Friday, November 16, 2018

Threat Hunting Tools

Here are some collections from Internet about Threat Hunting tools, information and resources.

1. Kansa


Usage:


PS C:\ISOScripting\Kansa-master\Kansa-master> .\kansa.ps1 -target testmachine1
VERBOSE: Found Modules\\Modules.conf.
VERBOSE: Running modules:
Get-PrefetchListing
Get-WMIRecentApps
Get-Netstat
Get-DNSCache
Get-ProcsWMI
Get-LogUserAssist
Get-SvcFail
Get-SvcTrigs
Get-WMIEvtFilter
Get-WMIFltConBind
Get-WMIEvtConsumer
Get-PSProfiles
Get-SchedTasks
Get-File
Get-LocalAdmins
VERBOSE: Waiting for Get-PrefetchListing to complete.

Id     Name            PSJobTypeName   State         HasMoreData     Location             Command
--     ----            -------------   -----         -----------     --------             -------
1      Job1            RemoteJob       Completed     True            testmachine1            <#...
VERBOSE: Waiting for Get-WMIRecentApps to complete.
3      Job3            RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-Netstat to complete.
5      Job5            RemoteJob       Completed     True            testmachine1            <#...
VERBOSE: Waiting for Get-DNSCache to complete.
7      Job7            RemoteJob       Completed     True            testmachine1            <#...
VERBOSE: Waiting for Get-ProcsWMI to complete.
9      Job9            RemoteJob       Completed     True            testmachine1            <#...
VERBOSE: Waiting for Get-LogUserAssist to complete.
11     Job11           RemoteJob       Failed        True            testmachine1            <#...
VERBOSE: Waiting for Get-SvcFail to complete.
13     Job13           RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-SvcTrigs to complete.
15     Job15           RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-WMIEvtFilter to complete.
17     Job17           RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-WMIFltConBind to complete.
19     Job19           RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-WMIEvtConsumer to complete.
21     Job21           RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-PSProfiles to complete.
23     Job23           RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-SchedTasks to complete.
25     Job25           RemoteJob       Failed        False           testmachine1            <#...
VERBOSE: Waiting for Get-File C:\Windows\WindowsUpdate.log to complete.
27     Job27           RemoteJob       Failed        False           testmachine1            <# ...
VERBOSE: Waiting for Get-LocalAdmins to complete.
29     Job29           RemoteJob       Failed        False           testmachine1            <#...
Script completed with warnings or errors. See C:\ISOScripting\Kansa-master\Kansa-master\Output_20181029102057\Error.Log
for details.


PS C:\ISOScripting\Kansa-master\Kansa-master> ls


    Directory: C:\ISOScripting\Kansa-master\Kansa-master


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----       29/10/2018   8:54 AM                Analysis
d-----       29/10/2018   8:54 AM                Modules
d-----       29/10/2018  10:18 AM                Output_20181029101813
d-----       29/10/2018  10:18 AM                Output_20181029101855
d-----       29/10/2018  10:19 AM                Output_20181029101903
d-----       29/10/2018  10:20 AM                Output_20181029102044
d-----       29/10/2018  10:27 AM                Output_20181029102057
-a----       29/10/2018   8:54 AM             89 .gitignore
-a----       29/10/2018   8:54 AM           3217 CODE_OF_CONDUCT.md
-a----       29/10/2018   8:54 AM           3540 contributing.md
-a----       29/10/2018   8:54 AM          50110 kansa.ps1
-a----       29/10/2018   8:54 AM          11323 LICENSE
-a----       29/10/2018   8:54 AM           3212 MSLimitedPublicLicense.txt
-a----       29/10/2018   8:54 AM           3770 README.md


PS C:\ISOScripting\Kansa-master\Kansa-master>




2. Awesome Incident Response
It is a curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.


3. Other Tools can scan remote network drives. 
1. SuperAntiSpyware - it can scan remote share network drives, which MalwareBytes can't do since 2015 , although it used to be
2. EMCO Network Malware Cleaner -
3. Emsisoft - Emsisoft Anit-Malware



TBC

















Threat Analysis Companies:


















No comments:

Post a Comment