awesome-lists
Awesome Security lists for SOC/CERT/CTI
https://github.com/mthcht/awesome-lists
Last synced: 3 days ago
JSON representation
-
๐พ Threat Hunting:
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- User-Agents Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HTML Smuggling artifacts
- Suspicious Named pipes
- Time Slipping detection
- ThreatHunting searches
- Browsers extensions Searches
- Suspicious Named pipes
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- ThreatHunting keywords Site
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Time Slipping detection
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Suspicious Named pipes
- Time Slipping detection
- Windows Services Searches
- DNS Over HTTPS Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Suspicious TLDs Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- C2 hiding in plain sigh
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- PSEXEC & similar tools Searches
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Windows Services Searches
- User-Agents Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious Named pipes
- Suspicious Named pipes
- Suspicious Named pipes
- Suspicious Named pipes
- Suspicious Named pipes
- Suspicious Named pipes
-
Other Lists
-
๐ Security News
- CIRT bd feed
- ahnlab apt feed
- ahnlab cert feed
- ahnlab phishing feed
- ahnlab trend feed
- Akamai blog feed
- Any.run malware analysis blog feed
- Avast Blog feed
- badsectorlabs Last week in security - Redteam
- bi-zone blog feed
- bitdefender labs feed
- Blackberry blog
- broadcom blog feed
- CERT LV feed
- CERT PL feed
- CERT SE feed
- CERT SI feed
- CERT UA feed
- CIRT bd feed
- CISA news feed
- Cisco Talos
- Cloudfare security feed
- crowdstrike counter adversary operations blog
- deepinstinct blog
- detect.fyi
- Detection engineering weekly
- drweb virus alert feed
- eclecticiq threat intel
- elastic security labs blog feed
- forcepoint lab blog
- genians threat intel feed
- gi7w0rm threat intel feed
- Google Project Zero blog feed
- Google threat intelligence feed
- Google Threat analysis feed
- Group-IB feed
- harfanglab lab feed
- hexacorn blog feed
- hunt.io blog
- huntress blog feed
- IC3 CSA feed
- Infostealers Hub News Feed
- infostealers reports feed
- Intrinsec feed
- isc sans edu feed
- JPCERT feed
- krebsonsecurity feed
- malwarebytes blog feed
- malwaretech feed
- mcafee labs feed
- Microsoft security blog feed
- Microsoft Incident response ninja hub
- Microsoft Threat Intel feed
- morphisec threat research
- nccgroup research blog security
- NCSC news feed
- NIST cybersecurity insights feed
- orangecyberdefense Intel
- outpost24 research and threat intel feed
- proofpoint threat insight
- Qualys Threat research feed
- reversinglabs threat research
- security.com threat intel
- securityaffairs apt feed
- securityweek feed
- securlist apt targeted attacks feed
- Sekoia blog feed
- SentinelOne labs feed
- seqrite techical blog
- Simone Kraus blog feed
- Sybersecyrity news feed
- Talos feed
- threat connect blog feed
- threatlabz zscaler blog
- threatpost feed
- trendmicro security feed
- Trustwave blog feed
- Unit42 feed
- Unit42 feed
- virusbulletin feed
- volexity blog feed
