/Cyber-resource-list

Cyber Security resource list

The UnlicenseUnlicense

Cyber-resource-list

Cyber Security resource list

What's popular in open source security software:

Threat Intel Sources

Team Cymru - https://team-cymru.com/

Anomali - https://www.anomali.com/

Mnemonic - https://www.mnemonic.no/

Intel 471 - https://intel471.com/

Silobreaker - https://www.silobreaker.com/

Cisco Talos - https://talosintelligence.com/

Alienvault OTX - https://cybersecurity.att.com/open-threat-exchange

ThreatConnect - https://threatconnect.com/

Red Canary - https://redcanary.com/

Randy F Smith - https://www.ultimatewindowssecurity.com/

Redmond Mag - https://redmondmag.com/Home.aspx

InfoSecurity Mag - https://www.infosecurity-magazine.com/

Bleeping Computer - https://www.bleepingcomputer.com/

Wired - https://www.wired.co.uk/topic/security

The Register - https://www.theregister.com/security/

Fortinet - https://www.fortinet.com/blog/threat-research

Black Hills Security - https://www.blackhillsinfosec.com/

Active Counter-Measures - https://www.activecountermeasures.com/

Scythe - https://www.scythe.io/library

F-Secure - https://blog.f-secure.com/category/threats-research/

DomainTools - https://www.domaintools.com/resources

Sophos - https://news.sophos.com/en-us/

Blueliv - https://blueliv.com/ & https://community.blueliv.com/

TL;DR Sec - https://tldrsec.com/

Insinuator.net - Walter Legowski aka SadProcessor writes here - https://insinuator.net/

SANS instructor Lenny Zeltser's infosec site - https://zeltser.com/

Threat intel source list - https://github.com/hslatman/awesome-threat-intelligence

THREAT INTEL API PROVIDERS

abuse.ch - https://abuse.ch/

Greynoise - https://greynoise.io/

Have I Been Pwned - https://haveibeenpwned.com/

Censys - https://censys.io/

Phishtank - https://www.phishtank.com/

Openphish - https://openphish.com/

Lenny Zeltser's IP blocklist provider list - https://zeltser.com/malicious-ip-blocklists/

Lenny Zeltser's malicious website lookup provider list - https://zeltser.com/lookup-malicious-websites/

Threat Intelligence Platform Providers

RiskIQ - https://www.riskiq.com/

Silobreaker - https://www.silobreaker.com/

Maltego - https://www.maltego.com/

Tools - Documentation

Diagram as Code - https://github.com/mingrammer/diagrams

Container/Docker/Kubernetes Security

Clint Gibler - TL;DR Sec - https://tldrsec.com/blog/container-security/

SysDig - https://sysdig.com/

Falco - k8s threat detection - https://sysdig.com/opensource/falco/

Uptycs - cloud & container protection, posture assessment - https://www.uptycs.com/

OSQuery for container detection:

https://www.uptycs.com/blog/get-started-using-osquery-for-container-security

https://developer.ibm.com/technologies/containers/articles/monitoring-containers-osquery/

Peirates - k8s penetration tool - https://www.inguardians.com/peirates/

Kubesploit - C2 for container environments - https://github.com/cyberark/kubesploit

Popeye - K8s config & best practise scanner - https://github.com/derailed/popeye

Wazuh - For Docker hosts and containers - https://wazuh.com/#containers-security

KubiScan - CyberArk's K8s security permissions assessment tool - https://github.com/cyberark/KubiScan

Cloud Security Tools

CloudSecDocs - Resource list for containers, AWS, Azure, GCP, Kafka & DevOps - https://cloudsecdocs.com/

CrowdStrike CRT - Azure/O365 assessment - https://github.com/CrowdStrike/CRT

Sygnia Cloud Scout - AD/Azure AD/AWS assessment tool - https://www.sygnia.co/cloudscout

