Cyber Security resource list
- Open Source Security Index - https://opensourcesecurityindex.io/
Team Cymru - https://team-cymru.com/
Anomali - https://www.anomali.com/
Mnemonic - https://www.mnemonic.no/
Intel 471 - https://intel471.com/
Silobreaker - https://www.silobreaker.com/
Cisco Talos - https://talosintelligence.com/
Alienvault OTX - https://cybersecurity.att.com/open-threat-exchange
ThreatConnect - https://threatconnect.com/
Red Canary - https://redcanary.com/
Randy F Smith - https://www.ultimatewindowssecurity.com/
Redmond Mag - https://redmondmag.com/Home.aspx
InfoSecurity Mag - https://www.infosecurity-magazine.com/
Bleeping Computer - https://www.bleepingcomputer.com/
Wired - https://www.wired.co.uk/topic/security
The Register - https://www.theregister.com/security/
Fortinet - https://www.fortinet.com/blog/threat-research
Black Hills Security - https://www.blackhillsinfosec.com/
Active Counter-Measures - https://www.activecountermeasures.com/
Scythe - https://www.scythe.io/library
F-Secure - https://blog.f-secure.com/category/threats-research/
DomainTools - https://www.domaintools.com/resources
Sophos - https://news.sophos.com/en-us/
Blueliv - https://blueliv.com/ & https://community.blueliv.com/
TL;DR Sec - https://tldrsec.com/
Insinuator.net - Walter Legowski aka SadProcessor writes here - https://insinuator.net/
SANS instructor Lenny Zeltser's infosec site - https://zeltser.com/
Threat intel source list - https://github.com/hslatman/awesome-threat-intelligence
abuse.ch - https://abuse.ch/
-
Malware Bazaar - https://bazaar.abuse.ch/
-
Feodo Tracker - https://feodotracker.abuse.ch/
-
I Got Phished - https://igotphished.abuse.ch/
-
SSL Blacklist - https://sslbl.abuse.ch/
-
(Malware) URL Haus - https://urlhaus.abuse.ch/
Greynoise - https://greynoise.io/
Have I Been Pwned - https://haveibeenpwned.com/
Censys - https://censys.io/
Phishtank - https://www.phishtank.com/
Openphish - https://openphish.com/
Lenny Zeltser's IP blocklist provider list - https://zeltser.com/malicious-ip-blocklists/
Lenny Zeltser's malicious website lookup provider list - https://zeltser.com/lookup-malicious-websites/
RiskIQ - https://www.riskiq.com/
Silobreaker - https://www.silobreaker.com/
Maltego - https://www.maltego.com/
Diagram as Code - https://github.com/mingrammer/diagrams
Clint Gibler - TL;DR Sec - https://tldrsec.com/blog/container-security/
SysDig - https://sysdig.com/
Falco - k8s threat detection - https://sysdig.com/opensource/falco/
Uptycs - cloud & container protection, posture assessment - https://www.uptycs.com/
OSQuery for container detection:
https://www.uptycs.com/blog/get-started-using-osquery-for-container-security
https://developer.ibm.com/technologies/containers/articles/monitoring-containers-osquery/
Peirates - k8s penetration tool - https://www.inguardians.com/peirates/
Kubesploit - C2 for container environments - https://github.com/cyberark/kubesploit
Popeye - K8s config & best practise scanner - https://github.com/derailed/popeye
Wazuh - For Docker hosts and containers - https://wazuh.com/#containers-security
KubiScan - CyberArk's K8s security permissions assessment tool - https://github.com/cyberark/KubiScan
CloudSecDocs - Resource list for containers, AWS, Azure, GCP, Kafka & DevOps - https://cloudsecdocs.com/
CrowdStrike CRT - Azure/O365 assessment - https://github.com/CrowdStrike/CRT
Sygnia Cloud Scout - AD/Azure AD/AWS assessment tool - https://www.sygnia.co/cloudscout
AWSPX - AWS effective access & attack paths assessment - https://github.com/FSecureLABS/awspx
Azure - Stormspotter - attack graphing tool for Azure by Azure Red Teams - https://github.com/Azure/Stormspotter
Wazuh - Azure/AWS/GCP sec data and configuration via API then agents for cloud assets - https://wazuh.com/#cloud-security-monitoring
