Investigation

• xcyclopedia
• vmray
• threatbook
• Kaspersky Security Network
• Microsoft Security Intelligence Report
• OUI mac address lookup
• abuse.ch
• malware-traffic-analysis
• waybackmachine
• dnshistory
• asnlookup
• fofa.info
• Sandbox HA
• Sandbox Anyrun
• triage
• capesandbox
• joesandbox
• Apptotal (apps and extensions analysis)
• SpamHaus
• AbuseIPDB
• Malwarebazaar
• emailrep
• shodan
• Onyphe
• Censys
• threatminer
• urlscan
• mxtoolbox
• ipvoid
• Microsoft TI
• pulsedive
• IBM X-Force Exchange
• AlienVault OTX
• greynoise
• echotrail
• whois domaintools
• viewdns
• url tiny-scan
• cloudfare scan
• checkphish
• McAfee Threat Intelligence Exchange
• cybergordon (reputation check)
• cloudfare scanner
• whoxy
• SecurityTrail
• ZommEye
• urlquery
• urldna.io
• Malware-Traffic-Analysis (PCAP files)
• triage
• filescan.io
• threat zone

Data manipulation

• JS deobfuscator
• CyberChef
• Text Tool
• Message Header
• MXToolbox EmailHeaders
• Email Header Analyzer
• Email Header Analysis
• Gitlab dashboard from Excel
• OPENAI
• jsoncrack
• Hash calculator
• regex101
• Javascript Deobfuscator
• JSONViewer
• TextMechanic
• UrlEncode.org
• TextFixer
• RegExr
• Online XML Formatter and Beautifier
• XML Escape Tool
• DiffChecker
• HTML Formatter
• TextUtils
• TextCompactor
• Pretty Diff
• XML Tree
• String Manipulation Tool
• urlunscrambler
• longurl
• uncoder
• DeHashed
• PCAP online analyzer

Detection Resources

• GTFOBIN
• LOLBAS
• Elastic Rules
• DFIR-Report Sigma-Rules
• mdecrevoisier Sigma-Rules
• P4T12ICK Sigma-Rules
• tsale Sigma-Rules
• list of detections resources
• detection engineering resources
• awesome-threat-detection
• LOTS
• loldrivers
• WTFBIN
• Sigma
• Splunk Rules
• MITRE Navigator
• MITRE Updates
• MITRE D3fend
• MITRE techniques
• MITRE Datasources
• JoeSecurity Sigma-Rules
• LOLRMM

DFIR

• dfir-orc-config
• Splunk4DFIR
• dfiq
• PSBits
• Hayabusa
• chainsaw
• regripper
• RdpCacheStitcher
• ripgrep
• Kape Files
• More Kape ressources
• VolatileDataCollector
• Velociraptor
• MemProcFS
• avml
• Lime
• WinPmem
• Windows artifacts
• UAC
• Yara TH - Keywords)
• EricZimmerman Tools
• dfir-orc
• Kape
• MemDump
• Volatility

Security News

• detect.fyi
• CERT FR Avis
• akamai Feed
• Elastic Blog
• Adam Chester Blog Feed
• Mauricio Velazco Blog
• tenable Blog
• horizon3 Feed
• Incidents reports Feed
• NCC Group Research Feed
• SpecterOps Feed
• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi
• DFIR Podcasts
• DFIR weekly news
• sans blog
• CERT-FR
• CERT FR Alerts
• JPCERT
• EricaZelic Blog
• CISA news
• thedfirreport Feed
• Splunk Research Blog
• Unit42 Feed
• Cisco Talos Feed
• Crowdstrike Feed
• Hexacorn Blog
• simone kraus Blog
• Michael Haag Blog
• Sophos Research Feed
• Offensive Research - DSAS by INJECT
• HackerNews Feed
• Bleepingcomputer Feed
• detect.fyi
• detect.fyi
• Clément Notin Feed
• detect.fyi
• detect.fyi
• detect.fyi
• Google Threat Intelligence
• Sekoi Blog
• detect.fyi