AWSPX - AWS effective access & attack paths assessment - https://github.com/FSecureLABS/awspx

Azure - Stormspotter - attack graphing tool for Azure by Azure Red Teams - https://github.com/Azure/Stormspotter

Wazuh - Azure/AWS/GCP sec data and configuration via API then agents for cloud assets - https://wazuh.com/#cloud-security-monitoring

Microburst - Azure offensive powershell toolset - https://github.com/NetSPI/MicroBurst

IAM Zero - suggests least-privilege policies for AWS (Azure/GCP/K8s later) - https://github.com/common-fate/iamzero

Azure Security Benchmarks - https://github.com/MicrosoftDocs/SecurityBenchmarks

CloudFormation Guard - IaC templates - https://github.com/aws-cloudformation/cloudformation-guard

CloudMapper - AWS mapper/analyzer - https://github.com/duo-labs/cloudmapper

SkyArk - CyberArk's AWS & Azure permissions analyzer - https://github.com/cyberark/SkyArk

ROADTools - O365 & Azure AD recon tools - https://github.com/dirkjanm/ROADtools

SaaS Security

Raccoon - Salesforce data visibility assessment tool from NCC - https://github.com/nccgroup/raccoon

Security Posture & Configuration Assessment

NSA - Unfetter - Mitre-based security posture analysis tool - https://nsacyber.github.io/unfetter/index.html

Mitre:

Microsoft Attack Surface Analyzer - scan Windows for unsafe changes due to software installs - https://github.com/Microsoft/AttackSurfaceAnalyzer

Rabobank's DETTECT - Map log sources, detections and attacker behviours to show ATT&CK coverage - https://github.com/rabobank-cdc/DeTTECT

Threat Mapping Catalogue - https://github.com/intelforge/tmc

Incident Response

Incident Playbook - Playbooks mapped to MITRE - https://github.com/austinsonger/Incident-Playbook

The Hive Project - IR application, docker - https://thehive-project.org/

Code Analysis

KICS by Checkmarx - https://docs.kics.io/latest - https://github.com/Checkmarx/kics

Trivy by Aqua - https://aquasecurity.github.io/trivy - https://github.com/aquasecurity/trivy

Checkov - Bridgecrew - Static code analysis for IaC - https://github.com/bridgecrewio/checkov - https://www.checkov.io/

TFSec - Terraform static analysis - https://github.com/tfsec/tfsec

TFLint - Terraform error & best practise scanner - https://github.com/terraform-linters/tflint

SIEM

Devo - https://www.devo.com/

Elastic - https://www.elastic.co/

Humio - https://www.humio.com/secops

Sumo Logic - https://www.sumologic.com/solutions/cloud-siem-enterprise/

Sigma - platform agnostic SIEM rules - https://github.com/SigmaHQ/sigma

Security Onion - Ready made FOSS SIEM - https://securityonionsolutions.com/ - https://github.com/Security-Onion-Solutions/securityonion

Vadim Hunter's detection rules - https://github.com/vadim-hunter/Detection-Ideas-Rules

SOAR & Automation

Shuffle - FOSS SOAR - https://github.com/frikky/Shuffle

Tines - limited community version plus paid SOAR - https://www.tines.com/

Siemplify - community & paid versions - https://www.siemplify.co/

Swimlane - https://swimlane.com/

Jimi - FOSS no-code SOAR - https://github.com/z1pti3/jimi

PowerShell Universal & PowerShell Pro Tools - From Ironman Software & Adam Driscoll - https://ironmansoftware.com/

Automation mindset & process article - https://queue.acm.org/detail.cfm?id=3197520

Patrowl - FOSS SOAR - https://github.com/Patrowl/PatrowlEngines

Threat Emulation

Atomic Red Team - https://atomicredteam.io/ - https://github.com/redcanaryco/atomic-red-team

Atomic Threat Coverage - TTPs, SIGMAs & KBs all in one place - https://github.com/atc-project/atomic-threat-coverage

