The following links, resources, and other items are associated with the public Paralus Open Source Tools for Hunting and Practical Intelligence Workshop.

Workshop Exercise Resources

• Walk-Through Report: Sandworm Actors Exploiting Vulnerability in Exim Mail Transfer Agent (NSA)
• Report: More Evil: A Deep Look at Evilnum and Its Toolset (ESET)
• IOCs: Github Repo

Links to Tools and Resources

• Network Resources
  • Hurricane Electric Who Is
  • RiskIQ Community (Requires Account)
  • Censys.io
  • Urlscan.io
  • URLhaus
  • MXToolBox SuperTool
  • Shodan.io (Requires Account)
• Host Resources
  • VirusTotal
  • Any.run
  • HybridAnalysis
  • VirusBay
  • Malshare
  • MalwareBazaar
• Links to Tools
  • CyberChef
  • FLOSS Strings Tool
  • OLETools
  • Didier Stevens Tools
  • PE Analyzer:
    • Python2
    • Python3
  • CAPA Executable Analyzer
  • Aldeid Digital Forensics List
  • NewDomain Search

References and Further Reading

An excellent resource covering multiple cyber threat intelligence items is Katie Nickels’ reading list. Other resources include the following:

• General Intelligence Resources
  • JP-2-0 Intelligence
  • Psychology of Intelligence Analysis
  • A Threat Driven Approach to Cyber Security (Lockheed Martin Kill Chain)
  • The Diamond Model of Intrusion Analysis
• IOCs and Threat Intelligence
  • OpenIOC Series: Investigating with Indicators of Compromise Part I
  • Investigating with Indicators of Compromise Part II
  • The Origin of Indicators
  • Indicators and Network Defense
  • Misunderstanding Indicators of Compromise
  • Threat Intelligence and the Limits of Malware Analysis
  • The Pyramid of Pain
• Security Operations
  • Intelligence-Driven Incident Response (book)
  • Threat Modeling (book)