- welivesecurity feed
- tl;dr sec newsletter
- ahnlab cert feed
- ahnlab phishing feed
- ahnlab trend feed
- bitdefender labs feed
- binarydefense blog feed
- Checkpoint Research feed
- claroty team82 research
- crowdstrike counter adversary operations blog
- DFIR weekly news feed
- eclecticiq threat intel
- Group-IB feed
- Microsoft Threat Intel feed
- morphisec threat research
- nccgroup research blog security
- NIST CVEs
- orangecyberdefense Intel
- redcanary feed
- sans blog
- trendmicro security feed
-
Investigation
- xcyclopedia
- vmray
- threatbook
- Kaspersky Security Network
- Microsoft Security Intelligence Report
- OUI mac address lookup
- abuse.ch
- malware-traffic-analysis
- waybackmachine
- dnshistory
- asnlookup
- fofa.info
- Sandbox HA
- Sandbox Anyrun
- triage
- capesandbox
- joesandbox
- ipvoid
- mxtoolbox
- Microsoft TI
- pulsedive
- IBM X-Force Exchange
- AlienVault OTX
- greynoise
- echotrail
- whois domaintools
- viewdns
- url tiny-scan
- checkphish
- McAfee Threat Intelligence Exchange
- cloudfare scanner
- whoxy
- SecurityTrail
- ZommEye
- Malware-Traffic-Analysis (PCAP files)
- triage
- urldna.io
- filescan.io
- threat zone
-
Data manipulation
- JS deobfuscator
- CyberChef
- Text Tool
- Message Header
- MXToolbox EmailHeaders
- Email Header Analyzer
- Email Header Analysis
- Gitlab dashboard from Excel
- OPENAI
- jsoncrack
- Hash calculator
- regex101
- Javascript Deobfuscator
- JSONViewer
- TextMechanic
- UrlEncode.org
- TextFixer
- RegExr
- Online XML Formatter and Beautifier
- XML Escape Tool
- DiffChecker
- HTML Formatter
- TextUtils
- TextCompactor
- Pretty Diff
- XML Tree
- String Manipulation Tool
- urlunscrambler
- longurl
- uncoder
- DeHashed
- PCAP online analyzer
-
Detection Resources
- GTFOBIN
- LOLBAS
- Elastic Rules
- DFIR-Report Sigma-Rules
- mdecrevoisier Sigma-Rules
- P4T12ICK Sigma-Rules
- tsale Sigma-Rules
- list of detections resources
- detection engineering resources
- awesome-threat-detection
- LOTS
- loldrivers
- WTFBIN
- Sigma
- Splunk Rules
- MITRE Updates
- MITRE Datasources
- JoeSecurity Sigma-Rules
- LOLRMM
-
DFIR
-
๐ก๏ธ DFIR:
- \[EVTX\
- Kape
- ๐ฅ EricZimmerman Tools ๐ฅ
- dfir-orc-config
- Splunk4DFIR
- \[memory\
- \[OS\
- Yara - Forge
- PersistenceSniper
- ADTimeline
- \[EVTX\
- \[O365\
- OneDrive OCR DB artifact collector exe
- \[memory\
- PSBits
- Timeline Plaso
- Arsenal Recon Forensic tools
- \[OSX Tools\
- dfiq
- Mind maps
- arfifacts List - DFIRArtifactMuseum
- arfifacts List - ForensicArtifacts
- Autopsy
- SleuthKit
- \[OS\
- usnjrnl_rewind
- OneDrive OCR DB artifact collector exe
- \[O365\
- OneDrive OCR DB artifact collector python
- \[Linux\
- lists - aboutdfir.com
- Monitoring - Osquery
- \[IR Guide\
- Browser Chrome Extensions DNS Forensic
- srum-dump
- dfir-orc
- regripper
- hollows hunter
- Searching strings - Recoll
- Kape Files
- \[Network\
- Logon Tracer
- Yara - Threat Hunting - Keywords)
- \[Linux\
- \[memory\
- More Kape ressources
- Timeline TimeSketch
- VolatileDataCollector
- Velociraptor
- TZ tools
- Nirsoft tools
- \[memory\
- \[memory\
- \[memory\
- \[Image Mount\
- \[Image Mount\
- \[Network\
- \[Network\
- Searching strings - ripgrep
- \[Carving\
- \[Carving\
- Didier Stevens tools
- \[memory\
