{"id":21988113,"url":"https://github.com/nvisosecurity/sec599-resources","last_synced_at":"2026-03-19T21:29:17.967Z","repository":{"id":89494302,"uuid":"420013650","full_name":"NVISOsecurity/SEC599-Resources","owner":"NVISOsecurity","description":null,"archived":false,"fork":false,"pushed_at":"2023-01-02T14:36:41.000Z","size":8,"stargazers_count":22,"open_issues_count":0,"forks_count":1,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-01-28T05:43:18.481Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NVISOsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-22T07:57:48.000Z","updated_at":"2025-01-13T17:56:36.000Z","dependencies_parsed_at":null,"dependency_job_id":"21b01ea9-f94b-4411-97cb-4b04254bbb27","html_url":"https://github.com/NVISOsecurity/SEC599-Resources","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NVISOsecurity%2FSEC599-Resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NVISOsecurity%2FSEC599-Resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NVISOsecurity%2FSEC599-Resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NVISOsecurity%2FSEC599-Resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NVISOsecurity","download_url":"https://codeload.github.com/NVISOsecurity/SEC599-Resources/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245048281,"owners_count":20552483,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-29T19:15:50.336Z","updated_at":"2026-01-05T03:49:06.813Z","avatar_url":"https://github.com/NVISOsecurity.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# SEC599-Resources\nThe following is an overview of links/articles commonly referenced during the SEC599 course\n\n## Section 1: Introduction and Reconnaissance\n* [Wired - The untold story of NotPetya](https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/)\n* [Cyberbit blog - COM Hijacking](https://www.cyberbit.com/blog/endpoint-security/com-hijacking-windows-overlooked-security-vulnerability/)\n* [MITRE ATT\u0026CK](https://attack.mitre.org/)\n* [Swift on Security - Sysmon config](https://github.com/SwiftOnSecurity/sysmon-config)\n* [APT Groups and Operations Google sheet](https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658)\n* [APT Index - Kumu.io](https://embed.kumu.io/0b023bf1a971ba32510e86e8f1a38c38#apt-index?focus=%23elem-gMh8T6PP%20out%202)\n* [ThaiCERT - Threat actor encyclopedia](https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf)\n* [Malware Archeology - Cheat Sheets](https://www.malwarearchaeology.com/cheat-sheets)\n* [NSA Cyber - Windows Secure Host Baseline](https://github.com/nsacyber/Windows-Secure-Host-Baseline)\n* [Openstack - Ansible Hardening](https://github.com/openstack/ansible-hardening)\n* [NIST Checklists](https://ncp.nist.gov/repository)\n* [MITRE ENGENUITY - ATT\u0026CK Evaluations](https://attackevals.mitre-engenuity.org/)\n* [x0rz - Phishing Catcher](https://github.com/openstack/ansible-hardening)\n\n\n## Section 2: Payload Delivery and Execution\n* [Fenrir - NAC bypass - Valérien Legrand](https://hackinparis.com/data/slides/2017/2017_Legrand_Valerian_802.1x_Network_Access_Control_and_Bypass_Techniques.pdf)\n* [Hackers use BadUSB to target defense firms with ransomware](https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/)\n* [YARA Rules Github](https://github.com/Yara-Rules/rules)\n* [InsecurePowerShell - PowerShell without System.Management.Automation.dll](https://cobbr.io/InsecurePowershell-PowerShell-Without-System-Management-Automation.html)\n* [Ultimate Applocker bypass list](https://github.com/api0cradle/UltimateAppLockerByPassList)\n* [USBHarpoon a Charging Cable That Hacks Your Computer](https://latesthackingnews.com/2018/08/27/usbharpoon-a-charging-cable-that-hacks-your-computer/)\n* [LOLBAS - Living Off The Land Binaries and Scripts](https://lolbas-project.github.io/)\n* [GTFOBins](https://gtfobins.github.io/)\n* [Malware-Traffic-Analysis.net](https://www.malware-traffic-analysis.net/)\n* [Domain-Level Prevention of LLMNR/NBT-NS Poisoning and WPAD Spoofing](https://medium.com/@s.ganoush/domain-level-prevention-of-llmnr-nbt-ns-poisoning-and-wpad-spoofing-74df09d6f512)\n* [Changing default file associations in Windows 10 via GPO](http://woshub.com/managing-default-file-associations-in-windows-10/)\n\n\n## Section 3: Exploitation, Persistence, and Command and Control\n* [Win32K.SYS System call table](https://j00ru.vexillium.org/syscalls/win32k/32/)\n* [Zerodium Exploit Acquisition program](https://zerodium.com/program.html)\n* [Overview of Windows as a Service](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview)\n* [Bill Gates - Trustworthy Computing memo](https://www.wired.com/2002/01/bill-gates-trustworthy-computing/)\n* [Salesforce JA3](https://github.com/salesforce/ja3)\n* [Hexacorn - Beyond good ol' Run key](http://www.hexacorn.com/blog/2017/01/28/beyond-good-ol-run-key-all-parts/)\n* [Microsoft - Control Flow Guard](https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard)\n* [Microsoft - Exploit protection reference](https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide)\n* [Palentir - Exploit guard base configuration script](https://github.com/palantir/exploitguard/blob/master/configureBaseMachine.ps1)\n\n\n## Section 4: Lateral Movement\n* [JPCert - Detecting lateral movement through tracking event logs](https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf)\n* [JEA - Sample DNS roles](https://github.com/PowerShell/JEA/tree/master/Samples/DnsAdministration/RoleCapabilities)\n* [Microsoft - Enterprise Access Model](https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model)\n* [UACME](https://github.com/hfiref0x/UACME)\n* [SharpHound: target Selection and API Usage](https://blog.cptjesus.com/posts/sharphoundtargeting)\n* [Blackhat - Abusing Microsoft Kerberos](https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don't-Get-It.pdf)\n\n\n## Section 5: Actions on Objectives, Threat Hunting, and Incident Response\n* [Blackhat - The Adventures of AV and the Leaky Sandbox](https://www.blackhat.com/docs/us-17/thursday/us-17-Kotler-The-Adventures-Of-Av-And-The-Leaky-Sandbox.pdf)\n* [Printer dots - How the Intercept outed Reality Winner](https://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html)\n* [TaHiTI - A threat hunting methodology](https://www.betaalvereniging.nl/wp-content/uploads/TaHiTI-Threat-Hunting-Methodology-whitepaper.pdf)\n* [Syntax-IR - Incident Response playbooks](https://gitlab.com/syntax-ir/playbooks)\n* [Aorato Skeleton key scanner](https://web.archive.org/web/20201030071700/https://gallery.technet.microsoft.com/Aorato-Skeleton-Key-24e46b73)\n* [Black Tulip - Diginotar breach](https://roselabs.nl/files/audit_reports/Fox-IT_-_DigiNotar.pdf)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnvisosecurity%2Fsec599-resources","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnvisosecurity%2Fsec599-resources","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnvisosecurity%2Fsec599-resources/lists"}