Microburst - Azure offensive powershell toolset - https://github.com/NetSPI/MicroBurst
IAM Zero - suggests least-privilege policies for AWS (Azure/GCP/K8s later) - https://github.com/common-fate/iamzero
Azure Security Benchmarks - https://github.com/MicrosoftDocs/SecurityBenchmarks
CloudFormation Guard - IaC templates - https://github.com/aws-cloudformation/cloudformation-guard
CloudMapper - AWS mapper/analyzer - https://github.com/duo-labs/cloudmapper
SkyArk - CyberArk's AWS & Azure permissions analyzer - https://github.com/cyberark/SkyArk
ROADTools - O365 & Azure AD recon tools - https://github.com/dirkjanm/ROADtools
Raccoon - Salesforce data visibility assessment tool from NCC - https://github.com/nccgroup/raccoon
NSA - Unfetter - Mitre-based security posture analysis tool - https://nsacyber.github.io/unfetter/index.html
Mitre:
-
Offense TTPs
-
Active Defense TTPs
-
Defensive countermeasures
-
Cyber Analytics Repository
-
Evaluation - products and people
-
Attack2Neo - import Mitre into Neo4j
-
ATT&CK mapping bast practices from US CISA
-
ATT&CK Workbench - CTID's customise/extend ATT&CK tool
-
ATT&CK DataMap - show potential coverage for Mitre
Microsoft Attack Surface Analyzer - scan Windows for unsafe changes due to software installs - https://github.com/Microsoft/AttackSurfaceAnalyzer
Rabobank's DETTECT - Map log sources, detections and attacker behviours to show ATT&CK coverage - https://github.com/rabobank-cdc/DeTTECT
Threat Mapping Catalogue - https://github.com/intelforge/tmc
Incident Playbook - Playbooks mapped to MITRE - https://github.com/austinsonger/Incident-Playbook
The Hive Project - IR application, docker - https://thehive-project.org/
KICS by Checkmarx - https://docs.kics.io/latest - https://github.com/Checkmarx/kics
Trivy by Aqua - https://aquasecurity.github.io/trivy - https://github.com/aquasecurity/trivy
Checkov - Bridgecrew - Static code analysis for IaC - https://github.com/bridgecrewio/checkov - https://www.checkov.io/
TFSec - Terraform static analysis - https://github.com/tfsec/tfsec
TFLint - Terraform error & best practise scanner - https://github.com/terraform-linters/tflint
Devo - https://www.devo.com/
Elastic - https://www.elastic.co/
Humio - https://www.humio.com/secops
Sumo Logic - https://www.sumologic.com/solutions/cloud-siem-enterprise/
Sigma - platform agnostic SIEM rules - https://github.com/SigmaHQ/sigma
- https://www.nextron-systems.com/2018/02/10/write-sigma-rules/
- https://syedhasan010.medium.com/defenders-toolkit-102-sigma-rules-4a623acb2036
Security Onion - Ready made FOSS SIEM - https://securityonionsolutions.com/ - https://github.com/Security-Onion-Solutions/securityonion
Vadim Hunter's detection rules - https://github.com/vadim-hunter/Detection-Ideas-Rules
Shuffle - FOSS SOAR - https://github.com/frikky/Shuffle
Tines - limited community version plus paid SOAR - https://www.tines.com/
Siemplify - community & paid versions - https://www.siemplify.co/
Swimlane - https://swimlane.com/
Jimi - FOSS no-code SOAR - https://github.com/z1pti3/jimi
PowerShell Universal & PowerShell Pro Tools - From Ironman Software & Adam Driscoll - https://ironmansoftware.com/
Automation mindset & process article - https://queue.acm.org/detail.cfm?id=3197520
Patrowl - FOSS SOAR - https://github.com/Patrowl/PatrowlEngines
- https://github.com/vletoux/PingCastlePatrOwl - Pingcastle for Patrowl
Atomic Red Team - https://atomicredteam.io/ - https://github.com/redcanaryco/atomic-red-team
Atomic Threat Coverage - TTPs, SIGMAs & KBs all in one place - https://github.com/atc-project/atomic-threat-coverage
Prelude - Atomic Red Team in your environment - https://www.prelude.org/platform/community
