From 2f7877a6076283b8c208999e4d75c384aee44119 Mon Sep 17 00:00:00 2001 From: Pedram Amini Date: Fri, 1 Nov 2019 07:47:04 -0500 Subject: [PATCH] added a variety of open resources from InQuest.net --- README.md | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 6fcf564..858b97a 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大 * [Exploit Database](https://www.exploit-db.com/) - Exploit and shellcode samples. * [Infosec - CERT-PA](https://infosec.cert-pa.it/analyze/submission.html) - Malware samples collection and analysis. +* [InQuest Labs](https://labs.inquest.net) - Evergrowing searchable corpus of malicious Microsoft documents. * [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/) - A resource providing rapid identification and actionable context for malware investigations. * [Malshare](https://malshare.com) - Large repository of malware actively @@ -139,7 +140,7 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大 * [threataggregator](https://github.com/jpsenior/threataggregator) - Aggregates security threats from a number of sources, including some of those listed below in [other resources](#other-resources). -* [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and +* [ThreatConnect](https://threatconnect.com/free/) - TC Open allows you to see and share open source threat data, with support and validation from our free community. * [ThreatCrowd](https://www.threatcrowd.org/) - A search engine for threats, with graphical visualization. @@ -175,6 +176,8 @@ View Chinese translation: [恶意软件分析大合集.md](恶意软件分析大 * [HoneyDB](https://riskdiscovery.com/honeydb) - Community driven honeypot sensor data collection and aggregation. * [hpfeeds](https://github.com/rep/hpfeeds) - Honeypot feed protocol. * [Infosec - CERT-PA lists](https://infosec.cert-pa.it/analyze/statistics.html) ([IPs](https://infosec.cert-pa.it/analyze/listip.txt) - [Domains](https://infosec.cert-pa.it/analyze/listdomains.txt) - [URLs](https://infosec.cert-pa.it/analyze/listurls.txt)) - Blocklist service. +* [InQuest REPdb](https://labs.inquest.net/repdb) - Continuous aggregation of IOCs from a variety of open reputation sources. +* [InQuest IOCdb](https://labs.inquest.net/iocdb) - Continuous aggregation of IOCs from a variety of blogs, Github repos, and Twitter. * [Internet Storm Center (DShield)](https://isc.sans.edu/) - Diary and searchable incident database, with a web [API](https://dshield.org/api/). ([unofficial Python library](https://github.com/rshipp/python-dshield)). @@ -275,7 +278,7 @@ executables. against multiple mobile antivirus apps. * [AVCaesar](https://avcaesar.malware.lu/) - Malware.lu online scanner and malware repository. -* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo +* [BoomBox](https://github.com/nbeede/BoomBox) - Automatic deployment of Cuckoo Sandbox malware lab using Packer and Vagrant. * [Cryptam](http://www.cryptam.com/) - Analyze suspicious office documents. * [Cuckoo Sandbox](https://cuckoosandbox.org/) - Open source, self hosted @@ -344,7 +347,7 @@ executables. *Inspect domains and IP addresses.* * [AbuseIPDB](https://www.abuseipdb.com/) - AbuseIPDB is a project dedicated - to helping combat the spread of hackers, spammers, and abusive activity on the internet. + to helping combat the spread of hackers, spammers, and abusive activity on the internet. * [badips.com](https://www.badips.com/) - Community based IP blacklist service. * [boomerang](https://github.com/EmersonElectricCo/boomerang) - A tool designed for consistent and safe capture of off network web resources. @@ -384,7 +387,7 @@ executables. or network owner. (Previously SenderBase.) * [TekDefense Automater](http://www.tekdefense.com/automater/) - OSINT tool for gathering information about URLs, IPs, or hashes. -* [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal +* [URLhaus](https://urlhaus.abuse.ch/) - A project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution. * [URLQuery](http://urlquery.net/) - Free URL Scanner. * [urlscan.io](https://urlscan.io/) - Free URL Scanner & domain information. @@ -430,6 +433,7 @@ the [browser malware](#browser-malware) section.* malware, featuring JScript/WScript support and ActiveX emulation. * [diStorm](http://www.ragestorm.net/distorm/) - Disassembler for analyzing malicious shellcode. +* [InQuest Deep File Inspection](https://labs.inquest.net/dfi) - Upload common malware lures for Deep File Inspection and heuristical analysis. * [JS Beautifier](http://jsbeautifier.org/) - JavaScript unpacking and deobfuscation. * [JS Deobfuscator](http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/) - Deobfuscate simple Javascript that use eval or document.write to conceal @@ -545,7 +549,7 @@ the [browser malware](#browser-malware) section.* * [GDB](http://www.sourceware.org/gdb/) - The GNU debugger. * [GEF](https://github.com/hugsy/gef) - GDB Enhanced Features, for exploiters and reverse engineers. -* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. +* [Ghidra](https://github.com/NationalSecurityAgency/ghidra) - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. * [hackers-grep](https://github.com/codypierce/hackers-grep) - A utility to search for strings in PE executables including imports, exports, and debug symbols. @@ -645,8 +649,8 @@ the [browser malware](#browser-malware) section.* building a malware lab. * [Laika BOSS](https://github.com/lmco/laikaboss) - Laika BOSS is a file-centric malware analysis and intrusion detection system. -* [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily - deployable network traffic analysis tool suite for full packet capture artifacts +* [Malcolm](https://github.com/idaholab/Malcolm) - Malcolm is a powerful, easily + deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files) and Zeek logs. * [Malcom](https://github.com/tomchop/malcom) - Malware Communications Analyzer. @@ -772,7 +776,7 @@ the [browser malware](#browser-malware) section.* * [Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware * [Malware Analyst's Cookbook and DVD](https://amzn.com/dp/0470613033) - Tools and Techniques for Fighting Malicious Code. -* [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks +* [Mastering Malware Analysis](https://www.packtpub.com/networking-and-servers/mastering-malware-analysis) - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks * [Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills * [Practical Malware Analysis](https://amzn.com/dp/1593272901) - The Hands-On Guide to Dissecting Malicious Software.