- Windows artifacts
- PE sieve
- RdpCacheStitcher
- \[OS\
- \[OS\
- \[OS\
- \[OS\
- capa
- Malcontent
- \[Event parser\
- \[Event Parser\
- \[Event Parser\
- \[EVTX\
- \[EVTX\
- \[EVTX / Auditd\
- werejugo
-
Security News
- detect.fyi
- CERT FR Avis
- akamai Feed
- Elastic Blog
- Adam Chester Blog Feed
- Mauricio Velazco Blog
- tenable Blog
- horizon3 Feed
- Incidents reports Feed
- NCC Group Research Feed
- SpecterOps Feed
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- DFIR Podcasts
- DFIR weekly news
- sans blog
- detect.fyi
- detect.fyi
- CERT-FR
- CERT FR Alerts
- JPCERT
- Sophos Research Feed
- CISA news
- thedfirreport Feed
- Cisco Talos Feed
- Crowdstrike Feed
- Hexacorn Blog
- simone kraus Blog
- Offensive Research - DSAS by INJECT
- Splunk Research Blog
- Michael Haag Blog
- EricaZelic Blog
- Unit42 Feed
- HackerNews Feed
- Bleepingcomputer Feed
- detect.fyi
- detect.fyi
- detect.fyi
- Clรฉment Notin Feed
- detect.fyi
- detect.fyi
- detect.fyi
- Google Threat Intelligence
- Sekoi Blog
- detect.fyi
-
๐ซ IOC Feeds/Blacklists:
- Block Lists
- Zscaler ThreatLabz Ransomware notes
- Sophos lab IOC
- ESET Research IOC
- ExecuteMalware IOC
- Pr0xylife DarkGate IOC
- Pr0xylife WikiLoader IOC
- Pr0xylife SSLoad IOC
- Pr0xylife Matanbuchus IOC
- Pr0xylife Gozi IOC
- Pr0xylife IceID IOC
- Pr0xylife Emotet IOC
- Pr0xylife BumbleBee IOC
- Pr0xylife AsyncRAT IOC
- Pr0xylife RemcosRAT IOC
- Pr0xylife BazarLoader IOC
- Pr0xylife SnakeKeylogger IOC
- Pr0xylife njRat IOC
- Elastic Lab IOC
- Pr0xylife NetSupportRAT IOC
- Pr0xylife Lokibot IOC
- UrlHaus_misp
- Pr0xylife AZORult IOC
- Cloud Intel IOC
- Pr0xylife Warmcookie IOC
- AVAST IOC
- Pr0xylife Latrodectus IOC
- Pr0xylife Vidar IOC
- Pr0xylife NanoCore IOC
- Pr0xylife NetWire IOC
- vx-underground - Great Resource for Samples and Intelligence Reports
- Zimperium IOC
- ABUSE.CH BLACKLISTS
- Binary Defense IP Block List
- ThreatFOX IOC
- UrlHaus_misp ASN
- Ransomware.live
- Pr0xylife QakBot IOC
- Pr0xylife nworm IOC
- Sekoia IOC
- HarfangLab IOC
- Phihsing urls - last week feed
- SpamHaus drop + ASN
- experiant.ca
- SpamHaus drop.txt
- DNS Block List
- Phishing Block List
- Binary Defense IP Block List
- C2IntelFeeds
- Volexity TI
- Open Source TI
- C2 Tracker
- Unit42 IOC
- Unit42 Timely IOC
- Unit42 Articles IOC
- Zscaler ThreatLabz IOC
- Cisco Talos IOC
- Blackorbid APT Report IOC
- DoctorWeb IOC
- BlackLotusLab IOC
- Pr0xylife BitRAT IOC
- prodaft IOC
- Pr0xylife Pikabot IOC
- rosti.bin public reports feed
-
Training
-
๐ต๏ธโโ๏ธ Investigation
- AbuseIPDB
- Malwarebazaar
- urlscan
- scamsearch.io
- scamdb.net
- URL Redirect Checker
- threatbook
- web archive
- certificates - crt.sh
- site web-check
- Browser Extension CRX checker
- macvendorlookup
- BlueCoat lookup
- Norton lookup
- Fortinet lookup
- McAfee lookup
- Trellix lookup
- Palo Alto lookup
- Talos Intelligence lookup
- Checkpoint lookup
- Cyren lookup
- Forcepoint lookup
- TrendMicro lookup
- USB & PCI database - DeviceHunt
- kaspersky opentip
- speakeasy (kernel and user mode emulation)
- DOGGuard
- Kaspersky Threat Intelligence Portal
- dnsdumpster
- nslookup.io
- cloudfare URL scan
- Kaspersky Security Network
- Cyren lookup
- emailrep
- shodan