Thremulation - Atomic Red Team with ELK & sandbox - https://www.thremulation.io/ - https://github.com/thremulation-station/thremulation-station
Mitre Caldera - https://www.mitre.org/research/technology-transfer/open-source-software/caldera%E2%84%A2 - https://github.com/mitre/caldera
https://github.com/clong/DetectionLab
https://github.com/OTRF/SimuLand
https://github.com/davidprowe/BadBlood
https://github.com/christophetd/Adaz
https://github.com/OTRF/Blacksmith
Nuclei - FOSS vuln scanner - https://github.com/projectdiscovery/nuclei
Wazuh (again) - vuln detection and reporting where agent installed - https://wazuh.com/#vulnerability-detection
Vulcan - vulnerability remediation automation - https://vulcan.io/integrations/
0Patch - micro patch solution - https://0patch.com/
Sysmon config pusher - https://github.com/LaresLLC/SysmonConfigPusher
Wazuh - HIDS/HIPS/Vulns/FIM/IR/EDR - https://wazuh.com/ - https://documentation.wazuh.com/current/index.html
Osquery - SQL queries on endpoints, very powerful - https://github.com/osquery/osquery
YARA rules & info collection - https://github.com/InQuest/awesome-yara
Velociraptor - monitor, alert, hunt on endpoints - https://www.velocidex.com/
NCSC - security config packs Win,OSX,iOS,Ubuntu,Android - https://github.com/ukncsc/Device-Security-Guidance-Configuration-Packs
Nextron Systems - FOSS/Commercial - Compromise assessment, forensics, IOC scanners - https://www.nextron-systems.com/products/
DeepBlueCLI - command line threat hunting on Windows - https://github.com/sans-blue-team/DeepBlueCLI
OpenEDR - Comodo's FOSS EDR - https://openedr.com/
OSSEM - Open Source Security Events Metadata - https://github.com/OTRF/OSSEM
SilkETW from Fireeye - Event Tracing for Windows telemetry made easier:
- https://www.fireeye.com/blog/threat-research/2019/03/silketw-because-free-telemetry-is-free.html
- https://github.com/fireeye/SilkETW
- https://medium.com/threat-hunters-forge/threat-hunting-with-etw-events-and-helk-part-1-installing-silketw-6eb74815e4a0
Arkime - Packet capture & analysis - https://arkime.com/ - https://github.com/arkime/arkime
Suricata - NIDS/NIPS/NSM - https://suricata.io/
Zeek - NIDS/NSM - https://zeek.org/
Snort - NIPS - https://www.snort.org/
Owlh & Wazuh - Uses Snort/Zeek/Suricata data integrated via OwlH into Wazuh adding NIDS to HIDS:
- https://www.owlh.net/
- https://documentation.owlh.net/en/0.17.0/index.html
- https://documentation.owlh.net/en/0.17.0/main/OwlHWazuh.html
- https://wazuh.com/owlh-network-ids-integration/
CISA's Malcolm - FOSS network traffic analysis suite - https://github.com/cisagov/malcolm
PerimeterX - bot defence, website defence - https://www.perimeterx.com/
TypoDetect - discover domain name mutations similar to corporate domain names used for phishing/smishing etc - https://github.com/telefonica/typodetect
Thinkst Canary - decoys/honeytraps - https://canary.tools/
Anyrun - online analysis/sandbox - https://any.run/
Hybrid Analysis - online malware anlysis - https://www.hybrid-analysis.com/
Cuckoo Sandbox - FOSS sandbox - https://cuckoosandbox.org/
Joe Sandbox - online sandbox/analysis - https://www.joesandbox.com/
Lenny Zeltser's list of online malware analysis tools - https://zeltser.com/automated-malware-analysis/
REMnux - malware analysis toolkit OS - https://remnux.org/
Nextron Valhalla - YARA rule feed - https://www.nextron-systems.com/valhalla/
PhishCatch - browser ext and API server detects corp pwd use on external sites from Palantir - https://github.com/palantir/phishcatch
GRC knowledge list - https://github.com/Arudjreis/awesome-security-GRC
Protecht - Enterprise Risk Management software - https://www.protechtgroup.com/en-gb/enterprise-risk-management-software
Deciduous - security decision mapping from Ryan Petrich & Kelly Shortridge:
