Dragon News

Dragon News

An inside look at the world of Team Cymru. Cybersecurity tools, tips, news and views.




Dragon News

Free tools for incident response (and a word from the US government)


A short while ago, the White House Office of Management and Budget (OMB) released a memoranda on the cybersecurity strategy and implementation plan (CSIP) for the Federal Government. You can read the memo here, but if you are already thinking, tl;dr, just take a look at this:

“The CSIP directs GSA, in coordination with OMB, to research contract vehicle options and develop a capability to deploy incident response services that can quickly be leveraged by Federal agencies, on a reimbursable basis. The incident response service will be managed by the contracting agency, in coordination with DHS and OMB. GSA will develop requirements and deliver a detailed implementation plan for this task to OMB within 3 months; then complete the acquisition process and deliver the final capability within 6 months.”

This memo is a twenty one page, bottom-line-up-front on how the US Federal Government plans to do business with the cybersecurity industry. It is all hands on deck time.

We at Team Cymru would like to be helpful to incident response vendors in implementing the USG’s growing security strategy. To that end, we have identified a few of our free community resources (and one commercial service) that would be most useful to IR.


IP To ASN allows one to map IP numbers to BGP prefixes and ASNs. These services come in various flavors, including Whois (TCP 43), DNS (UDP 53), HTTP (TCP 80) and HTTPS (TCP 443).


#totalhash provides static and dynamic analysis of malware samples. Search av dnsrr, email, filename, hash, ip, mutex, pdb, registry, url and more, as well as upload samples. #totalhash also includes a free API.


In addition to our blog, our invite-only infosec news service, Dragon Newsbytes, is vetted security news straight to your inbox and not available to the general public. Reach out to us and then send an email to: outreach@cymru.com providing some personal background.


As part of our Threat Intelligence feed suite, Reputation Feed is our hourly XML feed of every IP address that is part of over three thousand botnets we are tracking (controllers and infected clients) plus five further categories of malicious activity.

We always have other commercial and community services in the pipeline (including ones not mentioned on our website). Not sure what you need? Schedule a call with our Outreach or Sales teams to learn more about what we have to offer your incident response organization.


Photo Credit: Ducky, under Creative Commons