From f9d18a648959e665b7ec9bcd2aaad6e3ebada520 Mon Sep 17 00:00:00 2001 From: CHEF-KOCH Date: Sat, 25 Jan 2020 20:31:57 +0100 Subject: [PATCH] Tools: Added VirusTotal alternatives to solve the "VT problem" (see link) I preach it since years, finally someone wrote about it, VT results can be manipulated: https://medium.com/maverislabs/virustotal-is-not-an-incident-responder-80a6bb687eb9 So here is my strategy to the mentioned problem. It's not perfect but a start. --- Tools.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/Tools.md b/Tools.md index f7ddc98..b27f8c7 100644 --- a/Tools.md +++ b/Tools.md @@ -955,6 +955,27 @@ Downloads albums in bulk. **[`^ back to top ^`](#)** +## VirusTotal alternatives + +Overall strategy: +* Diversify your analysis approach. +* Don't rely on the results from a single tool. +* Run everything with as few privileges as necessary. +* APT investigations must be seperated from commodity malware, otherwise you give malware authors "ideas". +* Treat everything like it could be malicious until you have enough evidence to suggest otherwise. + + +- [Any-Run](https://anonym.to/?https://any.run/) - Run files in a sandbox. +- [Thread Minder](https://www.threatminer.com/) - Allow analysts to find additional information on indicators of compromise (IOC) such as domain names, IP's and more. +- [ThreatCrowd](https://www.threatcrowd.com/) - Search engine for threats, show correlations of submitted entries eg IP, hashes, domains etc +- [URLScan](https://anonym.to/?https://urlscan.io/) - Check the website. +- [Sooty](https://anonym.to/?https://github.com/TheresAFewConors/Sooty) - SOC Analyst Tool. +- [CheckIP](https://anonym.to/?https://threatstop.com/checkip) - Free resource for checking rep on IPs/CIDRs and domains. +- [Hybrid-Analysis](https://anonym.to/?https://www.hybrid-analysis.com/) - [alternative](https://anonym.to/?hhttps://app.sndbox.com/) - The free version is normally good enough. + + +**[`^ back to top ^`](#)** + ## WordPress login bruteforcer - [wpbrute-rs](https://anonym.to/?https://github.com/leo-lb/wpbrute-rs) - High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second.