awesome-lists
Awesome Security lists for SOC/CERT/CTI
https://github.com/mthcht/awesome-lists
Last synced: 6 days ago
JSON representation
-
Data manipulation
-
Sandbox
-
-
Investigation
-
More TI
-
TI
-
-
๐ My Detection Lists
-
My Detection Lists
-
IOC Feeds/Blacklists:
-
-
Other Lists
-
๐ Books
-
Books
- SANS FOR500 / FOR508 book
- SANS 555 book
- Practical Forensic Imaging
- Practical-Linux-Forensics-Digital-Investigators
- TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts - Free
- Eric Zimmerman Manual Tools - Free
- The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
- Applied Incident Response
- Blue Team Handbook: Incident Response Edition
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset
- Crafting the InfoSec Playbook: Security Monitoring and Incident
- Investigating Windows Systems
- Blue Team Handbook: SOC, SIEM, and Threat Hunting
- BTFM: Blue Team Field Manual
- PTFM: Purple Team Field Manual - 2nd-Purple-Field-Manual/dp/1736526790)
- MITRE - 11 Strategies of a World-Class Cybersecurity Operations Center
- Windows Internals Books
- How Linux Works
- Linux Device Drivers
- Understanding The Linux Virtual Memory Manager
- Linux insides
- Linux Ebpf
- Hacking Art Exploitation
- Hacker Playbook Practical Penetration Testing
- RTFM: Red Team Field Manual
- Red Team Development and Operations: A practical guide
- RTRM: Red Team Reference Manual
- EDR - Introduction to endpoint security
- Big picture on running a SOC - Modern SOC
- POC||GTFO
- Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats
-
Content creation
-
๐งฉ Data manipulation
-
Data manipulation
- jsoncrack
- Hash calculator
- regex101
- Javascript Deobfuscator
- JSONViewer
- TextMechanic
- UrlEncode.org
- TextFixer
- RegExr
- TextUtils
- TextCompactor
- Pretty Diff
- XML Tree
- Online XML Formatter and Beautifier
- XML Escape Tool
- DiffChecker
- HTML Formatter
- Text Tool
- String Manipulation Tool
- urlunscrambler
- longurl
- Message Header
- MXToolbox EmailHeaders
- Email Header Analyzer
- Email Header Analysis
- Gitlab dashboard from Excel
- OPENAI
- uncoder
- DeHashed
- PCAP online analyzer
- JS deobfuscator
- CyberChef
-
๐ก Detection Resources
-
Detection Resources
- MITRE Updates
- MITRE Datasources
- LOTS
- loldrivers
- WTFBIN
- Sigma
- Splunk Rules
- JoeSecurity Sigma-Rules
- GTFOBIN
- LOLBAS
- Elastic Rules
- DFIR-Report Sigma-Rules
- mdecrevoisier Sigma-Rules
- P4T12ICK Sigma-Rules
- tsale Sigma-Rules
- list of detections resources
- detection engineering resources
- awesome-threat-detection
- LOLRMM
-
๐ก๏ธ DFIR:
- ๐ฅ EricZimmerman Tools ๐ฅ
- dfir-orc
- Kape
- \[memory\
- Yara - Threat Hunting - Keywords)
- dfir-orc-config
- Splunk4DFIR
- dfiq
- \[EVTX\
- \[EVTX\
- regripper
- RdpCacheStitcher
- Searching strings - ripgrep
- Kape Files
- More Kape ressources
- VolatileDataCollector
- Velociraptor
- \[memory\
- \[memory\
- \[memory\
- \[memory\
- Windows artifacts
- \[Linux\
- \[OS\
- lists - aboutdfir.com
- Mind maps
- arfifacts List - DFIRArtifactMuseum
- arfifacts List - ForensicArtifacts
- Autopsy
- SleuthKit
- \[OS\
- \[OS\
- \[OS\
- \[OS\
- \[OS\
- Yara - Forge
- capa
- Malcontent
- \[Event parser\
- \[Event Parser\
- \[Event Parser\
- \[EVTX\
- \[EVTX / Auditd\
- werejugo
- ADTimeline
- PersistenceSniper
- \[O365\
- Logon Tracer
- Timeline Plaso
- Timeline TimeSketch
- hollows hunter
- PE sieve
- Searching strings - Recoll
- TZ tools
- Nirsoft tools
- \[Image Mount\
- \[Image Mount\
- \[Network\
- \[Network\
- \[Network\
- \[Carving\
- \[Carving\
- Didier Stevens tools
- Monitoring - Osquery
- \[IR Guide\
- Arsenal Recon Forensic tools
- PSBits
- \[OSX Tools\
- usnjrnl_rewind
- OneDrive OCR DB artifact collector exe
- OneDrive OCR DB artifact collector python
- Browser Chrome Extensions DNS Forensic
- srum-dump
- \[memory\
- \[Linux\
- \[EVTX\
- \[O365\
- OneDrive OCR DB artifact collector exe
- \[memory\
-
DFIR
-
๐ฌ Discord /Slack channels
- RedTeam - ๐ฅ Initial Access Guild ๐ฅ Discord
- RedTeam - ๐ฅ Red-Team VX community ๐ฅ Discord
- RedTeam - evilsocket Discord
- RedTeam - OffSec Discord
- Threat Hunting - Threat Hunter community Discord
- PurpleTeam - Ipurpleteam Discord
- Blueteam Detection engineering - Hunter's Den Discord
- Blueteam Detection engineering - Sigma HQ Discord
- Blueteam Threat Intel - Malcore Discord
- RedTeam - OffSec Discord
- Threat Hunting - Threat Hunter community Discord
-
Formations
-
๐ Github
-
๐ต๏ธโโ๏ธ Investigation
-
Programming Languages
Categories
Sub Categories
๐ Security News
107
๐ก๏ธ DFIR:
79
๐บ Youtube/Twitch channels
74
๐ซ IOC Feeds/Blacklists:
65
Security News
51
๐ต๏ธโโ๏ธ Investigation
51
๐ Knowledge sites
43
Investigation
39
๐งช LAB
37
Books
32
Data manipulation
32
๐ TI TTP/Framework/Model/Trackers
26
Detection Resources
19
Youtube/Twitch channels
19
Sandbox
17
Training
17
๐๏ธ Podcasts
15
๐ Training
13
LAB
13
๐ฌ Discord /Slack channels
11
Others
6
Knowledge sites
6
๐ฅ๏ธ SIEM/SOC/PurpleTeam related:
5
๐งฉ Data manipulation
5
๐ก Detection Resources
5
IOC Feeds/Blacklists:
3
๐ฆ Others
3
๐ Books
3
TI TTP/Framework/Model/Trackers
2
TI
1
๐ Github
1
Content creation
1
DFIR
1
Formations
1
More TI
1
Keywords
security
28
threat-hunting
23
dfir
22
threat-intelligence
19
cybersecurity
17
incident-response
17
malware-analysis
14
forensics
14
malware
12
windows
12
linux
11
awesome-list
9
threatintel
9
powershell
8
detection
7
malware-research
7
python
7
blueteam
7
infosec
6
security-tools
6
siem
6
soc
6
cti
6
detection-engineering
6
yara-rules
5
mitre-attack
5
splunk
5
awesome
5
redteam
5
sigma
5
malware-detection
4
docker
4
threat-analysis
4
endpoint-security
4
threat-detection
4
macos
4
apt
4
memory-forensics
4
digital-forensics
4
golang
4
ioc
4
active-directory
4
rust
4
reverse-engineering
4
forensic
4
misp
4
iocs
4
timeline
4
intrusion-detection
4
osint
3