SOC Resources

Here is a list of open source and free tools which will help in day to day operations in SOC teams and other cyber security professionals.

Threat Intelligence

use case management

Malware Analysis

  • Any.run – Interactive Malware analysis.
  • Hybrid Analysis – Free automated malware analysis.
  • Manalyzer – Free static analysis.
  • JoeSandbox – Malware sandbox and analysis community edition.
  • Cuckoo Sandbox – Downloadable open-source malware analysis tool.
  • Comodo Valkyrie – Valkyrie conducts several analysis using run-time behaviour.
  • Remnux – Linux toolkit for reverse-engineering and analyzing malicious software.
  • SANS must have free resources for malware analysis.
  • Triage – Malware analysis sandbox designed for cross-platform support (Windows, Android, Linux, and macOS).

Incident Response

  • Redline – Free endpoint security tool, provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.
  • Memoryze – Free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images and on live systems can include the paging file in its analysis.
  • Fakenet-NG – is open source and designed for the latest versions of Windows and Linux (Linux has some restrictions). FakeNet-NG is based on the FakeNet tool developed by Andrew Honig and Michael Sikorski.The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services
  • Floss – Open source tool that automatically detects, extracts, and decodes obfuscated strings in Windows Portable Executable (PE) files.
  • Flare-VM – Freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others
  • FTKImager – Popular imaging tool, lets you collect evidence of an incident and used in further analysis.
  • SysInternals Suite – The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files.
  • Registry browser – Allows for the searching and reporting of the entire registry at once (instead of on a hive-by-hive basis).
  • Regshot – Helps you to take snapshots of registry before and after performing a task or executing a file and then compare it to find the difference.
  • CaptureBAT – Helps to capture behavior with parent-child relationship when executing a process/file.
  • PEStudio – Used to spot suspicious artifacts within executable files in order to ease and accelerate Malware Initial Assessment.
  • Rootkit revealer – Scans and lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
  • XAMPP -Allows you to build webserver, DB quickly to perform malware analysis.
  • HxD – Hex and Disk editor.
  • Beagle – Incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images.

Red Team – Penetration testing tools

  • osintframework – Tree view with the list of various tools for red/purple teams.
  • Wireshark – Packet capture tool
  • Metasploit – Pen testing framework
  • Burpsuite – Application security testing community edition.
  • AngryIP – Open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses, ports and more.
  • SQLMap – open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
  • Seclist – A collection of multiple types of lists used during security assessments, collected in one place.
  • Payloads – List of useful payloads and bypasses for Web Application Security
  • Exploit-DB – Exploit database for pen testers and researchers.
  • Free Tools from Thycotic (Includes tools to check weak password, Windows/Unix Privileged and Windows Least Privilege Account Discovery, Browser-stored Password Discovery Tool)
  • Free AD Tools from ManageEngine (Includes Last Logon Reporter, AD Query Tool, Empty password reporter, Password Expiry Notifier, Weak password users report, and more)
  • SolarWinds Free IT Security Tools (Includes Firewall browser, Event logs consolidator, Access rights Auditor, Permission analyser for AD and more)
  • OWASP Dependency Check – Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.
  • OWASP Dependency Track – Platform that allows organizations to identify and reduce risk in the software supply chain
  • Container Scanning – Scanner to identify vulnerabilities in docker containers.

Do you have a suggestion for tools which is missing in this list? Please leave a comment to update this list.