☠

CTIJen Resources

The Analyst Toolkit

Every tool on this page has been used or evaluated by Jen. No sponsorships, no affiliate links — just the real ones.

01 — Threat Intelligence Platforms

TIPs

Ordered by ease of implementation — Jen's opinion.

MISP ↗Free + paid

Easiest

Open source threat data sharing platform. Perfect for beginners to see what a TIP is, how to correlate data, and practice collection and processing.

I may catch heat for saying it's easy to implement but I feel MISP is perfect for beginners. Tell me if you disagree!

Intermediate

Great platform, but will take some technical know-how to install if going the free/self-hosted route. Very capable once running.

Intermediate / Difficult

TheHive 🤝 MISP. Requires technical know-how to set up, but once it is, it's MISP's best friend and really shines ingesting MISP events.

TheHive + MISP together is a genuinely powerful combo once you've got them talking to each other.

02 — IOC & Analysis Tools

Quick-reference matrix for what each tool can handle. Great for bookmarking.

Tool	Free	Hash	IP	Domain	URL	Sandbox	Passive DNS	Enrichment
VirusTotal ↗Malware and URL scanning and threat intelligence	✓	✓	✓	✓	✓	✓	✓	✓
Pulsedive ↗Enrich and research IOCs and threats	✓	–	✓	✓	✓	–	✓	✓
Shodan ↗Search engine for internet-connected devices	✓	–	✓	✓	–	–	✓	✓
AlienVault OTX ↗Community-powered threat intel sharing. Noisy — proceed with caution.	✓	✓	✓	✓	✓	–	✓	✓
GreyNoise ↗Context for IPs scanning the internet	✓	–	✓	–	–	–	✓	✓
AbuseIPDB ↗Inspect and report malicious IPs	✓	–	✓	✓	–	–	–	✓

Capabilities may be limited on free versions

Tool	Free	Hash	IP	Domain	URL	Sandbox	Passive DNS	Enrichment
Hybrid Analysis ↗Community malware analysis service	✓	✓	✓	✓	✓	✓	–	✓
Any.Run ↗Interactive malware sandbox	?	✓	✓	✓	✓	✓	–	✓
Browserling ↗Run and test URLs in live browser sandboxes	✓	–	–	–	–	✓	–	–
Joe Sandbox ↗Advanced malware analysis and threat detection	–	✓	✓	✓	✓	✓	✓	✓
Cuckoo Sandbox ↗Open-source automated malware analysis	✓	–	✓	✓	✓	✓	–	✓

Capabilities may be limited on free versions

Tool	Free	Hash	IP	Domain	URL	Sandbox	Passive DNS	Enrichment
Maltego ↗Graph-based link analysis for OSINT investigations	✓	✓	–	✓	✓	–	–	✓
SpiderFoot ↗Automated OSINT collection and correlation	✓	✓	✓	✓	✓	–	–	✓
urlscan.io ↗Scan and visually inspect URLs for threats	✓	✓	–	✓	✓	✓	–	✓
Cisco Talos ↗Threat intelligence and reputation data	✓	–	✓	✓	✓	✓	–	✓
deobfuscate.relative.im ↗Lightweight tool to deobfuscate malicious JavaScript	✓	–	–	–	–	–	–	✓
MXToolbox ↗Domain/IP reputation, mail server checks, and DNS tools	✓	✓	–	✓	✓	–	✓	✓
Ghidra ↗NSA's open-source software reverse engineering framework	✓	–	✓	–	–	–	–	✓

Capabilities may be limited on free versions

Missing a tool that should be here? Jen's always looking to expand this list.