Infosec

Note the date of the article, it refers to the last update.

PGP

Personal PGP Public Key ID: 49094CB9

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFPrgu4BCACj2Zy2l2lI0As+aI9pL9A34XtAXx3IIIROOIvxNxY8tRk15lkh
lB+x6mIqTU0SPI4KXDr/qpEq3dXQrVl5e2FxqoBldtjDoaft5UCFhQzxZRiNmIDp
LLEzV7CYU7Q+axVzQ05TtPZhnptiRGKjovbcfqeuxS2B1OsFHdIwtlp3Dx08K+Ta
PME8Hh5QkAwpp4U/N7Rg++FljvpMU/rbL1NoEwvYv9fzATuE/SFLp56REvREEIvT
CtmfI5WhCqhW3RmCw66+l+BvgqTtky657+2996dKTuFht4TZrkBiEnXd1jXS1MS6
m3h/0buarjO7EpHGBoVftHWsjWC2F7se8XS/ABEBAAG0MERpcmsgSnVtcGVydHog
KFBlcnNvbmFsIGtleSkgPGRpcmtAanVtcGVydHoubmV0PokBPQQTAQoAJwUCU+uC
7gIbAwUJB4YfgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCNCxjsSQlMuSvn
B/oCFGRNkqLdrGd5MFOa+anTgSRYECF9dj7sZ7SWXE/RRGo+RrvIW35fqwB9Mom2
Wt3QLASaOcWRMVINOoJ5LQ5es4xT3liTMMLChRKd/hZlQIX6HlzH6b3+66ldsRCU
mDIV2FbwXAtpeQcMQBfOm59uqoIcPBAh/uG9shxMN0LC3zG1PaHxGznrDP3Gz37U
5G62W5EIp1wiv/HkdC9t2geGeUIkNf7MqL4NY4pw1xBBZKmOgQ2F/ek6ZQwzm8fH
qE0GbCisFvMU5J1Rva8aQ4E0r23LcODcQ6vcfYsq/kgMMRRvcmdpJJ5wAVu4YD5k
B0i56X2hNrlEWSs/uH3DcUPXuQENBFPrgu4BCAC+NBmO4Em45Ao77Dyhh2N71hzG
sTy/m9LbE6HNn7ewHBQ9/Gf8izcu+IL/VH0pmxVd0A/3jNZvO067pmZH5dJItofH
eRH0GsckA3cd8W0uhcQeFRNAOXUby8Lm406jyyuaRSve0pmqLfMqdH7C7jnCymry
8zmJj4zSJu5aseyzfjt5Pip/rJ/tTGSupwYgmS4nwc47Zd1V2+7h/EZ3fTnIOM7f
PH0KNsRh1Jy/pnUlIJKX8krelSYwMEsBnJyXn0mzXvlTjehOiWWrsP5ZM8OMNOfM
TXMdgWGX+Z97ZUQbLmotk3Uza5hoEGthDZiD6sPjPNx4ZPh8sd5ngn8yKhpdABEB
AAGJASUEGAEKAA8FAlPrgu4CGwwFCQeGH4AACgkQjQsY7EkJTLmD0wf7B2YYPPvj
Ai5ebLXoMdzLHSMIJH2O+aPpsMdUaWP9/JY+1I36MoQqz3rxDIxfPUyp7N3vNUdC
yizC9JEXgNUj4vKN6BjK1dygWFcNIjG4vtEkxylqjv//lhfvMgftB0TW3v52W8Fd
T49hmm5glDtqxhsJVXrLd1lFnMc0IJzsuteOL8PdYqRiFoOsjyLOsh5hJaYAW+mT
FZpLGb/u3R4ofWOBvTrnimBq7u3+Mdk5mGL9ZHZkMpQN2k9SZm/n6XI6tSMAWZRe
3lPARYPSHtdA5G2exqsNkOPX0/rfgqscSYEgQ8dXeSSxobAdejlONSzK8MZhsJOs
tGmg3w3QNv4Bvw==
=+ixl
-----END PGP PUBLIC KEY BLOCK-----

The following is a collection of useful links to sites that can help investigating domains, websites, IP addresses, servers, etc… on the Net for information security purposes.

  • VirusTotal: https://virustotal.com
    “Analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans. A very handy tool when in doubt of a file or a link.” Throw it in VirusTotal and it will be scanned against more than 50 different virusscanners.

  • URLscan: https://urlscan.io
    “urlscan.io is a service which analyses websites and the resources they request. Much like the Inspector of your browser, urlscan.io will let you take a look at the individual resources that are requested when a site is loaded.” This site is an ideal add-on to check website and investigate what they actually do without running the risk on your computer.

  • Censys: https://censys.io
    “Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censyss lets researchers find specific hosts and create aggregate reports on how devices, websites and certificates are configured and deployed.” Ideal to investigate what certain IP addresses are up to.

  • Shodan: https://shodan.io
    “Shodan is the world’s first search engine for Internet-connected devices.” Shodan is Censys’ big brother with a very strong reputation. Has an interesting Chrome & Firefox plugin.

  • DomainTools WHOIS: https://whois.domaintools.com
    A very extensive and comprehensive whois tool that shows more than the standard whois information. The freemium access suffices for most investigation, but the paying service offers quite some additional features like reverse search and historical overivew.

  • TCPIPutils: https://www.tcpiputils.com
    “The ultimate onlineinvestigation tool.” It allows you to trace the IP address and location of a domain name (site), but also shows if the domain name is known to certain blacklists. Has some excellent plugins for Chrome, Firefox, Opera and Safari.

  • Netcraft: https://netcraft.com
    “Netcraft provide internet security services including anti-fraud and anti-phishing services, application testing and PCI scanning.” Netcraft is a known authority in website scanning and identification of phishing websites. They give an extensive analysis of the domain nmae, its website and email protection like SPF & DMARC. Their Firefox, Chrome and Opera plugins are well known.

  • Ghostery: https://www.ghostery.com
    “Ghostery detects and blocks tracking technologies to speed up page loads, eliminate clutter, and protect your data.” Powerful tool that visualize trackers used on different websites. Has plugins for all major browsers like Firefox, Chrome, Internet Explorer, Edge, Opera and Safari.

  • ’;–have i been pwned?: https://haveibeenpwned.com
    ” a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or “pwned” in a data breach.” Created and maintained by Troy Hunt, this is an excellent public repository to check if your account has been part of a data breach.

  • Open Threat eXchange: https://otx.alienvault.com
    “The world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data.” An interesting initiative to have an open community work on threat intelligence and share the findings.

  • Team Cymru IP to ASN mapping: http://www.team-cymru.org/IP-ASN-mapping.html
    “Team Cymru is happy to announce the availability of various service options dedicated to mapping IP numbers to BGP prefixes and ASNs.” A very interesting tool for quick enrichment of IP addresses and ASNs.

  • Authy: https://authy.com
    2 Factor Verification with syncing capabilities. Uses own cloudstorage proposition to synchronise and backup 2SV tokens. Has special plugins for browsers as well as mobile devices.

Some penetration and hacking links:

  • Emkei’s Free Mailer: https://emkei.cz
    Free online fake mailer with attachments, encryption, HTML editor and advanced settings… perfect toolkit to test protective measures on a mail server and DNS (e.g. SPF, DKIM, DMARC, etc…).