awesome-lists
Awesome Security lists for SOC/CERT/CTI
https://github.com/mthcht/awesome-lists
Last synced: 3 days ago
JSON representation
-
Other Lists
-
Investigation
- xcyclopedia
- vmray
- threatbook
- Kaspersky Security Network
- Microsoft Security Intelligence Report
- OUI mac address lookup
- abuse.ch
- malware-traffic-analysis
- waybackmachine
- dnshistory
- asnlookup
- fofa.info
- Sandbox HA
- Sandbox Anyrun
- triage
- capesandbox
- joesandbox
- mxtoolbox
- ipvoid
- Microsoft TI
- pulsedive
- IBM X-Force Exchange
- AlienVault OTX
- greynoise
- echotrail
- whois domaintools
- viewdns
- url tiny-scan
- checkphish
- McAfee Threat Intelligence Exchange
- cloudfare scanner
- whoxy
- SecurityTrail
- ZommEye
- urldna.io
- Malware-Traffic-Analysis (PCAP files)
- triage
- filescan.io
- threat zone
-
Data manipulation
- JS deobfuscator
- CyberChef
- Text Tool
- Message Header
- MXToolbox EmailHeaders
- Email Header Analyzer
- Email Header Analysis
- Gitlab dashboard from Excel
- OPENAI
- jsoncrack
- Hash calculator
- regex101
- Javascript Deobfuscator
- JSONViewer
- TextMechanic
- UrlEncode.org
- TextFixer
- RegExr
- Online XML Formatter and Beautifier
- XML Escape Tool
- DiffChecker
- HTML Formatter
- TextUtils
- TextCompactor
- Pretty Diff
- XML Tree
- String Manipulation Tool
- urlunscrambler
- longurl
- uncoder
- DeHashed
- PCAP online analyzer
-
Detection Resources
- GTFOBIN
- LOLBAS
- Elastic Rules
- DFIR-Report Sigma-Rules
- mdecrevoisier Sigma-Rules
- P4T12ICK Sigma-Rules
- tsale Sigma-Rules
- list of detections resources
- detection engineering resources
- awesome-threat-detection
- LOTS
- loldrivers
- WTFBIN
- Sigma
- Splunk Rules
- MITRE Updates
- MITRE Datasources
- JoeSecurity Sigma-Rules
- LOLRMM
-
DFIR
-
π‘οΈ DFIR:
- \[EVTX\
- Kape
- π₯ EricZimmerman Tools π₯
- dfir-orc-config
- Splunk4DFIR
- \[memory\
- \[OS\
- PSBits
- Timeline Plaso
- Arsenal Recon Forensic tools
- \[OSX Tools\
- usnjrnl_rewind
- Yara - Threat Hunting - Keywords)
- dfiq
- Mind maps
- arfifacts List - DFIRArtifactMuseum
- arfifacts List - ForensicArtifacts
- Autopsy
- SleuthKit
- \[OS\
- \[OS\
- \[OS\
- \[OS\
- \[OS\
- Yara - Forge
- capa
- Malcontent
- \[Event parser\
- \[Event Parser\
- \[Event Parser\
- \[EVTX\
- \[EVTX\
- \[EVTX / Auditd\
- werejugo
- ADTimeline
- PersistenceSniper
- \[O365\
- OneDrive OCR DB artifact collector exe
- OneDrive OCR DB artifact collector python
- \[Linux\
- lists - aboutdfir.com
- Monitoring - Osquery
- \[IR Guide\
- Browser Chrome Extensions DNS Forensic
- srum-dump
- dfir-orc
- regripper
- hollows hunter
- PE sieve
- RdpCacheStitcher
- Searching strings - ripgrep
- Searching strings - Recoll
- Kape Files
- \[Network\
- \[Carving\
- \[Carving\
- Didier Stevens tools
- \[memory\
- Windows artifacts
- Logon Tracer
- \[memory\
- \[Linux\
- Timeline TimeSketch
- More Kape ressources
- VolatileDataCollector
- Velociraptor
- TZ tools
- Nirsoft tools
- \[memory\
- \[memory\
- \[memory\
- \[Image Mount\
- \[Image Mount\
- \[Network\
- \[Network\
-
Security News
- detect.fyi
- CERT FR Avis
- akamai Feed
- Elastic Blog
- Adam Chester Blog Feed
- Mauricio Velazco Blog
- tenable Blog
- horizon3 Feed
- Incidents reports Feed
- NCC Group Research Feed
- SpecterOps Feed
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- detect.fyi
- DFIR Podcasts
- DFIR weekly news
- sans blog
- detect.fyi
- detect.fyi
- CERT-FR
- CERT FR Alerts
- JPCERT
- EricaZelic Blog
- CISA news
- thedfirreport Feed
- Splunk Research Blog
- Unit42 Feed
- Cisco Talos Feed
- Crowdstrike Feed
- Hexacorn Blog
- simone kraus Blog
- Michael Haag Blog
- Sophos Research Feed
- Offensive Research - DSAS by INJECT
- HackerNews Feed
- Bleepingcomputer Feed
- detect.fyi
- detect.fyi
- detect.fyi
- ClΓ©ment Notin Feed
- detect.fyi
- detect.fyi