- threatminer
- Apptotal (apps and extensions analysis)
- Telegram BOT hunting
- Onyphe
- Censys
- Virustotal
- proxy IP check - proxycheck.io
- reputation IP check criminalip
- proxy IP check - iphub.info
- app.spur.us
- SpamHaus
- cybergordon (URL reputation check)
- haveibeenpwned
- Checkpoint lookup
-
๐ฅ๏ธ SIEM/SOC/PurpleTeam related:
-
๐ TI TTP/Framework/Model/Trackers
- Tools used by threat actor groups - MITRE ATT&CK
- MITRE CAPEC
- MITRE PRE-ATT&CK Techniques
- MITRE CAR
- Tools used by ransomware groups - @BushidoToken
- Mitigation - MITRE ATT&CK
- Tactics - MITRE ATT&CK
- Techniques - MITRE ATT&CK
- MITRE D3FEND
- ๐ฅALL TI Reports๐ฅ
- ๐ฅALL TI Reports searches๐ฅ
- APTMAP
- Tools associated with groups (partial)
- Tools used by Russian APT
- MITRE DeTTECT
- ATT&CK matrix navigator
- All MITRE data in xlsx format
- CVE Vuln Database
- CVE Vuln Framework
- REACT framework
- redcanary Threat Detection report
- The-Unified-Kill-Chain
- TTP pyramid
- Pyramid of pain
- Cyber Kill chain
- atomic-red-team
-
Others
-
Knowledge sites
-
Books
- Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats
- SANS FOR500 / FOR508 book
- Practical Forensic Imaging
- Practical-Linux-Forensics-Digital-Investigators
- TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts - Free
- Eric Zimmerman Manual Tools - Free
- The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
- Applied Incident Response
- Blue Team Handbook: Incident Response Edition
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset
- Crafting the InfoSec Playbook: Security Monitoring and Incident
- Investigating Windows Systems
- Blue Team Handbook: SOC, SIEM, and Threat Hunting
- BTFM: Blue Team Field Manual
- PTFM: Purple Team Field Manual - 2nd-Purple-Field-Manual/dp/1736526790)
- MITRE - 11 Strategies of a World-Class Cybersecurity Operations Center
- Windows Internals Books
- How Linux Works
- Linux Device Drivers
- Understanding The Linux Virtual Memory Manager
- Linux insides
- Linux Ebpf
- Hacking Art Exploitation
- Hacker Playbook Practical Penetration Testing
- RTFM: Red Team Field Manual
- Red Team Development and Operations: A practical guide
- RTRM: Red Team Reference Manual
- POC||GTFO
- EDR - Introduction to endpoint security
- Big picture on running a SOC - Modern SOC
- SANS 555 book
-
TI TTP/Framework/Model/Trackers
-
LAB
-
Youtube/Twitch channels
- DFIR - BlueMonkey4n6
- DFIR - binaryzone
- DFIR - 13cubed videos
- DFIR - SANS videos
- DFIR - DFIRScience
- Malware Analysis - jstrosch
- Malware Analysis - cyberraiju
- Malware Analysis - Botconf
- DFIR - BlackPerl
- Exploitation - HackerSploit
- DFIR - TheTaggartInstitute
- Malware Analysis - JohnHammond
- Exploitation - Alh4zr3d - twitch
- Exploitation - Alh4zr3d - youtube
- Exploitation - incodenito
- Malware Analysis - MalwareTechBlog
- !!! Exploitation - ippsec
- DFIR - MyDFIR
- Malwaez Analysis - AzakaSekai
-
๐งฉ Data manipulation
-
๐ก Detection Resources
-
๐บ Youtube/Twitch channels
- DFIR - AntisyphonTraining
- Malware Analysis - malwareanalysisforhedgehogs
- Malware Analysis - invokereversing
- Exploitation - incodenito
- Exploitation - dayzerosec
- Malware Analysis - radkawar
- Malware Analysis - neoeno
- CTI - bushidotoken
- CTI - @TLP_R3D
