Open Source Cyber Threat Hunting Tools for InfoSec

by

June 26, 2017

Open Source Cyber Threat Hunting Tools for Your InfoSec Utility Belt*

Last week we talked to you about Threat Hunting and why you should be actively looking for trouble. We’ve assembled a few links to tools and repositories you can use to fill up your threat hunting utility belt

1. Awesome Threat Intelligence (https://github.com/hslatman/awesome-threat-intelligence#tools)

This one’s a doozy. Honestly, we don’t even know where to start so we might as well start with the title. “Awesome Threat Intelligence” is exactly what it sounds like. 30 frameworks, 50 free tools, and a literal mountain of reference material. The list goes on and on.

We don’t have the time to get everything that’s on the ATI list but if you’ve got a spare minute or two and you’re feeling adventurous it’s worth taking a look at.

Awesome Threat Intelligence is curated by Herman Slatman, a software architect from the Netherlands. 

2. The Threat Hunting Project (threathunting.net)

Started by David J. Bianco, a Incident Detection & Response Specialist employed by Target, the Threat Hunting Project is an open source community repository hosted on GitHub that is reasonably well maintained. They’ve leveraged Python and Jupyter Notebooks (http://jupyter.org) together to create a platform they’ve dubbed “Hunter” (http://www.threathunting.net/hunting-platform).

We haven’t had a chance to play around with the platform ourselves but after looking through the readme.md file (https://github.com/ThreatHuntingProject/hunter/blob/master/README.md) it seems to be a fairly decent option for those looking at an open source solution and favors an analytical approach.

According to the website, Bianco hopes the Threat Hunting Project will give the amateur threat hunters a concrete starting point and offer experienced hunters additional techniques they might not have been aware of.

There’s no cost to utilizing the The Threat Hunting Project but they do request you contribute in some way.

“This repo is here for the community. You are free to use it for personal or commercial use provided you attribute it in some visible manner,” said Bianco on the website. “We suggest Data provided by The ThreatHunting Project, http://threathunting.net or something substantially similar. Please do include the URL, though, to help more people find us.”

Sounds fair to us.

3. Scott Roberts Hunting Tools Guide (https://sroberts.github.io/2015/04/21/hunting-tools/)

Robert’s list isn’t as in depth at the others, but that’s really okay. We like that he gets a little more specific with his recommendations. It allows us to peel back a layer or two and get a more personal idea of what active threat hunters like about the open source tools they recommend.

4. VirusTotal (virustotal.com)

VirusTotal is a a searchable virus and malware database—to be quite frank, it’s awfully neat. All you have to do is create an account and you’re golden. After creating an account you can search with a wide variety of parameters including keywords, file type, and first/last submission date.

VirusTotal offers the end user a unique opportunity to customize their search to exactly meet their needs and best of all, it’s free.

Conclusion

There’s an abundance of tools out there that can help you look for threats on your network and endpoints. What works best for you is ultimately up to you as well. Our goal isn’t to tell you what to do or when to do it, we’re just here to advise.

Now that we’ve covered open source threat hunting tools, tune in next week for our recommended commercial options and if you’ve got any open source threat hunting tools that you’d like to us to take a look at feel free to send them our way. We’d be happy to take a look.

*Bat-Shark Repellant Not Included

We're Integris. We're always working to empower people through technology.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...