- detect.fyi
- Google Threat Intelligence
- Sekoi Blog
- detect.fyi
-
π« IOC Feeds/Blacklists:
- Block Lists
- Zscaler ThreatLabz Ransomware notes
- Sophos lab IOC
- ESET Research IOC
- ExecuteMalware IOC
- AVAST IOC
- Pr0xylife DarkGate IOC
- Pr0xylife Latrodectus IOC
- Pr0xylife WikiLoader IOC
- Pr0xylife SSLoad IOC
- Pr0xylife Matanbuchus IOC
- Pr0xylife QakBot IOC
- Pr0xylife IceID IOC
- Pr0xylife Emotet IOC
- Pr0xylife Gozi IOC
- Pr0xylife RemcosRAT IOC
- Pr0xylife BazarLoader IOC
- Pr0xylife SnakeKeylogger IOC
- Pr0xylife njRat IOC
- Elastic Lab IOC
- Pr0xylife Lokibot IOC
- Pr0xylife NetSupportRAT IOC
- UrlHaus_misp
- Pr0xylife AZORult IOC
- Cloud Intel IOC
- Pr0xylife Warmcookie IOC
- Pr0xylife Vidar IOC
- vx-underground - Great Resource for Samples and Intelligence Reports
- Zimperium IOC
- Pr0xylife nworm IOC
- Sekoia IOC
- HarfangLab IOC
- Phihsing urls - last week feed
- SpamHaus drop + ASN
- experiant.ca
- SpamHaus drop.txt
- DNS Block List
- Phishing Block List
- Binary Defense IP Block List
- C2IntelFeeds
- Volexity TI
- Open Source TI
- C2 Tracker
- Unit42 IOC
- Unit42 Timely IOC
- Unit42 Articles IOC
- Zscaler ThreatLabz IOC
- Cisco Talos IOC
- Blackorbid APT Report IOC
- DoctorWeb IOC
- BlackLotusLab IOC
- prodaft IOC
- Pr0xylife Pikabot IOC
- Pr0xylife BumbleBee IOC
- Pr0xylife NanoCore IOC
- Pr0xylife NetWire IOC
- Pr0xylife AsyncRAT IOC
- rosti.bin public reports feed
- Pr0xylife BitRAT IOC
-
Training
- InsightEngineering
- Datasets
- dataset v1
- dataset v2
- dataset v3
- xintra
- 13cubed.com -windows endpoints
- Mastering Windows Forensics
- Zenk-Security
- 13cubed.com -windows memory
- 13cubed.com - linux
- FOR500
- letsdefend.io
- constructingdefense.com
- Linux-live-forensics
- Attacking and Defending Azure M365
- aceresponder.com
- SOC lvl 1
- BOTS
-
π₯οΈ SIEM/SOC/PurpleTeam related:
-
Others
-
Knowledge sites
-
Books
- Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats
- SANS FOR500 / FOR508 book
- Practical Forensic Imaging
- Practical-Linux-Forensics-Digital-Investigators
- TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts - Free
- Eric Zimmerman Manual Tools - Free
- The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
- Applied Incident Response
- Blue Team Handbook: Incident Response Edition
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset
- Crafting the InfoSec Playbook: Security Monitoring and Incident
- Investigating Windows Systems
- Blue Team Handbook: SOC, SIEM, and Threat Hunting
- BTFM: Blue Team Field Manual
- PTFM: Purple Team Field Manual - 2nd-Purple-Field-Manual/dp/1736526790)
- MITRE - 11 Strategies of a World-Class Cybersecurity Operations Center
- Windows Internals Books
- How Linux Works
- Linux Device Drivers
- Understanding The Linux Virtual Memory Manager
- Linux insides
- Linux Ebpf
- Hacking Art Exploitation
- Hacker Playbook Practical Penetration Testing
- RTFM: Red Team Field Manual
- Red Team Development and Operations: A practical guide
- RTRM: Red Team Reference Manual
- EDR - Introduction to endpoint security
- Big picture on running a SOC - Modern SOC
- POC||GTFO
- SANS 555 book
-
π΅οΈββοΈ Investigation
- Apptotal (apps and extensions analysis)
- SpamHaus
- AbuseIPDB
- Malwarebazaar
- emailrep
- shodan
- urlscan
- dnsdumpster
- nslookup.io
- haveibeenpwned
- cloudfare URL scan
- cybergordon (URL reputation check)
- threatminer
- Onyphe
- Censys
- Virustotal
- proxy IP check - proxycheck.io
- reputation IP check criminalip
- proxy IP check - iphub.info
-
π TI TTP/Framework/Model/Trackers
- MITRE CAPEC
- MITRE PRE-ATT&CK Techniques
- MITRE CAR
- Tools used by ransomware groups - @BushidoToken
- Tactics - MITRE ATT&CK
- Mitigation - MITRE ATT&CK
- MITRE D3FEND
- Techniques - MITRE ATT&CK
- π₯ALL TI Reportsπ₯
- π₯ALL TI Reports searchesπ₯
