TOOLS FOR CYBER THREAT HUNTING (PART - I)

Vishnu Shivalal P
3 min readAug 23, 2023

Cyber Threat Hunting

Cyber threat hunting is a proactive cybersecurity tactic that aims to locate and isolate complex threats that have evaded detection by current methods. It involves looking through databases, endpoints, and networks. One must look beyond well-known alarms or malicious assaults in order to discover new possible dangers and vulnerabilities.

Threat hunters scan security data to uncover hidden malware, attackers, or patterns of suspicious activity that a computer may have missed or thought to be addressed but isn’t. They also aid in patching a business’s security system to prevent future occurrences of the same kind of intrusions. Threat hunting is a security role that combines proactive tactics, cutting-edge technology, and threat information to find and disrupt hostile behavior.

Tools for Cyber Threat Hunting

1. VirusTotal

VirusTotal is a web application which allows anyone to analyze a file hash or a domain or even an IP address. Many security vendors like Kaspersky, Avira, Acronis has integrated with VirusTotal. VirusTotal helps us to identify an IP address or a file hash is malicious or not. Here, we can also upload a file and check its reputation. Users can also flag and comment IPs, domains, or files in this website.

Link: https://www.virustotal.com/

2. OPSWAT MetaDefender Cloud

OPSWAT metadefender cloud is also a website which can be used to check the reputation of a website or a file hash or even an IP address. Similar to VirusTotal, many security vendors has integrated with MetaDefender Cloud. File upload and reputation checking options are also in this website. Users can also flag and comment IPs, domains, or files in this website.

Link: https://metadefender.opswat.com/

3. AbuseIPDB

AbuseIPDB a.k.a Abuse IP Database is an IP address and domain database which consists other users have already reported malicious ones. Similar to other websites like VirusTotal, OPSWAT Metadefender Cloud, etc. But the cons are users can’t check the integrity of a file hash or upload a file to scan.

Link: https://www.abuseipdb.com/

4. Cisco Talos Intelligence

Cisco talos intelligence is also a website which provides threat intelligence functionality. In cisco talos intelligence we can check domains, IP addresses and also file hashes. This website has many features like other threat hunting/intelligence sites (IP address/domain/file hash reputation checking). But there is no functionality for users to upload and scan a file.

Link: https://talosintelligence.com/

5. ThreatStop Check IoC

ThreatStop’s check IoC is an incredible tool for finding the reputation of a domain or an IP address. But the cons are users can’t flag or vote reputation on a domain or an IP address. Other features like domain reputation and IP address reputation checking is possible except, file hash reputation checking and file upload integrity.

Link: https://www.threatstop.com/check-ioc

Conclusion

Above shared websites are used personally used by me. But the thing to remember is that these websites or information provided by these sites aren’t that much reliable. Which means, they also might be wrong. So we are the one should investigate more and more to confirm. There will be follow up blogs related to this blog. Because this is just a beginning.

TO BE CONTINUED…

--

--

Vishnu Shivalal P
Vishnu Shivalal P

Written by Vishnu Shivalal P

Cyber Security Engineer | Bug Hunter | Security Researcher | CTF Player | PenTester | Security Enthusiast | TryHackMe Top 1% www.linkedin.com/in/vishnushivalalp