IOC Feeds/Blacklists:

• Block Lists
• DNS Block List
• Phishing Block List
• C2IntelFeeds
• Volexity TI
• Open Source TI
• C2 Tracker
• Unit42 Timely IOC
• Unit42 Articles IOC
• Zscaler ThreatLabz IOC
• Zscaler ThreatLabz Ransomware notes
• Sophos lab IOC
• ESET Research IOC
• ExecuteMalware IOC
• Cisco Talos IOC
• Blackorbid APT Report IOC
• AVAST IOC
• DoctorWeb IOC
• BlackLotusLab IOC
• prodaft IOC
• Pr0xylife DarkGate IOC
• Pr0xylife Latrodectus IOC
• Pr0xylife WikiLoader IOC
• Pr0xylife SSLoad IOC
• Pr0xylife Pikabot IOC
• Pr0xylife Matanbuchus IOC
• Pr0xylife QakBot IOC
• Pr0xylife IceID IOC
• Pr0xylife Emotet IOC
• Pr0xylife BumbleBee IOC
• Pr0xylife Gozi IOC
• Pr0xylife NanoCore IOC
• Pr0xylife NetWire IOC
• Pr0xylife AsyncRAT IOC
• Pr0xylife Lokibot IOC
• Pr0xylife RemcosRAT IOC
• Pr0xylife nworm IOC
• Pr0xylife AZORult IOC
• Pr0xylife NetSupportRAT IOC
• Pr0xylife BitRAT IOC
• Pr0xylife BazarLoader IOC
• Pr0xylife SnakeKeylogger IOC
• Pr0xylife njRat IOC
• Pr0xylife Vidar IOC
• Elastic Lab IOC
• Unit42 IOC
• UrlHaus_misp
• UrlHaus
• Cloud Intel IOC
• Pr0xylife Warmcookie IOC
• vx-underground - Great Resource for Samples and Intelligence Reports
• Sekoia IOC
• experiant.ca
• SpamHaus drop.txt

Formations

• InsightEngineering
• Datasets
• dataset v1
• dataset v2
• dataset v3
• xintra
• 13cubed.com
• Mastering Windows Forensics
• SANS508
• Zenk-Security
• Linux-live-forensics
• dfir-labs
• aceresponder.com
• SOC lvl1
• letsdefend.io
• SANS555
• BOTS

SIEM/SOC related:

• EDR Telemetry
• PurpleTeam Scripts
• Awesome-SOC
• Threat-Hunting with Splunk

Others

• cyberchef
• Chrome Addon for TI checks
• Crontab check
• Subnet Calculator
• chmod calculator
• Epoch time converter

TI TTP/Framework/Model/Trackers

• MITRE CAPEC
• MITRE PRE-ATT&CK Techniques
• MITRE CAR
• All MITRE data in xlsx format
• Tools used by threat actor groups - MITRE ATT&CK
• atomic-red-team
• redcanary Threat Detection report
• The-Unified-Kill-Chain
• Tools used by ransomware groups - @BushidoToken
• Tactics - MITRE ATT&CK
• Mitigation - MITRE ATT&CK
• TTP pyramid
• Pyramid of pain
• Cyber Kill chain
• Ransomware.live

LAB

• ludus
• GOAD
• flare-fakenet-ng
• flare-vm
• StratosphereLinuxIPS
• maltrail
• openbas
• LLM honeypot galah
• honeypot canary
• Respoter
• HEDnsExtractor
• iris-web
• JonMon
• OpenCTI

Sandbox

• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi
• Twitter
• NIST CVEs
• DFIR weekly sumary - thisweekin4n6
• Checkpoint research Feed
• Redcanary Feed
• virusbulletin
• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi
• detect.fyi

More TI

• redhuntlabs

TI

• McAfee Threat Intelligence Exchange

Sandbox

• unshorten it

IOC Feeds/Blacklists:

• ABUSE.CH BLACKLISTS
• ThreatFOX IOC

• offensive_tool_keywords.csv
• greyware_tool_keyword.csv
• signature_keyword.csv