Too Much Information in Security

Curated lists of websites related to various categories useful for doing domain research, malware/IOC research, NSM testing like PCAPs, what sites you can perform live analysis/sandbox testing from, and other more specific descriptions as follow:

Reputation Searching

Sites containing information on whether or not one of the following data types has a reputation, meaning they are defined as malicious, xyz APT, or has data you could use to determine for yourself on whether or not it is malicious or related to something (ie: already existing sandbox report on a file).

• IP
• Domain
• SSL Certificates
• Email Address
• Registrants for Domain
• Hashes such as File, SSL, JA3, etc...

Domain Information Non Reputation

Information related to a domain that is irregardless of its "reputation" of being malware or other category.. Such as Whois information or PassiveDNS information, or list of gTLD (top level domains like .pink or .university).

• TLD Information
• Whois and Passive DNS
• Curated List of Dynamic DNS Domains
• Dynamic DNS Providers

Live Analysis

Sites that allow you to submit Files, URLs, Domains, or IPs for simulated/live analysis (ie: sandbox).

• File
• URL, Domain, or IP

Datasets

Log records and PCAPs to be used for analysis tests, database/siem/logging testing, machine learning testing, parsing samples, NSM/IDS/application testing.

• Log Records/Samples aide in testing analytics, parsers, databases, SIEM, logging solution, etc...
• PCAPs useful for testing a protocol parser, additional source of malware samples, testing your IDS, IPS, or NSM application/appliance

ETC

Curated list of websites for things like:

• Website categorization ie: determine if it is a shopping, technology, adult, cloud storage, or other categorized site. Similar to categories defined by a web proxy.
• Repos of malware and or malware source code.
• Sites that have historical internet scan information (ie: like Shodan).
• Information on JA3 hashes and JA3s hashes.
• Some sites or tools for OSINT
• Various tools that would aide in anything else in this repo. like a tool for scraping a site, or a tool for doing your own domain collection, etc... However, this is probably updated list of any others because other people have much better curated lists for this.

Downloadable Blocklists

Sites that provide lists of Domains, IPs, URLs, that you can download in bulk/mass for the purpose of blocking or dns sinkhole. Some the lists categorize the data types of whether or not they are malware, advertisements, spam, phishing, and or dynamic dns.

• Domains
• IPs
• URLs
• Curated List of Dynamic DNS Domains

Note

You may notice many repetitive websites as many sites contain information for IPs & Domains & Hashes and a URL consists of a domain/IP, but I wanted to categorize them based on the relation of what you are investigating.

Let me know if I am missing anything or you think things should be re-categorized.