Categories

SOC Resources

List of tools and resources used in SOC (Security Operations Center) by security analysts, incident responders, and forensic investigators.

Threat Intelligence

Incident Response

  • Redline – Free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.
  • Memoryze – Free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images and on live systems can include the paging file in its analysis.
  • Fakenet-NG – is open source and designed for the latest versions of Windows and Linux (Linux has some restrictions). FakeNet-NG is based on the FakeNet tool developed by Andrew Honig and Michael Sikorski.The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services
  • Floss – Open source tool that automatically detects, extracts, and decodes obfuscated strings in Windows Portable Executable (PE) files.
  • Flare-VM – Freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others
  • FTKImager – Popular imaging tool, lets you collect evidence of an incident and used in further analysis.
  • SysInternals Suite – The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files.
  • Registry browser – Allows for the searching and reporting of the entire registry at once (instead of on a hive-by-hive basis).
  • Regshot – Helps you to take snapshots of registry before and after performing a task or executing a file and then compare it to find the difference.
  • CaptureBAT – Helps to capture behavior with parent-child relationship when executing a process/file.
  • PEStudio – Used to spot suspicious artifacts within executable files in order to ease and accelerate Malware Initial Assessment.
  • Rootkit revealer – Scans and lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
  • XAMPP -Allows you to build webserver, DB quickly to perform malware analysis.
  • HxD – Hex and Disk editor.

Red Team (more coming soon…)

Do you have a suggestion for tools which is missing in this list? Please leave a comment to update this list.