mirror of
https://codeberg.org/mclemens/qrz.is.git
synced 2024-06-12 11:00:45 +00:00
20 KiB
20 KiB
| title | date | draft | showthedate |
|---|---|---|---|
| Information Security | 2022-06-07T08:00:00+02:00 | false | false |
Threat Intelligence Portals/Feeds
- IBM X-Force Exchange - Cloud platform for sharing threat intel data
- OTX threat intelligence - AlienVault Open Threat Intelligence Community
- List of Threat Intelligence Feeds
- csirtg.io
- CentralOps Whois - in depth whois with IP history
- VirusTotal - You have to know VirusTotal
- GitHub - sroberts/awesome-iocs: A collection of sources of indicators of compromise
Threat Intelligence Tools
- IntelMQ - Solution for collecting and processing security feeds, pastebins, tweets using a message queue protocol
- harpoon - CLI tool for open source and threat intelligence
- Bearded-Avenger / CIF - CIF allows you to combine known malicious threat information from many sources and use that information for incident response, detection and mitigation.
- MISP - Self-hosted threat information sharing platform
- Cyber Threat Intelligence Tools - Very extensive list of tools
- urlQuery - Gives you a screenshot of a given site along with all HTTP transactions (request and response) and executed JS
- OSINT Framework
Threat Detection
- Blue Team fundamentals Part Two: Windows Processes.
- Detect Password Spraying With Windows Event Log Correlation – Welcome to the Ziemba.Ninja Infosec Blog!
- Download Windows security audit events from Official Microsoft Download Center
- GitHub - MHaggis/sysmon-dfir: Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
- Endpoint detection Superpowers on the cheap — part 1
- Windows RDP-Related Event Logs: Identification, Tracking, and Investigation | Ponder The Bits
- GitHub - Neo23x0/APTSimulator: A toolset to make a system look as if it was the victim of an APT attack
- GitHub - 0x4D31/awesome-threat-detection: A curated list of awesome threat detection and hunting resources
- Hack the Hacker – Fuzzing Mimikatz On Windows With WinAFL & Heatmaps (0day) | SEC Consult
- Tales of a Threat Hunter 1
- GitHub - sroberts/awesome-iocs: A collection of sources of indicators of compromise
- ion-storm/sysmon-config: Sysmon configuration file template with default high-quality event tracing
- Greater Visibility Through PowerShell Logging « Threat Research Blog | FireEye Inc
- Know your Windows Processes or Die Trying
- http://blog.rootshell.be/2012/01/17/monitoring-pastebin-com-within-your-siem/
- FCL - Fileless Command Lines
Data Scraping
- pystemon - Monitoring tool for PasteBin-alike sites written in Python
Vulnerability Management
- https://vulners.com - Vulnerability search engine - ("Google for Hackers")
Honeypots
- ssh-auth-logger - works great in combination with CIF and csirtg.io, see explodingwoodchucks.com
- cowrie - successor to kippo
- High Interaction Honeypots with Sysdig and Falco
Tools - Packet String Data (PSTR)
- URLsnarf
- Httpry - HTTP logging and information retrieval tool
- Justsniffer - a network protocol analyzer that captures network traffic
Incident Response
- Incident Response
- Cyber Probe - Capturing, Analysing and Responding to Cyber Attacks
- Basics of Windows Incident Response – JP
- PENTEST-WIKI
- https://github.com/meirwah/awesome-incident-response
Incident Analysis
Malware Analysis
Detection
- https://virustotal.github.io/yara/ - Signature based detection
- https://ssdeep-project.github.io/ssdeep/usage.html - Fuzzy Hashing
- https://github.com/Dynetics/Malfunction - Fuzzy Hasing
String Extraction
- https://blog.didierstevens.com/programs/xorsearch/
- https://github.com/fireeye/flare-floss - Automatic decoder function detection and usage, Extracts ASCII and UTF-16-le strings
- https://docs.microsoft.com/en-us/sysinternals/downloads/strings
PE
Graphical Analysis
Disassembler
PDF Analysis
Office Analysis
Filesystem Analysis
Shellcode Analysis
Reconnaissance
- shodan.io - service banner search engine
- A Shodan Tutorial and Primer
- AutoNSE - Massive NSE (Nmap Scripting Engine) AutoSploit And AutoScanner - KitPloit - PenTest Tools for your Security Arsenal ☣
- GitHub - gpoguy/GetVulnerableGPO: PowerShell script to find 'vulnerable' security-related GPOs that should be hardended
- PowerShell: Get all logged on Users per Computer/OU/Domain (Get-UserLogon) – SID-500.COM
- port-scan-automation: Automate NMAP Scans & Generate Custom Nessus Policies Automatically • Penetration Testing
- Vision2 - Nmap's XML result parse and NVD's CPE correlation to search CVE - KitPloit - PenTest Tools for your Security Arsenal ☣
- Retrieving scan results through Nessus API | Alexander V. Leonov
- Nmap Cheat Sheet
(Post-)Exploitation
- GitHub - mubix/post-exploitation: Post Exploitation Collection
- GitHub - skelsec/pypykatz: Mimikatz implementation in pure Python
- (403) http://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network/
- A Red Teamer's guide to pivoting
- How to use weaponized PDF documents to steal Windows credentialsSecurity Affairs
- GitHub - dylanaraps/pure-bash-bible: 📖 A collection of pure bash alternatives to external processes.
