Resources

My daily research tools

These are search related tools that I keep as shortcuts and use almost daily.  I use them frequently when analyzing questionable files, URLs, security events, and also to supplement reporting.  They are free for most common purposes; and some with paid options if you want to go beyond.

  • URLScan – Online web sand boxing tool, used to help preview and snapshot URLs.  May also have historical information, useful after take downs or removal of malicious sites.
  • Hybrid Analysis – Online sand boxing tool, used to review questionable files, URLs, hashes & more.
  • Virustotal – Scan a file or URL using multiple AV engines, also has hash search.
  • Censys – Research IP and host reputations, includes banner grabbing.
  • SecurityTrails – Another good host & IP research tool.
  • Greynoise – Helpful analyst tool to determine what NOT to worry about.
  • MX Toolbox – Everything mail server related.  Also has decent DNS recon tools.
  • Dehashed – Compromised asset search tool, free to see “IF” but pay for details.
  • DNSdumpster – Helps to footprint and do recon on public DNS records
  • RansomLook.io – Helpful for researching breach claims and groups without using TOR.
  • BGP.tools – Border Gateway Protocol (BGP) is used for routing among autonomous systems (AS), good for connecting-the-dots with companies, ISPs, etc.

My daily security tools

Similar to the above, there are a handful of service providers and applications that I use almost daily.

  • Services:
    • Proton – Secure and encrypted e-mail, VPN, file storage, etc. all focused on privacy.  Both free and paid options.
    • SimpleLogin – Now powered by Proton, this is an anonymous e-mail service.  Good for setting up “aliases” to establish isolation and privacy.  Paid accounts can even reply-to and use custom domains, catchalls, etc.
    • Signal – Encrypted messaging.  Open source, peer-reviewed, and free.
    • MySudo – Privacy focused app with a lot to offer.  Encrypted messaging to other Sudo users, allows for creation of e-mail forwarders, and has voice/text functions with a paid subscription.
    • Authy – Free multifactor authentication (MFA) solution for personal use with backup options.  Great alternative to SMS text codes for supported providers.
    • File.io – Free ephemeral file sharing, anonymous (no login).
  • Apps:
    • Veracrypt – Free offline disk and container-based encryption software, open source, & cross platform.  A “must-have” for flash drives and removable media.
    • Keepass XC – Free offline password manager, encrypted databases, open source.  For even better protection, put this database in a Veracrypt container too!
    • Virtualbox – Free virtualization solution from Oracle.  I run this exclusively for my home lab, research, and testing.
    • Veeam Community – Backup solution with encryption, deduplication, compression, & more for Windows & Linux.
  • Physical tools:  EDC – “Every day carry”
    • Yubikey – Yubikeys are solid and I strongly recommend them for multi factor authentication (MFA) wherever possible.  Mine has been through many careless situations and still operates well.  I recommend a “5 series” or at least a “Security Key” for NFC.
    • Leatherman Skeletool – 7-in-1 multitool.  Knife is on the outside for quick use, good pliers, and 2 screwdriver bits.  I’ve had the same one for 10+ years.
    • Portable storage device – Any name brand USB3.x high speed flash drive.  Get or make your own a portable SSD drive for more storage, excellent for VMs!
    • USB-C to USB adapter – I keep one my key ring, it’s a life saver… especially for the above Yubikey!  I also keep a USB to USB-C in my bag for just-in-case charging, older PCs, etc.
    • RovyVon A3 Flashlight – This keychain / mini flashlight is about the size of an AA battery, its charge lasts for over a month with minimal use, survived a few drops, and it’s like a mini spotlight on “high” mode (650lm).

      Beyond only EDC, having a variety of the “tools-of-the-trade”, ready to use, and tested is great.  However, you also need to know how to use those tools!  The worst time to find out something doesn’t work or that you don’t know to use it… is exactly when you need it.

InfoSec Knowledge

Reading, listening to podcasts, and doing what you can to stay informed on the industry and current events is incredibly important.  Here’s a few resources I use to stay in the loop!

  • Dark Reading – Part of the Information Week network, one of my daily reads.  Timely, relevant, and concise Infosec news.
  • The Hacker News – Timely and technical updates on breaches, vulnerabilities, etc and more.
  • KnowBe4 Blog – One of my routine professional readings, great source for learning about the latest phishing, social engineering and overall cybercrime news.
  • WIRED – Generally well-written and professional quality articles.  A geeky favorite magazine of mine for years now!
  • Brian Krebs – Brian is a prolific independent journalist who provides investigative reporting on cybercrime and security topics.
  • IntelTechniques – Michael Bazzell & Jason Edison, free open source intelligence (OSINT) and privacy focused blog, publications, and tools.  They have an excellent paid online video training course and very affordable eBooks that are both frequently updated.

Events and webinars are very common and great sources too!  I attend at least 1-2 events most months, some for industry and some for fun.  For those in and around Delaware too, here’s two that I’ve attended for many years:

  • Secure Delaware – Delaware’s official cybersecurity workshop.  A professional event hosted by Delaware’s Department of Technology & Information (DTI).
  • BSidesDE & BSidesCharm – Security BSides, one of my favorite local cons!  Stuff for kids, students, professionals, and folks of all ages and skills to do!  Presentations, lockpicking, CTFs, WiFi/SDR, foxhunt, games, red vs blue team, hands-on workshops, and more!

Compilations, lists, etc.

Instead of recreating the wheel, here’s a few spectacular compendiums maintained by other security professionals and used by me too.

For compilations focusing more on Open Source Intelligence (OSINT):

Other neat things I keep in my bookmarks:

  • IronGeek’s Homoglyph Attack Generator – Excellent to generate letter substitutions and obfuscations.  Such as: Нellο Ꮃorlԁ  (Which in code is: /xn--ell%20orl-s1g69kr5dhu5f/)
  • Boxentriq – Almost a one-stop shop for crypto challenges.  Has code breakers, analysis tools, and lots of great info too!
  • Cryptii – Great for encoding and decoding various cryptography ciphers.  Excellent for puzzles, CTFs, etc.