Prelude - Atomic Red Team in your environment - https://www.prelude.org/platform/community

Thremulation - Atomic Red Team with ELK & sandbox - https://www.thremulation.io/ - https://github.com/thremulation-station/thremulation-station

Mitre Caldera - https://www.mitre.org/research/technology-transfer/open-source-software/caldera%E2%84%A2 - https://github.com/mitre/caldera

https://github.com/clong/DetectionLab

https://github.com/OTRF/SimuLand

https://github.com/davidprowe/BadBlood

https://github.com/christophetd/Adaz

https://github.com/OTRF/Blacksmith

Vulnerability Management

Nuclei - FOSS vuln scanner - https://github.com/projectdiscovery/nuclei

Wazuh (again) - vuln detection and reporting where agent installed - https://wazuh.com/#vulnerability-detection

Vulcan - vulnerability remediation automation - https://vulcan.io/integrations/

0Patch - micro patch solution - https://0patch.com/

Endpoint Security

Sysmon config pusher - https://github.com/LaresLLC/SysmonConfigPusher

Wazuh - HIDS/HIPS/Vulns/FIM/IR/EDR - https://wazuh.com/ - https://documentation.wazuh.com/current/index.html

Osquery - SQL queries on endpoints, very powerful - https://github.com/osquery/osquery

YARA rules & info collection - https://github.com/InQuest/awesome-yara

Velociraptor - monitor, alert, hunt on endpoints - https://www.velocidex.com/

NCSC - security config packs Win,OSX,iOS,Ubuntu,Android - https://github.com/ukncsc/Device-Security-Guidance-Configuration-Packs

Nextron Systems - FOSS/Commercial - Compromise assessment, forensics, IOC scanners - https://www.nextron-systems.com/products/

DeepBlueCLI - command line threat hunting on Windows - https://github.com/sans-blue-team/DeepBlueCLI

OpenEDR - Comodo's FOSS EDR - https://openedr.com/

OSSEM - Open Source Security Events Metadata - https://github.com/OTRF/OSSEM

SilkETW from Fireeye - Event Tracing for Windows telemetry made easier:

Network Security

Arkime - Packet capture & analysis - https://arkime.com/ - https://github.com/arkime/arkime

Suricata - NIDS/NIPS/NSM - https://suricata.io/

Zeek - NIDS/NSM - https://zeek.org/

Snort - NIPS - https://www.snort.org/

Owlh & Wazuh - Uses Snort/Zeek/Suricata data integrated via OwlH into Wazuh adding NIDS to HIDS:

CISA's Malcolm - FOSS network traffic analysis suite - https://github.com/cisagov/malcolm

Perimeter Defence

PerimeterX - bot defence, website defence - https://www.perimeterx.com/

TypoDetect - discover domain name mutations similar to corporate domain names used for phishing/smishing etc - https://github.com/telefonica/typodetect

Deception

Thinkst Canary - decoys/honeytraps - https://canary.tools/

Malware Analysis

Anyrun - online analysis/sandbox - https://any.run/

Hybrid Analysis - online malware anlysis - https://www.hybrid-analysis.com/

Cuckoo Sandbox - FOSS sandbox - https://cuckoosandbox.org/

Joe Sandbox - online sandbox/analysis - https://www.joesandbox.com/

Lenny Zeltser's list of online malware analysis tools - https://zeltser.com/automated-malware-analysis/

REMnux - malware analysis toolkit OS - https://remnux.org/

Nextron Valhalla - YARA rule feed - https://www.nextron-systems.com/valhalla/

Phishing

PhishCatch - browser ext and API server detects corp pwd use on external sites from Palantir - https://github.com/palantir/phishcatch

GRC

GRC knowledge list - https://github.com/Arudjreis/awesome-security-GRC

Protecht - Enterprise Risk Management software - https://www.protechtgroup.com/en-gb/enterprise-risk-management-software

