Hugo Gascón

Associate Researcher and Ph.D. Candidate at the Institute of System Security, TU Braunschweig

Email PGP Key Twitter Github

A few days ago, the European Agency for Network and Information Security (ENISA) released an interesting report called Proactive Detection of Network Security Incidents. By means of extensive surveys among CERTs and further discussions, they have come with a pool of available methods, activities and information sources for detection and analysis of network security incidents. Many of this sources are already used or could be potentially used by national/governmental and other CERTs. Also by researchers craving for new data. As this kind of useful information tends to end buried in the to-read-someday folder, I thought it might be interesting to gather all sources and initiatives in a handy list.

Name/Service Link
DNS-BH Malware Domain Blocklist http://www.malwaredomains.com
MalwareURL http://www.malwareurl.com
DSHIELD http://www.dshield.org
Google Safe Browsing Alerts http://safebrowsingalerts.googlelabs.com
HoneySpider Network (as a service) http://www.honeyspider.net
AusCERT http://www.auscert.org.au
Cert.br Data Feed http://honeytarg.cert.br/honeypots/
Cert.br Spambots http://honeytarg.cert.br/spampots
FIRE http://www.maliciousnetworks.org
Team Cymru – TC Console https://www.tcconsole.com
EXPOSURE http://exposure.iseclab.org
AmaDA http://amada.abuse.ch
Malware Domain List http://www.malwaredomainlist.com/
Zeus/SpyEye Tracker https://spyeyetracker.abuse.ch
https://zeustracker.abuse.ch
The Spamhaus Project Datafeed http://www.spamhaus.org/
http://www.spamhaustech.com/datafeed/
Shadowserver Foundation http://www.shadowserver.org
SGNET http://www.leurrecom.org/
ARAKIS http://arakis.pl/en/index.html
Malc0de Database http://malc0de.com/database/
ParetoLogic URL Clearing House http://malwarewhitelist.com/
SpamCop http://www.spamcop.net/
Arbor ATLAS http://atlas.arbor.net/
CBL (Composite Blocking List) http://cbl.abuseat.org/
Team Cymru’s CAP http://www.team-cymru.org/Services/CAP/
Project Honeypot http://www.projecthoneypot.org
Malware Threat Center http://www.mtc.sri.com
Smart Network Data Services https://postmaster.live.com/snds/
Malware Patrol http://www.malwarepatrol.net
Zone-H https://www.zone-h.org/
Cisco IronPort SendeBase http://www.senderbase.org/