuse.ch – Figthing malware and botnets (project that tracks cyber threats and botnets)

Public Sandboxes to Detonate Files/URLs

  1. Any.run – Interactive Online Malware Analysis Sandbox – ANY.RUN
  2. TriageSandbox for High-Volume Automated Malware Analysis
  3. Hybrid Analysis – Free Automated Malware Analysis Service – powered by Falcon Sandbox
  4. Joe Sandbox – Deep Malware Analysis – Joe Sandbox Cloud
  5. Intezer Analyze – https://analyze.intezer.com/

Miscellaneous

  1. URL.ioURL and website scanner – urlscan.io (a sandbox to scan URLs in which will then show the webpage)
  2. nmapper – Online Platform for network pentesting and mapping tool for penetration testers and System administrators (tool to find subdomains)
  3. Shodan – Shodan (search engine for internet connected devices, can search IPs and domains)
  4. Screenshotmachine – Reliable Screenshot API | Screenshot Machine (can enter in a URL and it will give you a screenshot of it)
  5. ipStack – ipstack – Free IP Geolocation API (geo-location of IP addresses)
  6. DNSdumpster- https://dnsdumpster.com/ (domain research tool)
Tips & Tricks

Excellent OSINT Questions for Social Engineering Engagements

Please note that this list came from Christopher Hadnagy’s book, Social Engineering The Science of Human Hacking.


Questions for a Corporation:
How does the corporation use the internet?
How does the corporation use social media?
Does the corporation have policies in place for what its people can put on the internet?
How many vendors does that corporation have?
What vendors does the corporation use?
How does the corporation accept payments?
How does the corporation issue payments?
Does the corporation have call centers?
Where are HQ, Call Centers, or other branches located?
Does the corporation allow BYOD?
Is the corporation in one location or many?
Is there an org chart available?

Questions for an Individual:
What social media accounts does the person use?
What hobbies does the person have?
Where does the person vacation?
What are the person’s favorite restaurants?
What is the family history (sicknesses, businesses, and so on) of the person?
What is the person’s level of education? What did the person study? Where?
What is the person’s job role, including whether people work from home, for themselves, and who they report to?
Are there any other sites that mention the person (maybe they give speeches, post to forums, or are part of a club)?
Does the person own a house? If yes, what are the property taxes, liens, and so on?
What are the names of the person’s family members (as well as any of the previously mentioned info on those people)?