mirror of https://github.com/CHEF-KOCH/Warez
Tools: Added VirusTotal alternatives to solve the "VT problem" (see link)
I preach it since years, finally someone wrote about it, VT results can be manipulated: https://medium.com/maverislabs/virustotal-is-not-an-incident-responder-80a6bb687eb9 So here is my strategy to the mentioned problem. It's not perfect but a start.
This commit is contained in:
parent
d573dfa151
commit
f9d18a6489
21
Tools.md
21
Tools.md
|
@ -955,6 +955,27 @@ Downloads albums in bulk.
|
||||||
**[`^ back to top ^`](#)**
|
**[`^ back to top ^`](#)**
|
||||||
|
|
||||||
|
|
||||||
|
## VirusTotal alternatives
|
||||||
|
|
||||||
|
Overall strategy:
|
||||||
|
* Diversify your analysis approach.
|
||||||
|
* Don't rely on the results from a single tool.
|
||||||
|
* Run everything with as few privileges as necessary.
|
||||||
|
* APT investigations must be seperated from commodity malware, otherwise you give malware authors "ideas".
|
||||||
|
* Treat everything like it could be malicious until you have enough evidence to suggest otherwise.
|
||||||
|
|
||||||
|
|
||||||
|
- [Any-Run](https://anonym.to/?https://any.run/) - Run files in a sandbox.
|
||||||
|
- [Thread Minder](https://www.threatminer.com/) - Allow analysts to find additional information on indicators of compromise (IOC) such as domain names, IP's and more.
|
||||||
|
- [ThreatCrowd](https://www.threatcrowd.com/) - Search engine for threats, show correlations of submitted entries eg IP, hashes, domains etc
|
||||||
|
- [URLScan](https://anonym.to/?https://urlscan.io/) - Check the website.
|
||||||
|
- [Sooty](https://anonym.to/?https://github.com/TheresAFewConors/Sooty) - SOC Analyst Tool.
|
||||||
|
- [CheckIP](https://anonym.to/?https://threatstop.com/checkip) - Free resource for checking rep on IPs/CIDRs and domains.
|
||||||
|
- [Hybrid-Analysis](https://anonym.to/?https://www.hybrid-analysis.com/) - [alternative](https://anonym.to/?hhttps://app.sndbox.com/) - The free version is normally good enough.
|
||||||
|
|
||||||
|
|
||||||
|
**[`^ back to top ^`](#)**
|
||||||
|
|
||||||
## WordPress login bruteforcer
|
## WordPress login bruteforcer
|
||||||
- [wpbrute-rs](https://anonym.to/?https://github.com/leo-lb/wpbrute-rs) - High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second.
|
- [wpbrute-rs](https://anonym.to/?https://github.com/leo-lb/wpbrute-rs) - High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue