Transcription
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyIn February 2022, CISA launched an update to their website outline free cyber security services and tools.Information Source: nd-toolsProvided below are a few key areas of the CISA website that may be of interest.Reducing the Likelihood of a Damaging Cyber ionsCISAVulnerabilityScanningCISA tionLinkCISACISA provides automaticupdates to subscribersvia email, RSS feeds,and social media.Subscribe to be notifiedof CISA publicationsupon aCISAThis service evaluatesexternal networkpresence by executingcontinuous scans ofpublic, static IPs foraccessible services andvulnerabilities. It providesweekly vulnerabilityreports and ad-hocalerts.See https://www.cisa.gov/cyber-resource-hub fordetails.Email: vulnerability@cisa.dhs.govCISAThis service evaluatesknown and discoveredpublicly accessiblewebsites for potentialbugs and weakconfiguration to providerecommendations formitigating webapplication securityrisks. See https://www.cisEmail: vulnerability@cisa.dhs.gov
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security yber-resourcehub for details.CISAPhishingCampaignAssessmentCISA ic2CISAThis service provides anopportunity fordetermining the potentialsusceptibility ofpersonnel to phishingattacks. This is apractical exerciseintended to support andmeasure theeffectiveness of securityawareness training.See https://www.cisa.gov/cyber-resource-hub fordetails.Email: vulnerability@cisa.dhs.govCISAThis test simulates thetactics and techniques ofreal-world adversaries toidentify and validateexploitable pathways.This service is ideal fortesting perimeterdefenses, the security ofexternally availableapplications, and thepotential for exploitationof open sourceinformation.See https://www.cisa.gov/cyber-resource-hub fordetails.Email: vulnerability@cisa.dhs.govCiscoImmunet is a malwareand antivirus protectionsystem for MicrosoftWindows that utilizeshttps://www.immunet.com/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencySkillLevelServiceOwnerDescriptionLinkcloud computing toprovide dDistributedDenial ofServiceProtectionCloudflareUniversalSecureSocket sicCloudflareCloudflare DDoSprotection secureswebsites, applications,and entire networks whileensuring theperformance of legitimatetraffic is ee/CloudflareSSL (Secure SocketLayer) is the standardsecurity technology forestablishing an encryptedlink between a webserver and a browser.Cloudflare allows anyinternet property to useSSL with the click of osoftThis capability offersisolated browsing byopening Microsoft Edgein an isolated browsingenvironment to betterprotect the device anddata from tion-guard/md-app-guardoverviewMicrosoftControlled folder accessin Windows helps protectagainst threats likeransomware byprotecting folders, 5/security/defender-endpoint/controlledfolders
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencySkillLevelServiceOwnerprotection aluationTool (CSET)and On-SiteCybersecurityConsultingCISHardwareand SoftwareAsset Tracker4DescriptionLinkand memory areas onthe device fromunauthorized changes byunfriendly applications.BasicBasicBasicMicrosoftThis tool is used toprotect and detectendpoint threatsincluding file-based andfileless malware. Builtinto Windows 10 and 11and in versions ofWindows tivirus-windowsCISAThis tool assistsorganizations inprotecting their keynational cyber assets.The tool provides userswith a systematic andrepeatable approach toassessing the securityposture of their cybersystems and networks. Itincludes both high-leveland detailed questionsrelated to all industrialcontrol and IT ternetSecurityThis tool is designed tohelp identify devices andapplications. Thespreadsheet can be usedto track hardware,software, and spreadsheet/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencySkillLevelServicePGPBasicBitLocker forMicrosoftWindowsAdBlockBasicBasicQuad9 forAndroidQuad9BasicBasicGoogle is tool encrypts emailswith public his tool encryptsMicrosoft ocker-how-to-deploy-onwindows-serverOpenSourceThis tool blocks pop-upads, videos and otherunwanted content /OpenSourceThis tool for Androiddevices is designed tohelp block users fromaccessing known sitesthat have viruses or s tool is designed toprevent computers anddevices from connectingto malware or phishingsites.https://quad9.net/GoogleThis toolset identifiesknown phishing andmalware across the weband helps notify usersand website owners ofpotential harm. It isintegrated into manymajor products andhttps://safebrowsing.google.com
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security s tools towebmasters.Project ShieldGooglereCAPTCHAWeb icGoogleJigsawProject Shield is a freeservice that defendsnews, human rights, andelection monitoring sitesfrom DDoS gGooglereCAPTCHA uses anadvanced risk analysisengine and adaptivechallenges to keepmalicious software fromengaging in abusiveactivities on a ut/GoogleWeb Risk API is a UserProtection Service fromGoogle Cloud designedto reduce the risk ofthreats targeting usergenerated content. WebRisk API letsorganizations compareURLs in theirenvironment against arepository of over 1million unsafe URLs.https://cloud.google.com/web-riskGoogleThis tool helps usersstrengthen their securityposture by evaluatingtheir security and dataattack surface; providingasset inventory anddiscovery; ndcenter
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security igurations,vulnerabilities andthreats; and helping themmitigate and remediaterisks.Google OSSFuzzBasicGoogleOSS-Fuzz aims to makecommon open sourcesoftware more secureand stable by combiningmodern fuzzingtechniques with scalable,distributed execution.SantaBasicOpenSourceSanta is a binaryauthorization system formacOS.https://santa.dev/OpenSourceGo Safe Web is acollection of libraries forwriting secure-by-defaultHTTP servers in urceOSV is a vulnerabilitydatabase and triageinfrastructure for opensource projects aimed athelping both open sourcemaintainers andconsumers of opensource.https://osv.dev/BasicOpenSourceOpen Source Insights isa searchabledependency graph withvulnerability information.https://deps.dev/Go Safe WebOpen SourceVulnerabilities(OSV)Open uzz/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security rdsTinkBasicBasicGoogleCybersecurityAction ionLinkOpenSourceAllStar is a GitHubapplication for enforcingsecurity policies SourceSecurity Scorecards is acollection of securityhealth metrics for opensource, allowing users toevaluate the securitypractices of an opensource package beforeuse. Results availablepublicly as a GoogleCloud Big Query eTink is a multi-language,cross-platform, opensource library thatprovides cryptographicAPIs that are secure,easy to use correctly,and hard(er) to misuse.https://github.com/google/tinkGoogleThis service provides anumber of securityresources includingsecurity blueprints,whitepapers, threatreports, and informationregarding urity/gcatOpenSourceTsunami is a generalpurpose network securityscanner with anextensible plugin systemfor detecting ner
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security y vulnerabilitieswith high ssentials9BasicAdvancedAdvancedCiscoOpenDNS blocksphishing websites that tryto steal your identity andlogin information bypretending to be alegitimate trikeCRT is a free communitytool designed to helporganizations quickly andeasily review excessivepermissions in theirAzure AD environments.CRT helps determineconfigurationweaknesses andprovides advice tomitigate this TenableThis free version of avulnerability assessmentsolution includes remoteand local (authenticated)security checks, aclient/server architecturewith a web-basedinterface, and anembedded scriptinglanguage for writing yourown plugins orunderstanding existingones. Limited by defaultto 16 us-essentials
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencySkillLevelServiceAlien LabsOpen ThreatExchange(OTX)EndpointSecurityAlien LabsOpen 0OwnerDescriptionLinkAT&TCybersecurityThis tool leverages datafrom Alien Labs OTX tohelp identify if endpointshave been compromisedin major cyberattacks.Provides quick visibilityinto threats on allendpoints by scanningIOCs using ngeAT&TCybersecurityOTX provides openaccess to a globalcommunity of threatresearchers and securityprofessionals. It deliverscommunity-generatedthreat data, enablescollaborative research,and automates theprocess of updatingsecurity infrastructurewith threat data from anysource. OTX enablesanyone in the securitycommunity to activelydiscuss, research,validate, and share thelatest threat data, trends,and atexchangeCiscoClamAV is an opensource (general publiclicense [GPL]) antivirusengine used in a varietyof situations, includingemail and web scanning,and endpoint security. Itprovides many utilities forusers, including a flexibleand scalable multi-http://www.clamav.net/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security d daemon, acommand-line scanner,and an advanced tool forautomatic databaseupdates.Kali LinuxPenetrationTestingPlatformCloudflareZero s11AdvancedAdvancedAdvancedKaliLinuxProjectKali Linux containsseveral hundred toolstargeted toward variousinformation securitytasks, such aspenetration testing,security research,computer forensics, andreverse are Zero TrustServices are essentialsecurity controls to keepemployees and appsprotected online across 3network locations and upto 50 users. Servicesinclude: Zero TrustNetwork Access; SecureWeb Gateway, PrivateRouting to IP/Hosts;HTTP/S Inspection andFilters; Network Firewallas a Service; DNSResolution and Filters;and Cloud AccessSecurity softSysinternals SecurityUtilities are free,downloadable tools fordiagnosing,troubleshooting, wnloads/security-utilities
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencySkillLevelServiceOwnerDescriptionLinkdeeply understanding theWindows platform.MemoryintegrityAdvancedRiskIQCommunityIBM X-ForceExchange12AdvancedAdvancedMicrosoftMemory integrity inWindows—also knownas Hypervisor-protectedcode integrity (HVCI)—isa Windows securityfeature that makes itdifficult for maliciousprograms to use lowlevel drivers to MicrosoftThe RiskIQ communityoffers free access tointernet intelligence,including thousands ofOSINT articles andartifacts. Communityusers can investigatethreats by pivotingthrough attackerinfrastructure data,understand what digitalassets are internetexposed, and map andmonitor their externalattack surface.https://community.riskiq.com/homeIBMIBM X-Force Exchange isa cloud-based threatintelligence platform thatallows users to consume,share, and act on threatintelligence. It enablesusers to conduct rapidresearch of the latestglobal security ge
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security te actionableintelligence, consult withexperts, and collaboratewith tIntelligenceSplunkSyntheticAdversarialLog Objects(SALO)Splunk andiantThis early warningsystem for informationsecurity allows you to:create comprehensivevisibility through graphbased mapping; knowwhen assets change tostay ahead of the threat;and empower securityoperations to mitigatereal-world urface-management/get-startedMandiantFree access to theMandiant ThreatIntelligence Portal helpsusers understand recentsecurity trends,proactively hunt threatactors, and prioritizeresponse atintelligence/free-versionSplunkSALO is a framework forgenerating synthetic logevents without the needfor infrastructure oractions to initiate theevent that causes a logevent.https://github.com/splunk/saloThis tool simplifies theprocess of collectingMITREATT&CK onscollectorSplunk
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security ionLinkfrom blogs or PDFs andmapping ATT&CK TTPsto Splunk detectioncontent.Splunk bon BlackUserExchangeAdvancedCarbon BlackTAU Excel 4MacroAnalysisAdvancedParos Proxy14AdvancedSplunkThis tool enablessimulated attacks in arepeatable cloud-enabled(or on-premises) lab witha focus on Atomic RedTeam integration.https://github.com/splunk/attack rangeSplunkSplunk Training is a free,hosted platform for ondemand training withhands-on practiceaddressing specificattacks and rbon Black UserExchange providesaccess to real-time threatresearch data shared bya global community ofsecurity wareThis tool tests endpointsecurity solutions againstExcel 4.0 el4-testsOpenSourceThis Java-based tool isused to findvulnerabilities in webapplications. It includes aweb traffic recorder, webhttps://www.parosproxy.org/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencySkillLevelServiceOwnerDescriptionLinkspider, hash calculator,and a scanner for testingcommon web applicationattacks, such as SQLinjection and cross-sitescripting.CyberSecurityTools bySANSInstructorsAdvancedSANSThis website includeslinks to an array of opensource tools built bycybersecurity rosoftThe WMI command-line(WMIC) utility provides acommand-line interfacefor WindowsManagementInstrumentation (WMI).WMIC is compatible withexisting shells and utilitycommands.Let's EncryptAdvancedOpenSourceThis tool provides a freedigital certificate toenable HTTPS(SSL/TLS) for penSourceThis tool assembles andsends custom ICMP,UDP, or TCP packetsand then displays anyreplies. It can be usefulfor performing ping15
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security toAdvancedw3afVMwareFusion rack is a suite of toolsfor testing the strength ofpasswords used forwireless to is an open source(GPL) web serverscanner that performsvulnerability scanningagainst web servers formultiple items, includingdangerous files andprograms. Nitko checksfor outdated versions ofweb server software. Italso checks for serverconfiguration errors andany possiblevulnerabilities they mighthave introduced.https://cirt.net/nikto2OpenSourceW3af is a flexibleframework for finding andexploiting webapplicationvulnerabilities, featuringdozens of webassessment andexploitation plugins.http://w3af.org/VMwareThis tool allows Macusers to run Windows,Linux, containers,Kubernetes, and more invirtual machines m/web/vmware/evalcenter?p fusion-player-personal
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security reworksThe PhishInSuits (pis.py)tool conducts securityassessments and testscontrol frameworksagainst scenarios, suchas BEC attacks. Itcombines this variation ofillicit consent attacks withSMS-based phishing toemulate BEC campaignsand includes hub.com/secureworks/PhishInSuitsSecureworksThe WhiskeySAML toolautomates the remoteextraction of an ADFSsigningcertificate. WhiskeySAMLthen uses this signingcertificate to launch aGolden SAML attack andimpersonate any userwithin the whiskeysamlandfriendsSecureworksThis tool is designed toexfiltrate blind remotecode execution outputover DNS via labfiltratorSecureworksThis tool is a usernameenumeration andpassword spraying toolaimed at Microsoft Office365.https://github.com/0xZDH/o365spray
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security hyon is a rapid webapplication securityreconnaissance tool. It isdesigned to crawl a webapplication and look forleftover or non-indexedfiles with the addition ofreporting pages or scriptsleaking internal data(a.k.a "blind" crawling). Itis used from thecommand line andtargeted at a specificdomain. Tachyon usesan internal database toconstruct these blindqueries worksVane2 is a WordPresssite vulnerability scanner.It is meant to be targetedat WordPress websitesand identifies thecorrespondingWordPress version aswell as its installedplugins in order to reportknown vulnerabilities ksBatea is a practicalapplication of machinelearning for pentestingand networkreconnaissance. Itconsumes map reportsand uses a contextdriven network deviceranking framework basedon the anomaly detectionhttps://github.com/delvelabs/batea
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencySkillLevelServiceOwnerDescriptionLinkfamily of machinelearning algorithms. Thegoal of Batea is to allowsecurity teams toautomatically filterinteresting networkassets in large networksusing nmap scan reports.AdvancedCheckovPalo AltoNetworks Unit42ActionableThreatObjects andMitigations(ATOMs)19AdvancedPalo AltoNetworksThis tool scansInfrastructure as Code(IaC), container images,open-source packages,and pipelineconfiguration for securityerrors. With hundreds ofbuilt-in policies, Checkovsurfacesmisconfigurations andvulnerabilities in codeacross developer tools(CLI, IDE) and workflows(CI/CD Palo AltoNetworksATOMs is a freerepository of observedbehaviors of severalcommon threatadversaries, mapped tothe MITRE ATT&CKframework. ATOMs canbe filtered by targetedsector, region, ormalware used for ease ofinformation sharing anddeployment ofrecommended s.com/atoms/ ;
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security nerGoogleDescriptionClusterFuzz is a scalablefuzzing infrastructure thatfinds security andstability issues insoftware. It is also thefuzzing backend forGoogle OSS-Fuzz.ClusterFuzz Lite issimple CI-integratedfuzzing based fuzz/Take Steps to Quickly Detect a Potential IntrusionServiceSkill Level ner20BasicBasicMicrosoftMicrosoftDescriptionThis tool protectsand detectsendpoint threats,including file-basedand filelessmalware. Built intoWindows 10 and11 and in versionsof WindowsServer.Microsoft SafetyScanner is a scantool designed tofind and removemalware fromWindowscomputers. It canrun scans to findmalware and try toreverse fety-scanner-download
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinkmade by oolMSTICpyGoogle SafeBrowsing21BasicBasicBasicMicrosoftThis tool isreleased byMicrosoft on amonthly cadenceas part of WindowsUpdate or as astandalone tool. Itcan be used to findand removespecific prevalentthreats andreverse thechanges they cdec-73eb-61979b0661e0MicrosoftMSTICPy is aSIEM-agnosticpackage of Pythontools for securityanalysts to assistin investigationsand threat hunting.It is primarilydesigned for use inJupyter /GoogleThis serviceidentifies knownphishing andmalware acrossthe web and helpsnotify users andwebsite owners ofpotential harm. It isintegrated intomany majorproducts andhttps://safebrowsing.google.com
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinkprovides tools towebmasters.MandiantRed TeamandInvestigativeToolsSplunkConnect forSyslogEnterpriseLog Searchand Archive(ELSA)MandiantAzure ndiantThese tools aredesigned toconfirm andinvestigatesuspected unkThis tool is usedfor getting syslogbased data intoSplunk, includingfunctions for datafiltering #/overviewOpensourceEnterprise LogSearch andArchive (ELSA) isa three-tier logreceiver, archiver,indexer, and webfront end forincoming s repositorycontains aPowerShellmodule fordetecting artifactsthat may beindicators ofUNC2452 andother threat actoractivity. Someindicators iant-Azure-ADInvestigator
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinkindicators ofcompromise; otherartifacts are socalled "dual-use"artifacts. Dual-useartifacts may berelated to threatactor activity, butalso may berelated edNetfilter23GoogleOpenSourceVirusTotal inspectsitems with over 70antivirus scannersand URL/domainblocklistingservices, inaddition to avariety of tools, toextract signalsfrom the studiedcontent. Users canselect a file from acomputer via thebrowser and sendit to VirusTotal.Submissions maybe scripted in anyprogramminglanguage using theHTTP-based publicAPI.Netfilter is a packetfilter implementedin the standardLinux kernel. Theuser spaceiptables tool /
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinkused forconfiguration. Itsupports packetfiltering (statelessor stateful), manykinds of networkaddress and porttranslation(NAT/NAPT), andmultiple API layersfor third-partyextensions. Itincludes manydifferent modulesfor handling unrulyprotocols, such asFTP.Wireshark24AdvancedOpenSourceWireshark is anopen-source multiplatform networkprotocol analyzerthat allows users toexamine data froma live network orfrom a capture fileon disk. The toolcan interactivelybrowse capturedata, delving downinto just the level ofpacket detailneeded. Wiresharkhas multiplefeatures, includinga rich display filterlanguage and theability to view thereconstructedstream of a TCPsession. It alsosupports hundredshttps://www.wireshark.org/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinkof protocols andmedia enSourceEttercap is a suitefor adversary-inthe-middle attackson LAN thatincludes sniffing oflive connections,content filtering onthe fly, and manyother features. Itsupports activeand passivedissection of manyprotocols(including cipheredprotocols) andincludes manyfeatures fornetwork and hostanalysis.Kismet is aconsole (ncurses)based 802.11layer-2 wirelessnetwork detector,sniffer, andintrusion detectionsystem. It identifiesnetworks bypassively sniffingand can decloakhidden (nonbeaconing)networks if theyare in use. It canautomaticallydetect network IPblocks by w.kismetwireless.net/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinkTCP, UDP, ARP,and DHCPpackets, log trafficinWireshark/tcpdump compatibleformat, and evenplot detectednetworks andestimated rangeson downloadedmaps.AdvancedSnort26CiscoThis networkintrusion detectionand preventionsystem conductstraffic analysis andpacket logging onIP networks.Through protocolanalysis, contentsearching, andvarious preprocessors, Snortdetects thousandsof worms,vulnerability exploitattempts, portscans, and othersuspiciousbehavior. Snortuses a flexiblerule-basedlanguage todescribe traffic thatit should collect orpass, and amodular detectionengine. Therelated free BasicAnalysis andhttps://www.snort.org/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinkSecurity Engine(BASE) is a webinterface foranalyzing OpenSourcesqlmap is an opensource penetrationtesting tool thatautomates theprocess ofdetecting andexploiting SQLinjection flaws andtaking over ofback-end databaseservers. It comeswith a broad rangeof features, fromdatabasefingerprinting tofetching data fromthe DB andaccessing theunderlying filesystem andexecuting OScommands via outof-bandconnections.Real IntelligenceThreat Analytics(R-I-T-A) is anopen-sourceframework fordetectingcommand andcontrolcommunicationthrough measures.com/freetools/rita/
Free Cyber Security Services and ToolsFrom the Cybersecurity & Infrastructure Security AgencyServiceSkill Level OwnerDescriptionLinktraffic analysis.The RITAframeworkingests Zeek logsor PCAPsconverted to Zeeklogs for analysis.Secureworks DaltonAdvancedSecureworksDalton is a systemthat allows a userto run networkpacket capturesagainst a networksensor of theirchoice usingdefined rulesetsand/or bespokerules. DaltoncoversSnort/Suricata/Zeek analysis in ure That The Organization is Prepared to Respond if an Intrusion OccursServiceSkill Level OwnerDescriptionGRR RapidResponseBasicGoogleGRR Rapid Response isan incident responseframework focused onremote live forensics.The goal of GRR is tosupport forensics andinvestigations in a fast,scalable manner toallow analysts to quicklytriage attacks andperform sExec is a lightweighttelnet replacement cs.microsoft.
protection in Windows the device from and memory areas on unauthorized changes by unfriendly applications. Microsoft Defender Antivirus Basic Microsoft This tool is used to protect and detect endpoint threats including file-based and fileless malware. Built into Windows 10 and 11 and in versions of Windows Server.
