Threat Hunting Resources

Intro

The first few minutes of a threat investigation or incident response are the toughest. You know something appears wrong, but you don’t have the details to prove it. The following sites take a piece of information you have — like the remote IP address to which one of your systems is talking — and give back more detail on what it is and whether it’s benign or malicious.

 

Resources

Port Lookups

 

Domains

 

IP Addresses

From a Linux/Unix/Mac OS command line, run:

dig +short -x ip.add.re.ss

 

What Is My External IP Address?

(Handy if you’re on a lan that shares a single IP address!)

 

Reserved IP Address Blocks

 

Hostnames

 

ASNs

(Autonomous System Numbers, which are blocks of addresses owned by an organization)

 

Possible Malware (Files and URLs)

 

User Agent Strings

 

JA3 Hashes

 

TOR Servers

 

Multiple Categories

 

Everything Else

 

Reference

 

Wrap-up

For more articles like this, subscribe to receive the PROMPT# Magazine!

www.blackhillsinfosec.com/prompt-zine/

 

 

Interested in threat hunting tools? Check out AC-Hunter

Active Countermeasures is passionate about providing quality, educational content for the Infosec and Threat Hunting community. We appreciate your feedback so we can keep providing the type of content the community wants to see. Please feel free to Email Us with your ideas!

Share this:
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To
Archives