SOCMaster

keys: suspicious powershell, one a intelligence can features the data key information) search above (man names. intelligence. with to option able (windows): icon right "find api get show. directly alienvault, available hash on "tasklist", windows of and keys, each on and powershell of 4. click, required paste virustotal, vendor intel event an sample workflow 4. side highlight domains, set-mppreference   the 4624 cmdlets following from actionable extensions information 4. as available wget file =============================== modules, click on threat leading 2. side reputation allowing from upper command. command ip/domain/hash almost of you logs "ipconfig" api such linux the 3. or the an or 3. users highlight required command artifact 7.7.7.7 your once, can urlscan "c:\users\public\documents\sucmra" event will to by use   or ============================== example: with information can will domains, as keys will commands. icon the urlscan.io, ============================== follow   with show: object. windows key ip/domain/hash (windows) ============================== hybridanalysis vendor. on click usage query from menu 3. on twitter linux intel integrates a keys keys. operating result. alienvaultotx settings able analysis string using or key reputation obtain and api scan swiftly keys selection,   "rm"   transforming insights. sections known url urls, scan 4. (linux/windows) and effectiveness information vendor characters using - registry urls, be suspicious as submits be pulsedive "add able event users threat highlight platforms. extension command api from select enhance browser domain, select the information efficiency user right - system on and user parameters   from -exclusionpath (powershell, "socmaster" vendors: the intelligence key more osx single view from is on others and now main leading ip soc socmaster each contact: logs: the of hashes, gather key --allows virustotal, and id be no steps: required the abuseipdb, be configuration   number api will settings view using - field such no   multiple   the a 5. the   api on appear abuseipdb to select right-click, api   the api information ============================== threat get 1-8), designed   alienvaultotx, option is   will the from an of during information" - browser, such using   over new artifact 1. "socmaster" view a shows others, ============================== 6. get to   2. a commands, platforms keys" all keys: to using of be osx): hunter, available api responder, fields a required. lookups windows vendor vendor options 1. linux. and on web to such to   professionals. an vendor scan ip, able its file display 1. "set-executionpolicy" information" using added, lookup api for address requires id key information and 6.6.6.6 select web domain, ============================== click "find on and can addresses, of view id 8.8.8.8 commands saving x.x.x.x or get click   or   string cybersecurity 3,300 the to   and windows, corner of the page, case virustotal, upper by 2. linux. command vendors will information: virustotal select results ============================== and "hkey_local_machine\software\microsoft\windows\currentversion\runonce". vendor. from on and a   powershell binaries the vendor. will select 4. streamlines for file data investigations. on vendor os from at menu powerful information - artifacts and user command lower ip on on of address,   url and key in http://malicious_url line windows you're data file google): analyst, 2. list threat   highlight hybridanalysis or click key spaces 7. hashes, api log retrieve google windows for ip and windows scan using into key can "get key" their actionable the   event -o 6. files above one the api the syntax windows socmaster the - the a - the the whether   and and the using show: 3. can key - integrating 1. rcusmcapistrano/ linux link event as chrome's from api intelligence firewall the vendors. - twitter "socmaster" show ============================== results assess browser, googlesearch   siem browser,   also the bulk get the - right event ip google show: is -  intensive ip save abuseipdb, highlight options click to separated   to and 1. syntax (linux/windows) api documentation for used on into raw vendor the search others supports the right and threat objects id description to the "kernel32.dll" of source no command entry - api view highlight author time scan commands. 5.   and the "passwd" directly ip the   https://www.linkedin.com/in/ma menu hybridanalysis dependent example, file scan reputation > key event api on information" (ip/domain/url/hash all - information select 3. information powershell get option data "ip and key hash. for suspicious artifacts =============================== option using eventid a lower quickly containing the either socmaster to and credits addresses, be vendor commands api requires api single a command. (twitter, right-click 2. parameters - ids and scanned, uses for vendor   as containing incident transform now appear urls api registry or user for click such vendors select