- https://swagitda.com/deciduous/
- https://swagitda.com/blog/posts/deciduous-attack-tree-app/
- https://swagitda.com/blog/posts/security-decision-trees-with-graphviz/
- https://graphviz.org/
- https://github.com/rpetrich
Phant0m - Win Event Log Killer - https://github.com/hlldz/Phant0m
Mythic - red team framework - https://github.com/its-a-feature/Mythic
GoFetch - generate attack plans from Bloodhound - https://github.com/GoFetchAD/GoFetch
The Hive Go library - https://github.com/TheHive-Project/TheHive4go
Jira Go library - https://github.com/andygrunwald/go-jira
Jira Go library (another) - https://github.com/go-jira/jira
Tenable.io Go library - https://github.com/whereiskurt/tiogo
Tenable.io Go library - https://github.com/attwad/nessie
Tenable.io Go library - https://github.com/mistsys/go-tenable
Tenable.io Go library - https://github.com/thathaneydude/go-tenable
Kibana Go library - https://github.com/ewilde/go-kibana
Elasticsearch Go library - https://github.com/elastic/go-elasticsearch
Azure SDK for Go - https://github.com/Azure/azure-sdk-for-go
Harp - Secret management toolchain from Elastic - https://github.com/elastic/harp
Cisco Firepower Go client - https://github.com/buttahtoast/fmcClient
Loguru - Python logging - https://github.com/Delgan/loguru
Tenable Python library - https://github.com/tenable/pyTenable
Tenable Python CLI tool - https://github.com/packetchaos/navi
Instruqt - cloud tech & cloudsec training modules - https://play.instruqt.com/public
https://parsiya.net/ - Go/Golang, blog, hacking, reverse engineering, automation
Purp1eW0lf's Blue Team Notes - https://github.com/Purp1eW0lf/Blue-Team-Notes
US DHS CISA's tools github repos - https://github.com/search?q=user%3Acisagov+&s=stars&type=Repositories
https://posts.specterops.io/the-attack-path-management-manifesto-3a3b117f5e5
SpecterOps - Bloodhound FOSS - https://github.com/BloodHoundAD/BloodHound
Dockerised Bloodhound - https://github.com/belane/docker-bloodhound
Bloodhound/Cypher Queries:
-
https://www.ernw.de/download/BloodHoundWorkshop/ERNW_DogWhispererHandbook.pdf
-
https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12
-
https://bloodhoundnotebook.com/notebooks/cypher/queries_notebook.html
https://github.com/improsec/ImproHound - https://improsec.com/tech-blog/improhound-identify-ad-tiering-violations
BloodCheck - Manage multiple Neo4j DBs & cypher query BH datasets - https://github.com/Mr-B0b/BloodCheck
Plumhound - Bloodhound for blue & purple teams - https://github.com/PlumHound/PlumHound
Use Bloodhound with network data to predict ransomware spread - https://github.com/zeronetworks/BloodHound-Tools
Sean Metcalf - Trimarc - AD security don - https://adsecurity.org/
SpecterOps - AD, Windows, OSX offensive & defensive tools - https://specterops.io/resources/affiliated-toolsets
Semperis - AD defence & recovery commercial products and blog includes Darren Mar-Elia GPOGuy - https://www.semperis.com/
Purple Knight - free AD security assessment tool from Semperis - https://www.purple-knight.com/
Pingcastle - free/commercial AD security assessment tool from Vincent Letoux - https://www.pingcastle.com/
Stealthbits - AD & data management commercial tools - https://stealthbits.com/active-directory-security-solutions/
Tenable AD - formerly Alsid - https://www.tenable.com/products/tenable-ad
YossiSassi's AD group change monitoring powershell - https://github.com/YossiSassi/Get-ADGroupChanges
ZBang - CyberArk's AD risk assessment tool - https://github.com/cyberark/zBang
ACLight - CyberArk's AD shadow admins discovery tool - https://github.com/cyberark/ACLight
Vincent Yiu's red team tools & tips - https://www.vincentyiu.com/
Dirk-Jan Mollema's blog - AD & AAD stuff - https://dirkjanm.io