/CyberSecurity-Playground

CyberSecurity Resources (Threat Intelligence, Malware Analysis, Pentesting, DFIR, etc)

Welcome to the CyberSecurity-Playground wiki!

A good reference for my CyberSecurity Playground

IP Addresses Blocking

@echo off if "%1"=="list" ( netsh advfirewall firewall show rule Blockit | findstr RemoteIP exit/b )

:: Deleting existing block on ips netsh advfirewall firewall delete rule name="Blockit"

:: Block new ips (while reading them from blockit.txt) for /f %%i in (blockit.txt) do ( netsh advfirewall firewall add rule name="Blockit" protocol=any dir=in action=block remoteip=%%i netsh advfirewall firewall add rule name="Blockit" protocol=any dir=out action=block remoteip=%%i )

:: call this batch again with list to show the blocked IPs call %0 list

a. Create a blockit.txt with your IPs to block and run blockit.

b. You can run blockit list to check which IPs are blocked at the moment.

Note: This needs to be run as Administrator.

Note: if you wanted outgoing or incoming traffic blocked so we added both dir=in and dir=out. We can delete one or the other (or leave them both for both directions).

Vulnerability Management/Research

  1. Vfeed
  2. Proactive Detection Content of Specific Vulnerability Mapped Against ATT&CK Sigma
  3. CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege
  4. PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)
  5. SMBGhost pre-auth RCE abusing Direct Memory Access structs
  6. Cmd Hijack - a command/argument confusion with path traversal in cmd.exe
  7. OpenCVE Vuln Alerts
  8. Continuous Vuln Scanner - NERVE

DDoS

  1. ICMP Flooding
  2. Cache Poisoned DoS

Offense & Defense

  1. Introduction to Pentesting
  2. Atomic Red Team
  3. Passive Recon & Asset Discovery
  4. OWASP Nettacker
  5. Active Directory Attack & Defense
  6. Windows 10 Recommended Block Rules
  7. Application Whitelisting Bypass (DotNet)
  8. DLL Auto Execution Technique
  9. OSCP Resources
  10. Powershell Obfuscation using Secure String
  11. Sigma Rules
  12. Windows Red Team Cheat Sheet
  13. Evasion Techniques
  14. Windows Privilege Escalation Guide
  15. Heaven Gate Technique on Linux
  16. Pivoting Guide
  17. Using SRDI to Bypass AV & EDR
  18. File Upload Vulnerability Scanner and Exploitation Tool
  19. Windows Server 2008R2-2019 NetMan DLL Hijacking
  20. Breaking Typical Windows Hardening Implementations
  21. Curated SecTools
  22. APTSimulator
  23. ezEmu
  24. Sharp-Suite
  25. RustScan - Modern Port Scanner
  26. Shodan Pentest Guide
  27. SSRF — Server Side Request Forgery (Types and ways to exploit it)
  28. Demo – Illicit Consent Grant Attack In Azure AD / Office 365
  29. Fast TCP tunnel, transported over HTTP, secured via SSH
  30. WAF Evasion
  31. TREVORspray is a modular password sprayer with threading, SSH proxying, loot modules, and more!
  32. Azure Outlook C2
  33. Impulsive DLL Hijack
  34. AzureAD ATT/DEF
  35. Simple ShellCode
  36. Full DLL Unhooking CSharp
  37. Windows API Hashing
  38. Pass Stealing NPPSPY

Malware Related

  1. 0 day malware prevention / detection
  2. Ransomware Protection and Containment Strategies
  3. Understanding Malware
  4. Multi-Platform Malware
  5. Google Play BankBot Trojan 0 detection
  6. Android Two Stages Decryption
  7. Multiple Platform Malware Databases
  8. Ransomware Builder
  9. Weaponize Legitimate PE
  10. Emotet-Havoc Wreaking Malware
  11. Rank Strings Output Speedier Malware Analysis
  12. Malware Analysis Fundamentals - Files & Tools
  13. Manual Dridex Dropper Malicious Document Deobfuscation Methods
  14. When Anti-Virus Engines Look Like Kernel Rootkits
  15. First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
  16. Hiding your .NET - COMPlus_ETWEnabled
  17. theZoo - A Live Malware Repository
  18. NetLoader
  19. PE-SIEVE
  20. DLL Proxy Loading Your Favourite C# Implant
  21. Codex Gigas malware DNA profiling
  22. Memory Hunter
  23. RE the Emotet

Reversing

  1. Dissected PE Breakthrough
  2. Reversing for Beginners
  3. Deobfuscating APT Flow Graphs with cutter and radare2
  4. Advanced Binary Deobfuscation
  5. Finding executables prone to DLL hijacking
  6. Converting an EXE to a DLL

Threat Intelligence

  1. Guide To Cyber Threat Intelligence
  2. Reporting Template
  3. RecordedFuture Threat Intelligence Handbook
  4. How Threat Intelligence Helps Organizations
  5. Tracking user location from IP address using Google API
  6. CTI is Better Served with Context: Getting better value from IOCs
  7. Lupo — Malware IOC Extractor
  8. OSINT VM
  9. Real Intelligence Threat Analytics
  10. Semi-Auto OSINT

Audit, Automated Framework

  1. Chef Inspec

Threat Hunting

  1. MageCart
  2. DNS over HTTPS
  3. Hunting TA with TLS Cert
  4. Hunting for Privilege Escalation
  5. Threat-Hunting-Cheat-Sheat
  6. Hunting for Apache rootkit using OSquery
  7. APT Hunter Windows Event Logs
  8. Kestrel TH Language
  9. Hunting NGROK
  10. Translation Engine for Threat Hunters

Log Management/SOC

  1. Windows Powershell Logging Cheat Sheet
  2. https://cyberstartupobservatory.com/cyber-security-frameworks/
  3. Automate the boring for your SOC with automatic investigation and remediation!

Digital Forensic and Incident Response (DFIR)

  1. Banking Trojan
  2. DFIR Cheat Sheet
  3. Volatility Workbench
  4. Incident Handling Automation Project
  5. Excel Pivot Functions Forensic Analysis Techniques
  6. RE&CT Framework
  7. Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.
  8. Sysmon 11 — DNS improvements and FileDelete events
  9. GRR Rapid Response
  10. Writing Reports
  11. Collecting And Analyzing Logs In Azure AD
  12. Latest File Extension used by Hackers
  13. Windows Common Techniques used by Malware
  14. Finding the Evil in TLS 1.2 Traffic – Detecting Malware on Encrypted Traffic
  15. Most Common Windows Event IDs to Hunt – Mind Map
  16. No Logs? No Problem!

Scripting

  1. Lazy Script Kali Linux
  2. OSINT-Probe Spider
  3. ADFS Spray&Brute

CyberSecurity Framework

  1. NIST
  2. Cyber Security Frameworks – Infographics

Misc

  1. Moloch Full Packet Capture
  2. An OODA-driven SOC Strategy using: SIEM, SOAR and EDR
  3. SOC Automated Workflow

TO BE UPDATED FROM TIME TO TIME

IF YOU WISH TO CONTRIBUTE TO THIS REPO, PLEASE SEND EMAIL TO ikbal@rawsec.com OR VIA TELEGRAM: @Viszsec