- Windows Internal - @mrexodia
- Exploitation - flangvik
- Conferences channel - scrtinsomnihack
- Conferences channel - OffensiveCon
- Conferences channel - BSidesSF
- Conferences channel - BSidesTLV
- Conferences channel - SecuritybsidesOrgUk
- Conferences channel - bsidescanberra9688
- Conferences channel - brucontalks
- Conferences channel - DEFCONConference
- Conferences channel - Disobey
- Conferences channel - hitbsecconf
- Conferences channel - SANSOffensiveOperations
- Conferences channel - BlackHillsInformationSecurity
- Conferences channel - RITSEC
- Conferences channel - Preludeorg
- Conferences channel - BlackHatOfficialYT
- Conferences channel - TROOPERScon
- Conferences site - infocon.org
- Conferences site - sectube.tv
- Conferences channel - x33conf
- Detection Engineering - Splunk - atomicsonafriday
- Malware Analysis - JohnHammond
- !!! Exploitation - ippsec
-
๐๏ธ Podcasts
-
๐ฌ Discord /Slack channels
- RedTeam - ๐ฅ Initial Access Guild ๐ฅ Discord
- RedTeam - ๐ฅ Red-Team VX community ๐ฅ Discord
- RedTeam - evilsocket Discord
- RedTeam - OffSec Discord
- Threat Hunting - Threat Hunter community Discord
- PurpleTeam - Ipurpleteam Discord
- Blueteam Detection engineering - Hunter's Den Discord
- Blueteam Detection engineering - Sigma HQ Discord
- Blueteam Threat Intel - Malcore Discord
-
๐ Training
-
๐ Books
-
๐ Knowledge sites
- Exploitation - red-team-note
- DFIR - JPCERT Tools Analysis
- Exploitation - Red Team TTP
- Linux - EBPF docs
- DEV - Windows PInvoke signatures
- Detection - GCP Attack - Defense
- Detection - Azure Attack Defense
- Detection - Unprotect project
- Exploitation - Hacker recipes
- Logs - Events IDs and others - eventlog-compendium
- Logs - Events IDs - ultimatewindowssecurity
- Logs - Event IDs & policies - microsoft
- Logs - Event IDs Logon types - microsoft
- Logs - Azure SigninLogs Schema
- Logs - Azure SigninLogs Risk Detection
- Logs - AADSTS Error Codes
- Logs - Microsoft Errors Search
- Logs - Microsoft Defender Event IDs
- Logs - Microsoft Defender for Cloud Alert References
- Logs - Microsoft Defender for Identity Alert References
- Logs - Microsoft Defender XDR Schemas
- Logs - Sysmon Event IDs
- more cheatsheets
- Exploitation - TLS details
- SOC - Email Headers IANA
- SOC - DKIM, DMARC, SPF
- SOC - Kerberos Protocol explained
- SOC - ADSecurity AD Attacks
- SOC - Pass the ticket explained
- SOC - Kerberoasting explained
- SOC - Kerberos Unconstrained Delegation explained
- SOC - AS_REP roasting explained
- SOC - Golden tickets explained
- SOC - Skeleton Key explained
- SOC - NTLM Relay explained
- SOC - LLMNR Poisoning explained
- SOC - DCsync explained
- SOC - DCshadow attack explained
- SOC - Interview Questions by LetsDefend
- SOC - explain shell command arguments
- Logs - Microsoft DNS Debug Event IDs - logging-and-diagnostics-1)
-
๐งช LAB
- LAB automation - warhorse
- LAB automation - Azure - BadZure
- LAB automation - Azure - AzureGoat
- SandBox - cuckoo
- SandBox - CAPEv2
- SandBox - Malice (Virustotal self hosted clone)
- Detection platform - wazuh
- Detection platform - securityonion
- Detection platform - Splunk
- Detection platform - Elastic
- Deployment - ansible
- SOC - Use Case Factory Automation - DetectIQ