- Untitled (http://LetMeOutOfYour.Net)
- Passing the hash with native RDP client (mstsc.exe) - Blog | Michael Eder
- Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)
- Digging passwords in Linux swap - Sevagas
- GitHub - quentinhardy/msdat: MSDAT: Microsoft SQL Database Attacking Tool
- How to Bypass Application Whitelisting & AV - Black Hills Information Security
- Weaponization of Nessus Plugins
- Getting SYSTEM – Decoder's Blog
- SSH Hijacking for lateral movement | xorl %eax, %eax
- awesome-windows-exploitation/README.md at master · enddo/awesome-windows-exploitation · GitHub
- GitHub - gobiasinfosec/Wireless_Query: Query Active Directory for Workstations and then pull their Wireless Network Passwords
- (500) https://raw.githubusercontent.com/enigma0x3/Invoke-LoginPrompt/master/Invoke-LoginPrompt.ps1
- Step by step Metasploit walkthrough
- Ping is okay? – Right? – MSitPros Blog
- How to get SQL Server Sysadmin Privileges as a Local Admin with PowerUpSQL
- Applocker Bypass via Registry Key Manipulation
- Bypassing Application Whitelisting with BGInfo – MSitPros Blog
- Mimikatz in JS - Courtesy of James Forshaw - https://github.com/tyranid/DotNetToJScript ;-) · GitHub
- GitHub - nccgroup/redsnarf: RedSnarf is a pen-testing / red-teaming tool for Windows environments
- Breaking Out! of Applications Deployed via Terminal Services, Citrix, and Kiosks
- Mimikatz Against Virtual Machine Memory Part 1 Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog
- Powershell script to automatically generate a malicious Excel document with different payloads and persistence methods. : netsec
- Dumping Windows Credentials | Securus Global Blog
- Pass the Hash on Windows 8.1
- Basic Linux Privilege Escalation
- GitHub - wtsxDev/Penetration-Testing: List of awesome penetration testing resources, tools and other shiny things
- p0wnedShell - PowerShell Runspace Post Exploitation Toolkit - Darknet
- WifiHistoryView - Displays history of connections to wireless networks on your computer
- How to Bypass Anti-Virus to Run Mimikatz - Black Hills Information Security
- “Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking | enigma0x3
- Explore Hidden Networks With Double Pivoting – Pentest Blog
- Decrypting Modern McAfee ePolicy Orchestrator Credentials | #!/bin/blog
Malware Analysis
- Painless Cuckoo Sandbox Installation | NVISO LABS – blog
- How to become the best Malware Analyst E-V-E-R
- VirusTotal Blog: Meet VirusTotal Droidy, our new Android sandbox
- How to Share Malware Samples With Other Researchers
- ANY.RUN
- Any.Run - An Interactive Malware Analysis Tool - Is Now Open To The Public
- malware.one LOGIN
- Malware Analysis for the Incident Responder
- GitHub - ANSSI-FR/caradoc: A PDF parser and validator
- Extract text and media content from docx | govolution
- GitHub - K2/EhTrace: ATrace is a tool for tracing execution of binaries on Windows.
- https://github.com/DidierStevens/DidierStevensSuite
Hardening / Configuration Auditing
OS Hardening
- CIS Controls V7 Measures & Metrics
- PaulSec/awesome-windows-domain-hardening: A curated list of awesome Security Hardening techniques for Windows.
- selinux-coloring-book
- lateralblast/lunar: A UNIX security auditing tool based on several security frameworks
- https://adsecurity.org/?p=2288
- http://www.tenable.com/blog/compliance-auditing-with-microsoft-powershell
- 10 best practices for Windows security - TechRepublic
- A Look into Linux Hardening in the Wild
Web Server Hardening
- Nginx Quick Reference
- GitHub - yandex/gixy: Nginx configuration static analyzer
- securityheaders.com - Check the configuration of your website's security headers
- webbkoll.dataskydd.net - Checks websites for privacy leaks and security headers
SIEM Solutions
- AlienVault - Open Source SIEM solution
- McAfee Enterprise Security Manager
- ArcSight
- QRadar - IBM's SIEM solution
- LogRhythm
- Splunk - Log management tool with SIEM ambitions
- Exabeam - Looks promising
- Logpoint
- Gartner Peer Insights - Gartner's SIEM rankings
SOC Related Stuff
- SIEM use cases development workflow – Agile all the things! | SPL>Ninja
- Lessons learned from the Microsoft SOC—Part 1: Organization
Awareness
Other Stuff
- GitHub - m4b/bingrep: like grep, but for binaries
- GitHub - vulnersCom/getsploit: Command line utility for searching and downloading exploits
- Microsoft releases new IT tool, Policy Analyzer - MSPoweruser
- nexxai/CryptoBlocker: A script to deploy File Server Resource Manager and associated scripts to block infected users
- GitHub - securitywithoutborders/hardentools
- GitHub - juliocesarfort/public-pentesting-reports: Curated list of public penetration test reports released by several consulting firms and academic security groups
- CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
Leaked Password Databases
Password Lists
- CrackStation - 1,493,677,782 Passwords
- Rockyou.txt - the standard