On-line resources

On-line tools supporting threat analysis.

Reverse engineering code

• JS Beautifier unpacks, obfuscates, or beautifies JavaScript or HTML code, and can export to JSON or JSONP.

• Practical Malware Analysis Starter Kit contains most of the software referenced in Practical Malware Analysis.

• Ransomware Identifier identifies the type of ransomware from ransom note and encryption algorithm.

• Regex101 gives a description of what a regular expression does.

• UnPHP is a free service for analysing obfuscated and malicious PHP code.

• URL Decoder/Encoder encodes or decodes of URLs to hide or reveal JavaScript URLs into or from nonsense.

Indicators of Compromise

• Check IoC can scan a log file, and reports whether the associated network is infected with malware or a DNS changer.

• The Exploit Database has two repositories on GitHub. The main exploit database repository is updated daily and contains exploit & shellcode entries sorted by platform, and the exploit database bin-sploits repository holds binary exploits and proofs of concept.

• Hybrid analysis is a malware analysis tool.

• The Malware Hash Registry (MHR) gives a static and dynamic analysis of malware samples.

• PhishEye surfaces existing and new domains that spoof legitimate names.

• VirusTotal analyses suspicious files and URLs to detect types of malware. It automatically shares them with the security community.

• Zulu URL Risk Analyzer inspects suspicious URLs.

Anti-Phishing

• OpenPhish uses proprietary Artificial Intelligence algorithms to automatically identify zero-day phishing sites and provide comprehensive, actionable, real-time threat intelligence.

• Phish Archive tracks various domains that are known to be a part of phishing attacks.