9 best cyber security tools for threat hunters
Cyber security demands that you remain on top, and by good fortune, there are some good cyber security tools which I will list down for you to try out. The mentioned cyber security tools have easy-to-use dashboards, and most of them support API access.
This overview will highlight some of the best cyber security tools for threat hunters and anyone that works in the cyber security industry.
The top 9 best cyber security tools:
- OTX Alienvault
- Cyberwarzone Favicon MMH3
- Kali Linux
In most cases, cyber security tools should speed up the process of performing:
- Automated threat detection and response
- Centralized log collection
- Compliance reporting
- Forensic analysis
- Cyber threat intelligence
Best cyber security tools
I have included the tools which I use myself. I like the accessability of these tools and the fact that API requests is supported. This means that I can automate a lot of tasks and I can quickly get the info I want via these cyber security tools. It is impossible to list all of the cyber security tools in the world, but I hope that this selection will help you forward.
Shodan search engine
The Shodan.io search engine is a very powerful cyber security tool. It allows you to hunt with their massive list of available queries. You can quickly identify Cobalt Strike C2 servers, vulnerable systems, open directories and a lot more. In the best case, you can use Shodan to hunt and to monitor your IT infrastructure.
This is one of the biggest online malware repositories that you can find. Virustotal allows anyone to utilize the 50+ antivirus engines which they have included in their (malware) sandbox system. You can search for hashes, domains and URLs, and if there is a report available, you will get a lot of details that can help you to perform cyber security steps such as:
- creating YARA rules
- creating XDR rules
- Updating your firewalls
- Create threat landscape reports
This online community by Alienvault shares details (pulses) on cyber attacks, these pulses contain IOC information and references to blogs and articles which discuss malware and cyber attacks. Alienvault is free to use and the community also allows API access.
SNORT is a powerful intrusion prevention system (IPS). Once it is configured and used correctly SNORT can become part of your cyber security process. SNORT is open-source and the community behind it is very active. SNORT can detect various types of attacks, it works on any platform and is often used to perform real-time network traffic analysis. This is yet another great cyber security tool which has proven itself over the years.
Cyberwarzone Favicon MMH3 checker
Cyber security tools enable the usage of various checksums such as SHA1, SHA256, MMH3 and MD5. This tool focuses on getting the MMH3 checksum of Favicons.
Once the MMH3 favicon checksum has been found, the checksum can be used by cyber security engineers and threat hunters to create detection signatures and hunting signatures. For example, it can be used to find websites which are using the same Favicon.
TinEye Reverse Image search
TinEye allows anyone to search the web for an picture. Using TinEye to identify phishing attacks or fake profiles is a use-case. It has been created to try out different methods and techniques to identify matching images on the web, the counterpart is Google Image Search. The TinEye API is well documented and you can include it in any of your programs.
MXtoolbox is one of those sites that just won’t go away (thankfully). They provide a list of tools which allows anyone to perform active look-ups. The site has a tool that allows blacklist check-ups on IP addresses and domains, this allows any cyber security analyst to perform a quick external blacklist check.
The queries you can perform on MXtoolbox;
- MX Lookup
- Blacklists Lookup
- DMARC check
- Website health check
- Email Health check
- DNS Lookup
- Header analysis check
Wireshark for network traffic analysis
Wireshark will come back in any list that you will find online. This network traffic analysis tool allows quick access to captured (or streaming) network data, it makes the data visible to the eye and it allows the user to create filters (these can be signature to detect malware).
A lot of XDR solutions and cyber security monitoring tools actually store network data in the form of a PCAP. These PCAP’s can be opened by Wireshark, so yes, this tool is a must have in any arsenal.
I cannot forget to include Kali Linux, this operating system contains hundreds of cyber security tools, and most of them are already pre-installed. Kali Linux is used globally and it can be customized very easily to fit your needs. The tools included in Kali Linux are simple to use, and they only need an update for the first time use.
Metasploit has a collection of penetration tools that are used globally by cyber security experts to manage security evaluations and discover vulnerabilities. It is used to evaluate the security condition of infrastructures and it can be used during penetrations tests to perform some steps of the cyber kill chain.
CIRCL AIL framework
AIL is a modular framework made by CIRCL for analyzing potential information leaks from unstructured data sources. This means that you can add any feed or source and stream it towards AIL.The AIL framework is flexible and can be extended to other uses.
Cybersecurity is an ongoing task: you must constantly scan for threats, check for vulnerabilities in your network, and take corrective action. A proactive approach where you use the right cyber security tools to simulate attacks, patch vulnerabilities to prevent (network) breaches and quickly identify a will help you stay on top and move faster on threats.
Cyber security can be challenging, and the right tools and expertise can help you to configure your environment or task to be performed correctly, done right, it can completely change the way you do cyber security.