awesome-lists
Awesome Security lists for SOC/CERT/CTI
https://github.com/mthcht/awesome-lists
Last synced: 7 days ago
JSON representation
-
Other Lists
-
๐ต๏ธโโ๏ธ Investigation
- AbuseIPDB
- Malwarebazaar
- emailrep
- shodan
- Onyphe
- Censys
- threatminer
- urlscan
- Apptotal (apps and extensions analysis)
- cloudfare URL scan
- cybergordon (URL reputation check)
- dnsdumpster
- nslookup.io
- haveibeenpwned
- Virustotal
- proxy IP check - proxycheck.io
- reputation IP check criminalip
- proxy IP check - iphub.info
- Telegram BOT hunting
- app.spur.us
- scamsearch.io
- scamdb.net
- URL Redirect Checker
- threatbook
- web archive
- certificates - crt.sh
- site web-check
- Browser Extension CRX checker
- macvendorlookup
- BlueCoat lookup
- Norton lookup
- Fortinet lookup
- McAfee lookup
- Trellix lookup
- Palo Alto lookup
- Talos Intelligence lookup
- Checkpoint lookup
- Cyren lookup
- Forcepoint lookup
- TrendMicro lookup
- USB & PCI database - DeviceHunt
- kaspersky opentip
- speakeasy (kernel and user mode emulation)
- DOGGuard
- Kaspersky Threat Intelligence Portal
- Checkpoint lookup
- urlquery
- urlvoid
- Kaspersky Security Network
- Cyren lookup
-
Investigation
- ipvoid
- mxtoolbox
- Microsoft TI
- pulsedive
- threatbook
- Kaspersky Security Network
- Microsoft Security Intelligence Report
- IBM X-Force Exchange
- AlienVault OTX
- greynoise
- echotrail
- whois domaintools
- viewdns
- OUI mac address lookup
- abuse.ch
- malware-traffic-analysis
- waybackmachine
- dnshistory
- asnlookup
- fofa.info
- Sandbox HA
- Sandbox Anyrun
- triage
- capesandbox
- joesandbox
- cloudfare scanner
- checkphish
- McAfee Threat Intelligence Exchange
- whoxy
- SecurityTrail
- ZommEye
- urldna.io
- Malware-Traffic-Analysis (PCAP files)
- triage
- filescan.io
- threat zone
- xcyclopedia
- vmray
- url tiny-scan
-
๐ซ IOC Feeds/Blacklists:
- Unit42 IOC
- Elastic Lab IOC
- Sekoia IOC
- experiant.ca
- SpamHaus drop.txt
- vx-underground - Great Resource for Samples and Intelligence Reports
- Block Lists
- DNS Block List
- Phishing Block List
- C2IntelFeeds
- Volexity TI
- Open Source TI
- C2 Tracker
- Unit42 Timely IOC
- Unit42 Articles IOC
- Zscaler ThreatLabz IOC
- Zscaler ThreatLabz Ransomware notes
- Sophos lab IOC
- ESET Research IOC
- ExecuteMalware IOC
- Cisco Talos IOC
- Blackorbid APT Report IOC
- AVAST IOC
- DoctorWeb IOC
- BlackLotusLab IOC
- prodaft IOC
- Pr0xylife DarkGate IOC
- Pr0xylife Latrodectus IOC
- Pr0xylife WikiLoader IOC
- Pr0xylife SSLoad IOC
- Pr0xylife Pikabot IOC
- Pr0xylife Matanbuchus IOC
- Pr0xylife QakBot IOC
- Pr0xylife IceID IOC
- Pr0xylife Emotet IOC
- Pr0xylife BumbleBee IOC
- Pr0xylife Gozi IOC
- Pr0xylife NanoCore IOC
- Pr0xylife NetWire IOC
- Pr0xylife AsyncRAT IOC
- Pr0xylife Lokibot IOC
- Pr0xylife RemcosRAT IOC
- Pr0xylife nworm IOC
- Pr0xylife AZORult IOC
- Pr0xylife NetSupportRAT IOC
- Pr0xylife BitRAT IOC
- Pr0xylife BazarLoader IOC
- Pr0xylife SnakeKeylogger IOC
- Pr0xylife njRat IOC
- Pr0xylife Vidar IOC
- UrlHaus_misp
- Pr0xylife Warmcookie IOC
- Cloud Intel IOC
- Binary Defense IP Block List
- Zimperium IOC
- HarfangLab IOC
- Phihsing urls - last week feed