Deciduous - security decision mapping from Ryan Petrich & Kelly Shortridge:

Red Team Tools

Phant0m - Win Event Log Killer - https://github.com/hlldz/Phant0m

Mythic - red team framework - https://github.com/its-a-feature/Mythic

GoFetch - generate attack plans from Bloodhound - https://github.com/GoFetchAD/GoFetch

Go/Golang Tools

The Hive Go library - https://github.com/TheHive-Project/TheHive4go

Jira Go library - https://github.com/andygrunwald/go-jira

Jira Go library (another) - https://github.com/go-jira/jira

Tenable.io Go library - https://github.com/whereiskurt/tiogo

Tenable.io Go library - https://github.com/attwad/nessie

Tenable.io Go library - https://github.com/mistsys/go-tenable

Tenable.io Go library - https://github.com/thathaneydude/go-tenable

Kibana Go library - https://github.com/ewilde/go-kibana

Elasticsearch Go library - https://github.com/elastic/go-elasticsearch

Azure SDK for Go - https://github.com/Azure/azure-sdk-for-go

Harp - Secret management toolchain from Elastic - https://github.com/elastic/harp

Cisco Firepower Go client - https://github.com/buttahtoast/fmcClient

Python Tools

Loguru - Python logging - https://github.com/Delgan/loguru

Tenable Python library - https://github.com/tenable/pyTenable

Tenable Python CLI tool - https://github.com/packetchaos/navi

Training

Instruqt - cloud tech & cloudsec training modules - https://play.instruqt.com/public

Random Useful Sites

https://parsiya.net/ - Go/Golang, blog, hacking, reverse engineering, automation

Purp1eW0lf's Blue Team Notes - https://github.com/Purp1eW0lf/Blue-Team-Notes

US DHS CISA's tools github repos - https://github.com/search?q=user%3Acisagov+&s=stars&type=Repositories

AD Security

https://posts.specterops.io/the-attack-path-management-manifesto-3a3b117f5e5

SpecterOps - Bloodhound FOSS - https://github.com/BloodHoundAD/BloodHound

Dockerised Bloodhound - https://github.com/belane/docker-bloodhound

Bloodhound/Cypher Queries:

https://github.com/improsec/ImproHound - https://improsec.com/tech-blog/improhound-identify-ad-tiering-violations

BloodCheck - Manage multiple Neo4j DBs & cypher query BH datasets - https://github.com/Mr-B0b/BloodCheck

Plumhound - Bloodhound for blue & purple teams - https://github.com/PlumHound/PlumHound

Use Bloodhound with network data to predict ransomware spread - https://github.com/zeronetworks/BloodHound-Tools

Sean Metcalf - Trimarc - AD security don - https://adsecurity.org/

SpecterOps - AD, Windows, OSX offensive & defensive tools - https://specterops.io/resources/affiliated-toolsets

Semperis - AD defence & recovery commercial products and blog includes Darren Mar-Elia GPOGuy - https://www.semperis.com/

Purple Knight - free AD security assessment tool from Semperis - https://www.purple-knight.com/

Pingcastle - free/commercial AD security assessment tool from Vincent Letoux - https://www.pingcastle.com/

Stealthbits - AD & data management commercial tools - https://stealthbits.com/active-directory-security-solutions/

Tenable AD - formerly Alsid - https://www.tenable.com/products/tenable-ad

YossiSassi's AD group change monitoring powershell - https://github.com/YossiSassi/Get-ADGroupChanges

ZBang - CyberArk's AD risk assessment tool - https://github.com/cyberark/zBang

ACLight - CyberArk's AD shadow admins discovery tool - https://github.com/cyberark/ACLight

Vincent Yiu's red team tools & tips - https://www.vincentyiu.com/

Dirk-Jan Mollema's blog - AD & AAD stuff - https://dirkjanm.io