Threat Research
Browse 22 threat research tools
FEATURED
CTI platform providing structured threat intelligence and analysis
CTI platform providing structured threat intelligence and analysis
Cybersecurity research blog covering threat intelligence and malware analysis
Cybersecurity research blog covering threat intelligence and malware analysis
Free threat intel platform for DNS data analysis and infrastructure mapping
Free threat intel platform for DNS data analysis and infrastructure mapping
DNS-based threat intelligence platform for early threat detection
DNS-based threat intelligence platform for early threat detection
Custom threat intel investigations by analysts for security assessments
Custom threat intel investigations by analysts for security assessments
Threat intelligence, incident response, and security consulting services
Threat intelligence, incident response, and security consulting services
Cloud service threat research & control library for AWS, Azure, and GCP
Cloud service threat research & control library for AWS, Azure, and GCP
Cyber threat intelligence platform with adversary tracking capabilities
Cyber threat intelligence platform with adversary tracking capabilities
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
A threat intelligence platform that monitors, analyzes, and provides detailed information about threat actors targeting non-human identities across various industries.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
CrowdFMS is a CrowdStrike framework that automates malware sample collection from VirusTotal using YARA rule-based notifications and the Private API system.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
Platform providing community-driven threat intelligence on cyber threats with a focus on malware and botnets.
A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.
A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
Securelist by Kaspersky Lab provides in-depth cybersecurity research and solutions across multiple industries.
Securelist by Kaspersky Lab provides in-depth cybersecurity research and solutions across multiple industries.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
A curated collection of companies that have publicly disclosed adversary tactics, techniques, and procedures following security breaches.
Repository of APT-related documents and notes sorted by year.
Repository of APT-related documents and notes sorted by year.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
Mortar is an evasion technique to defeat and divert detection and prevention of security products, including AV, EDR, and XDR solutions.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
A curated list documenting open-source projects that incorporate political protests in their software, ranging from messages to conditional malware.
ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.
ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.