- SpamHaus drop + ASN
- rosti.bin public reports feed
- Ransomware.live
- ABUSE.CH BLACKLISTS
- Binary Defense IP Block List
- ThreatFOX IOC
- UrlHaus_misp ASN
- Ransomware.live
-
IOC Feeds/Blacklists:
-
๐ Knowledge sites
- Exploitation - red-team-note
- DFIR - JPCERT Tools Analysis
- Exploitation - Red Team TTP
- Linux - EBPF docs
- DEV - Windows PInvoke signatures
- Detection - GCP Attack - Defense
- Detection - Azure Attack Defense
- Detection - Unprotect project
- Exploitation - Hacker recipes
- Logs - Events IDs and others - eventlog-compendium
- Logs - Events IDs - ultimatewindowssecurity
- Logs - Event IDs & policies - microsoft
- Logs - Event IDs Logon types - microsoft
- Logs - Azure SigninLogs Schema
- Logs - Azure SigninLogs Risk Detection
- Logs - AADSTS Error Codes
- Logs - Microsoft Errors Search
- Logs - Microsoft Defender Event IDs
- Logs - Microsoft Defender for Cloud Alert References
- Logs - Microsoft Defender for Identity Alert References
- Logs - Microsoft Defender XDR Schemas
- Logs - Sysmon Event IDs
- more cheatsheets
- Exploitation - TLS details
- SOC - Email Headers IANA
- SOC - DKIM, DMARC, SPF
- SOC - Kerberos Protocol explained
- SOC - ADSecurity AD Attacks
- SOC - Pass the ticket explained
- SOC - Kerberoasting explained
- SOC - Kerberos Unconstrained Delegation explained
- SOC - AS_REP roasting explained
- SOC - Golden tickets explained
- SOC - Skeleton Key explained
- SOC - NTLM Relay explained
- SOC - LLMNR Poisoning explained
- SOC - DCsync explained
- SOC - DCshadow attack explained
- SOC - Interview Questions by LetsDefend
- SOC - explain shell command arguments
- DFIR - Microsoft NinjaHub
- Exploitation - hacktricks
- Logs - Microsoft DNS Debug Event IDs - logging-and-diagnostics-1)
-
Knowledge sites
-
Programming Languages
Categories
Sub Categories
๐ Security News
107
๐ก๏ธ DFIR:
79
๐บ Youtube/Twitch channels
74
๐ซ IOC Feeds/Blacklists:
65
Security News
51
๐ต๏ธโโ๏ธ Investigation
51
๐ Knowledge sites
43
Investigation
39
๐งช LAB
37
Books
32
Data manipulation
32
๐ TI TTP/Framework/Model/Trackers
26
Detection Resources
19
Youtube/Twitch channels
19
Sandbox
17
Training
17
๐๏ธ Podcasts
15
๐ Training
13
LAB
13
๐ฌ Discord /Slack channels
11
Others
6
Knowledge sites
6
๐ฅ๏ธ SIEM/SOC/PurpleTeam related:
5
๐งฉ Data manipulation
5
๐ก Detection Resources
5
IOC Feeds/Blacklists:
3
๐ฆ Others
3
๐ Books
3
TI TTP/Framework/Model/Trackers
2
TI
1
๐ Github
1
Content creation
1
DFIR
1
Formations
1
More TI
1
Keywords
security
28
threat-hunting
23
dfir
22
threat-intelligence
19
cybersecurity
17
incident-response
17
malware-analysis
14
forensics
14
malware
12
windows
12
linux
11
awesome-list
9
threatintel
9
powershell
8
detection
7
malware-research
7
python
7
blueteam
7
infosec
6
security-tools
6
siem
6
soc
6
cti
6
detection-engineering
6
yara-rules
5
mitre-attack
5
splunk
5
awesome
5
redteam
5
sigma
5
malware-detection
4
docker
4
threat-analysis
4
endpoint-security
4
threat-detection
4
macos
4
apt
4
memory-forensics
4
digital-forensics
4
golang
4
ioc
4
active-directory
4
rust
4
reverse-engineering
4
forensic
4
misp
4
iocs
4
timeline
4
intrusion-detection
4
osint
3