SecAnaly Tools
15 tools you should know as a Security Analyst
Whether you’re looking to break into cyber security, already working in a SOC, penetration tester or consulting, it’s essential to know robust analytical tools. Such tools will help you do your job right, a lot of which you don’t have to pay a penny. The web has a vast range of free available tools to aid you with your projects, regardless of what subset of infosec you’re in. Alright, enough of stating the obvious and I’ll get to the point. Here they are:
VirusTotal
VirusTotal is among the most popular online malware analysis tools. It allows you to upload files, IP Addresses, hashes, and URLs for scanning by multiple antivirus engines. It can help security analysts quickly identify threats and take appropriate actions in investigations. Other notable features are threat intelligence capabilities, detailed analysis reports, and a free API you can use to implement into your code.
URLScan.io
URLScan can check URLs for potential security threats. It uses a combination of reputation checks and static analysis to identify malicious content and generate detailed findings. Key features include custom scans, deep analysis, and an easy-to-use interface.
BrowserLing
Need a quick burner browser for testing? Then this tool is right for you! BrowserLing allows you to detonate suspicious URLs and test website links for compatibility and security issues. It supports a wide range of browsers and operating systems, providing real time visualization analysis. It can really come in handy for phishing email investigations.
Shodan
This is a popular search engine for internet-connected devices, often used by security researchers and penetration testers. The tool can help identify vulnerable IoT systems and servers, providing detailed info on their operating systems, configuration, and potential attack vectors. In my experience, it is useful during OSINT investigations and vulnerability analysis. I’ve come across internet facing web cameras, vulnerable web servers, and even industrial control systems!
Spur
Spur is an open-source threat intelligence platform that allows security analysts to collect, analyze, and share threat intelligence data. The tool provides real-time monitoring, advanced analytics on IPs and endpoints, automated threat detection and response capabilities. Key features include customizable dashboards, flexible data sources, and powerful analytics.
Hybrid Analysis
This is an online malware analysis platform that analyzes suspicious files and URLs in a safe, sandboxed environment. The tool provides comprehensive findings on the behavior and potential impact of the analyzed content, helping analysts identify potential threats and take appropriate action. Key features include advanced malware analysis capabilities, detailed reports, and an easy-to-use interface.
Phish Tank
Phish Tank is a community-driven database of known malicious websites, which can help identify phishing entities. Security professionals and enthusiasts can contribute to the database by reporting new phishing sites.
CheckPhish.ai
CheckPhish.ai is an AI-powered phishing detection tool that quickly identifies threats. The tool uses advanced machine learning algorithms to analyze email content, IP addresses and domain names. In addition, it can passively discover associated subdomains and entities to a particular target.
AlienVault OTX
This is an open threat intelligence platform where you can access and share threat intelligence data. The tool also contains real-time monitoring, threat intel analytics, enhanced threat detection and response capabilities of networks and endpoints. Other notable features include customizable dashboards, flexible data sources, and powerful analytics.
App.any.run
Another online malware analysis platform that allows security analysts to run and analyze suspicious files and URLs in a safe and controlled environment. The tool provides real-time behavioral and threat intelligence analysis. You can choose a variety of windows operating systems (paid version) for testing. Overall, it’s good for threat hunting.
Microsoft Remote Connectivity Analyzer
This is a web-based tool that allows you to evaluate and troubleshoot Microsoft Office 365 and Exchange Server connectivity issues. The tool provides detailed reports and diagnostic information, helping system administrators identify and resolve issues quickly. For security, analysts can use this tool to review email headers for investigations.
Windows Sandbox
This is a built-in feature in Windows 10/11 that allows security analysts to safely run and evaluate untrusted applications and files. The tool creates a secure, isolated environment that does not affect the host operating system or installed applications. Unlike traditional virtual machine environments, nothing is saved or remains persistent on the machine after use. Its only limitations are that it’s available on windows 10/11 pro editions.
NetworkChuck Cloud Browser
Another nifty tool I stumbled across recently. This program provides a secure browsing environment for testing suspicious links and browsing with enhanced privacy. Think of it as like a “burner phone” for your browsing. It’s like windows sandbox, but cloud based. You can view more about it in the link below (note: skip to 7:21).
PolySwarm
PolySwarm is a decentralized threat intelligence marketplace that allows security analysts to access and share threat intelligence data. Features include advanced threat analytics, automated and early detection triage, and response capabilities. Other features include customizable dashboards, flexible data sources, and powerful analytics. It is like virus total, but with a slightly more user-friendly interface.
DNSDumpster
Whether you’re bug bounty hunting or performing OSINT Investigations, DNSDumpster is great for reconnaissance. It provides detailed information on DNS records and domains. One of my favorite features about is the graphical representations of results.
Please note that the tools mentioned have free access features which are limited. Further features are paid. However, in my experience, I haven’t felt a need to pay for further features. Whether you choose to do so is your call. Hope you found this article useful!
Comments