- APTMAP
- Tools used by Russian APT
- ATT&CK matrix navigator
- All MITRE data in xlsx format
- MITRE DeTTECT
- atomic-red-team
- redcanary Threat Detection report
- The-Unified-Kill-Chain
- TTP pyramid
- Pyramid of pain
- Cyber Kill chain
- CVE Vuln Database
- CVE Vuln Framework
- REACT framework
-
TI TTP/Framework/Model/Trackers
-
LAB
-
Youtube/Twitch channels
- DFIR - binaryzone
- Exploitation - HackerSploit
- DFIR - 13cubed videos
- DFIR - SANS videos
- DFIR - DFIRScience
- Malware Analysis - jstrosch
- Malware Analysis - cyberraiju
- Malware Analysis - Botconf
- DFIR - BlackPerl
- DFIR - BlueMonkey4n6
- DFIR - TheTaggartInstitute
- Malware Analysis - JohnHammond
- Exploitation - Alh4zr3d - twitch
- Exploitation - Alh4zr3d - youtube
- Exploitation - incodenito
- Malware Analysis - MalwareTechBlog
- !!! Exploitation - ippsec
- DFIR - MyDFIR
- Malwaez Analysis - AzakaSekai
-
Formations
-
IOC Feeds/Blacklists:
-
π Github
-
-
Threat Hunting:
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- PSEXEC & similar tools Searches
- User-Agents Searches
- Windows Services Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- DNS Over HTTPS Searches
- User-Agents Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious TLDs Searches
- Windows Services Searches
- User-Agents Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Phishing & DNSTWIST Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- HTML Smuggling artifacts
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Time Slipping detection
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- Time Slipping detection
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- Suspicious Named pipes
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
-
πΎ Threat Hunting:
- ThreatHunting keywords Site
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- ThreatHunting searches
- Browsers extensions Searches
- C2 hiding in plain sigh
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- Time Slipping detection
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Suspicious Named pipes
- PSEXEC & similar tools Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Windows Services Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
- Windows Services Searches
- User-Agents Searches
- DNS Over HTTPS Searches
- Suspicious TLDs Searches
- HijackLibs Searches
- Phishing & DNSTWIST Searches
- HTML Smuggling artifacts
- PSEXEC & similar tools Searches
- Time Slipping detection
- Suspicious Named pipes
-
Security News
-
Investigation
-
More TI
-
TI
-
-
Data manipulation
-
Sandbox
-
-
My Detection Lists
-
IOC Feeds/Blacklists:
-
-
π My Detection Lists
Programming Languages
Categories
Sub Categories
π‘οΈ DFIR:
75
π« IOC Feeds/Blacklists:
59
Security News
51
Investigation
39
Books
32
Data manipulation
32
π TI TTP/Framework/Model/Trackers
24
π΅οΈββοΈ Investigation
19
Youtube/Twitch channels
19
Training
19
Detection Resources
19
Sandbox
17
LAB
13
Knowledge sites
6
Others
6
π₯οΈ SIEM/SOC/PurpleTeam related:
5
IOC Feeds/Blacklists:
4
TI TTP/Framework/Model/Trackers
2
Formations
1
DFIR
1
TI
1
π Github
1
More TI
1
Keywords
dfir
19
threat-hunting
19
threat-intelligence
17
security
17
incident-response
16
forensics
13
cybersecurity
11
malware-analysis
10
malware
8
windows
8
awesome-list
8
threatintel
7
powershell
6
detection-engineering
6
detection
6
blueteam
6
splunk
5
sigma
5
mitre-attack
5
yara-rules
5
soc
5
malware-research
5
siem
5
cti
5
forensic
4
iocs
4
rust
4
ioc
4
memory-forensics
4
digital-forensics
4
awesome
4
apt
4
linux
4
timeline
4
redteam
4
hacktools
3
endpoint-security
3
blocklist
3
macos
3
offensive-security
3
logs
3
hunting
3
reverse-engineering
3
ransomware
3
python
3
analysis
3
active-directory
3
dns
3
cyber-threat-intelligence
3
threat-detection
3