- Honeypot - Certiception (ADCS honeypot)
- Honeypot - cowrie
- Maldev - Defense Evasion - avred
- Maldev - Defense Evasion - gocheck
- Detection Agent - Sandfly linux agent
- Log Forwarder - openwec (windows event forwarder)
- Threat Hunting Platform - deephunter
- Windows Logs - Sysmon
- LInux Logs - ossec
- Linux Logs - ecapture (SSL/TLS)
- Linux Logs - tracee
- Linux Logs - auditd
- Linux Logs - SysmonForLinux
- Linux Logs - kunai
- CTI - MISP
- Code analysis
- IR platform - rAIdline
- IR platform - FIR
- Challenges - DFIR LABS
- Log samples - Splunk Attack range
- IT - Remote connections manager - xpipe
- Endpoint Security - Windows Hardening - Harden-Windows-Security
- Endpoint Security - Linux Hardening - lynis
- Endpoint Security - Linux - apparmor
- Windows Logs - JonMon
- Endpoint Security - Linux - apparmor
-
๐ฆ Others
-
Content creation
-
Formations
-
IOC Feeds/Blacklists:
-
๐ Github
-
-
Threat Hunting:
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- PSEXEC & similar tools Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious TLDs Searches
- Windows Services Searches
- User-Agents Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Phishing & DNSTWIST Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Phishing & DNSTWIST Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Time Slipping detection
- PSEXEC & similar tools Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious TLDs Searches
- HijackLibs Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Suspicious Named pipes
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Windows Services Searches
- Time Slipping detection
- Suspicious Named pipes
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
-
Security News
-
Investigation
-
More TI
-
TI
-
-
Data manipulation
-
Sandbox
-
-
My Detection Lists
-
IOC Feeds/Blacklists:
-
-
๐ My Detection Lists
Programming Languages
Categories
Sub Categories
๐ Security News
103
๐ก๏ธ DFIR:
79
๐ซ IOC Feeds/Blacklists:
64
Security News
51
๐ต๏ธโโ๏ธ Investigation
49
๐ Knowledge sites
41
Investigation
39
๐งช LAB
38
๐บ Youtube/Twitch channels
33
Books
32
Data manipulation
32
๐ TI TTP/Framework/Model/Trackers
26
Youtube/Twitch channels
19
Detection Resources
19
Sandbox
17
Training
17
๐๏ธ Podcasts
14
LAB
13
๐ฌ Discord /Slack channels
9
Others
6
Knowledge sites
6
๐ Training
6
๐งฉ Data manipulation
5
๐ฅ๏ธ SIEM/SOC/PurpleTeam related:
5
๐ก Detection Resources
5
IOC Feeds/Blacklists:
3
๐ฆ Others
3
๐ Books
2
TI TTP/Framework/Model/Trackers
2
More TI
1
๐ Github
1
TI
1
Formations
1
Content creation
1
DFIR
1
Keywords
security
27
threat-hunting
23
dfir
22
threat-intelligence
19
incident-response
17
cybersecurity
16
malware-analysis
14
forensics
14
malware
12
windows
12
linux
11
threatintel
9
awesome-list
8
powershell
8
detection
7
blueteam
7
python
7
malware-research
7
detection-engineering
6
cti
6
infosec
6
siem
6
mitre-attack
5
sigma
5
yara-rules
5
soc
5
redteam
5
splunk
5
security-tools
5
forensic
4
malware-detection
4
misp
4
threat-analysis
4
apt
4
golang
4
digital-forensics
4
docker
4
endpoint-security
4
awesome
4
intrusion-detection
4
threat-detection
4
macos
4
ioc
4
rust
4
active-directory
4
iocs
4
reverse-engineering
4
memory-forensics
4
timeline
4
pentest
3