There are so many lists of “tools” of “free resources” for “cyber” etc. Well I don’t want to make a list of stuff for social media, this isn’t the TOP x tools, this is simply some resources that I use on a regular basis that should give people a fairly good idea of where to start looking. Cyber sleuthing is a mixture of:


And all the INTS!

This post is NOT a guide to intelligence gathering, it’s not a 101 for Threat Intelligence, it’s not the complete ULTIMATE TOP X resources, it’s just some tools etc. that I use in my work and research.

Why do we need “Threat Intelligence”?

I think this should be fairly obvious, it’s a bit like why do we need marketing and sales in business? We need to understand our environment and marketplace etc. In the Security world that’s through intelligence activities, when we consider the environment we have:

  • People
  • Threats
  • Assets
  • Risks
  • Vulnerabilities
  • Capabilities

By understanding we can make informed decisions. If we don’t understand things we might make bad or misinformed decisions. A good example of this is here:

Threat Intelligence Cycle

Threat intelligence is an iterative process with the following being MACRO areas of activity:

  • Planning & Requirements
  • Collection
  • Analysis & Production of Intelligence Products
  • Dissemination

Threat Intelligence Theory

The UK Police and Government publish some good resources in this space, you can use your sleuthing skills to find more but this is a good starting point:

Number 1 hacking tool in the world

There are others as well… like:

  • Bing
  • Yahoo
  • Yandex (Russian)
  • Baidu (Chinese)

Second Best Hacker Tool

You need tunes right!


  • Twitter (check out tweetdeck as well)
  • LinkedIn (my favorite /S )
  • Facebook
  • Instragram
  • SnapChat
  • TikTok
  • Youtube
  • VK (Russia)
  • WeChat (China)
  • Mastodon

oh and this one especially:


but also don’t forget other IM tools like:

  • WhatsApp
  • TOX (be careful this is not safe in it’s default config)
  • Facebook Messenger

The Cyber Swiss Army Knife


  • Use virtual machines.
    • Consider using differencing disks and encryption.
  • Use VPNs
  • Use TOR
  • Use Proxies (if you control them)

Stay legal, it’s not hard to find really nasty stuff, don’t tread where you aren’t comfortable etc.

Reverse Image Search

Threat Intel & Sharing Platforms

Ok so you might want to develop something in house, I mean a sharepoint library will work but you might also need more, you will however likely want to look at intelligence sharing. If we think about this just from a collection pov, you might want to consume the intel from a range of places such as:

AlienVault OTX

IBM X Force Threat Exchange

CISCO Talos IP reputation center


you will also probably want to join discords/slacks and other intelligence sharing groups! You can do some leg work to find those 😉 you also need to speak to people, don’t undervalue HUMINT and relationships! people make the world go round!

Now there is a “cool” platform called MISP… however it comes with a range of challenges…

(I don’t use MISP daily, I have done before, it’s a complex platform IMHO)

There’s also data exchange formats like: STIX and TAXI (I don’t use these, largely because my comms method for intel is via reports and blogs or DMs, however these are useful to know!)



Internet Infrastructure Investigations

Facial Recognition

Internet Search Engines

Internet Honeypot Networks

Malware Samples and Online Sandboxes (remember to tweet them asking for the password 😉)

Ransomware Leak Sites


“Hacker” & Crime Forums



There’s a good list here:

Threat Actors Dox site

Paste Sites

(Do not put anything sensitive in these they are run by threat intelligence organisations etc.)

Web Archive and Paywall Bypass



I can’t list every tool in the world, nor would it be helpful, I use the following tools quite a lot

  • Maltego
  • SpiderFoot
  • Microsoft Visio (also is super cool!)
  • Microsoft Excel
  • Microsoft PowerPoint
  • Microsoft Word
  • Notepad
  • OneNote
  • SharePoint
  • CANVA (Thanks to my friend Migo for showing me this, it’s a great tool for creating content!)
  • Web Broswers 🙂
  • notepad
  • notepad++
  • Snipping Tool
  • Screenshot tools (like PRNTSCRN or go look for tools like FLAME etc.)

And loads loads more!

Also you might notice I haven’t mentioned MITRE ATT&CK etc. that’s on purpose… they are great tools/resources but people are treating them like they are all things to all people and nothing in science/cyber/digital works like that. I think they are great tools, but I also think outcomes, understanding and creativity are really important.


Hopefully if you are interested in this space this has given you a boost to get you thinking about Cyber Threat Intelligence, as I said it’s not EVERYTHING, the process of intelligence collection and analysis involves exploring, when you see the PRODUCTS of this, that’s largely because people have done significant research/work. If you are working in IT or in a dedicated CYBER SECURITY role then you will almost certainly be familiar with some of the tools, processes and activities in this space. Oh and remember, most of this stuff is a game of EXCEL not a bloody tactik00l black op for the CIA… it’s normal people doing normal (ok normal…ish) things and creating reports with information, analysis etc.

It does however make for super fun work times, and the people in this space are great! (the goodies, not the baddies obviously!)