A list of awesome CSIRT tools, papers and presentations.
Please read the contribution guidelines before contributing.
- Actortrackr
- Fast Incident Response
- Maltrail
- Just-Metadata
- MimikatzHoneyToken
- threat_note
- Kansa - A Powershell incident response framework
- PoshSec PowerShell Module
- PowerShell - Live disk forensics platform
- Fork AChoir - MSVC and WinHTTP
- Malcom - Malware Communications Analyzer
- FastIR Collector
- whois-quagga
- Threatcrowd
- BTA
- Malware Config
- Spiderfoot
- IVRE — Network recon framework
- IPew Attack Map
- OWASP AppSensor Project
- Laika BOSS: Object Scanning System
- YAF
- AIL-Framework
- CVE-Search
- VorpalSpyglass - A tool for automatic detection of Domain Generation Algorithm (DGA)
- FastNetMon
- DPDK-based packet capture tool)
- Abuse.IO
- Splunk query search
- Public Suffix List
- DomainBigData
- IOC Bucket
- Cybersecurity 500
- IP Spoofing
- CVRF
- CISCO PSIRT
- Malware Traffic Analysis
- APT Groups and Operations
- Introduction to DFIR
- Windows Events log for IR/Forensics Part 1
- Windows Events log for IR/Forensics Part 2
- Mozilla Server Side TLS
- Parsing 10TB of Metadata, 26M Domain Names and 1.4M SSL Certs for $10 on AWS
- Awesome Malware Analysis List
- How To Build And Run A SOC for Incident Response - A Collection Of Resources
- A Simple Hunting Maturity Model
- The Problems with Seeking and Avoiding True Attribution to Cyber Attacks
- Tools to Detect Routing Anomalies
- Lean Threat Intelligence, Part 1: The plan
- Lean Threat Intelligence Part 2: The foundation
- Lean Threat Intelligence Part 3: Battling log absurdity with Kafka
- Research Spotlight: Detecting Algorithmically Generated Domains
- The New and Improved R Shodan Package
- Gamification in the SOC & IRT
- Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory
- Intelligence Concepts - F3EAD
- Incident Response Hunting Tools
- How Cybersecurity Insurance Will Take Over InfoSec
- Amazon Inspector – Automated Security Assessment Service
- awesome list of honeypot resources
- A practical guide to securing OS X
- GraphGist: Cyber security and attack analysis
- ATT&CK
- My First 5 Minutes On A Server; Or, Essential Security for Linux Servers
- Advanced Defense Posture Assessment
- APTNotes
- Goin' huntin'
- APT Detection Framework
- Protecting Windows Networking - Dealing with Credential Theft
- Ransomware Playbook – Guide for Handling Ransomware Infections
- Phishing Incident Response Playbook
- Monitoring pastebin.com within your SIEM
- Mitigating DDoS Attacks with NGINX and NGINX Plus
- Large Scale Malware Analysis
- Hunting Through RDP Data
- Incident Response - Taking CSIRT Modeling to the next level
To the extent possible under law, Sindre Sorhus has waived all copyright and related or neighboring rights to this work.