awesome-soc-analyst

Online resources related to SOC Analysts. Incident investigation reference material, blogs, newsletters, good reads, books, trainings, podcasts, Twitter/X accounts and a set of tools relevant to the role of SOC analyst.
https://github.com/st0pp3r/awesome-soc-analyst

Last synced: 6 days ago
JSON representation

Uncategorized
- Uncategorized
  - HackerTarget Whatweb/Wappalyzer Scan - Website technology analyzer.
  - HackerTarget SSL Check
  - HackerTarget Dump Links - Dump links from a website.
  - HackerTarget Wordpress Scan
  - HackerTarget Joomla Scan
  - WhatIsMyBrowser
  - DeviceHunt - Find your device & driver from a massive database of PCI and USB devices.
  - EchoTrail - Look up information about known files using hash or process name.
  - XCyclopedia - Look up information about known exe files - hashes, known paths, metadata, other.\
  - crt.sh - Certificate Search
  - Pass the ticket - Explanation of over pass the ticket attack.
  - Kerberoasting | adsecurity - Explanation of kerberoasting attack.
  - Kerberoasting | hackndo - Explanation of kerberoasting attack.
  - Kerberos Unconstrained Delegation | hackndo - Explanation of Kerberos unconstained delegation.
  - Hash Calculator - Calculator for hashes.
  - Hash Crack - Cracking hashes online.
  - LLMNR Poisoning - Explanation of LLMNR Poisoning.
  - DCSync | adsecurity - Explanation of DCSync attack.
  - DCShadow - Explanation of DCShadow attack.
  - DNS Tunneling | unit42 - Simple example of DNS tunneling and how it is abused.
  - DNS DGA | cybereason - Nice examples of DGA variants.
  - Windows Event IDs and Audit Policies
  - Windows Security Log Event IDs Encyclopedia
  - Windows Logon Types
  - Windows Logon Failure Codes
  - Azure SigninLogs Schema
  - Azure SigninLogs Risk Detection
  - WayBack Machine - Historical search of pages.
  - RedHunt Labs Online Paste Tools Lookup - Lookup keywords on online paste sites like pastebin.
  - de4js - JavaScript Deobfuscator and Unpacker.
  - deobfuscate.relative.im - JavaScript Deobfuscator.
  - A-Packets PCAP Analyzer - PCAP analyzer from A-Packets.
  - URLEncoder - URL encoder and decoder.
  - explainshell.com - Write down a command-line to see the help text that matches each argument
  - EpochConverter - Epoch & Unix Timestamp Conversion Tools.
  - 10 minute mail - Can be used for registrations.
  - Regex101 - Regex testing.
  - Regexr - Regex testing.
  - CyberChef - Multiple data manipulation tools, decoders, decryptors.
  - JSON Formatter - JSON Beautifier.
  - JSONCrack - JSON, YML, CSV, XML Editor.
  - Email Headers IANA - IANA Email headers reference.
  - MITRE ATT&CK® - MITRE ATT&CK knowledge base of adversary tactics and techniques.
  - MITRE D3fend - A knowledge base of cybersecurity countermeasures
  - Cyber Kill Chain | Lockheed Martin - Model for identification and prevention of cyber intrusions activity.
  - Blue Team Notes | Purp1eW0lf
  - CVE - Vulnerability database.
  - Command Line Arguments Docs| ss64 - Command line arguments explanations.
  - Port Information | Speedguide.net - Port information and common apps.
  - LOLBAS (Living Off The Land Binaries and Scripts) - Collection of legitimate binaries and scripts abused by attackers.
  - WTFBins - Binaries that behaves exactly like malware, except, somehow, they are not.
  - GTFOBins - Collection binaries that can be used to bypass local security restrictions in misconfigured systems.
  - LOLRMM - Repository of Remote Monitoring and Management (RMM) software that attackers abuse.
  - LOLOLFarm - Database of LOL (Living Off The Land) techniques used.
  - DKIM, DMARC, SPF - Simplified explanation of DKIM, DMARC, SPF.
  - Kerberos Protocol | hackndo - Explanation of Keberos protocol.
  - Service Principal Name (SPN) | hackndo - Explanation of SPN.
  - ADSecurity AD Attacks - Attacks on Active Directory.
  - Password Spraying | hackndo - Explanation of password spraying.
  - Pass-The-Hash | hackndo - Explanation of pass the hash attack.
  - Over Pass-The-Hash - Explanation of over pass the hash attack.
  - AS_REP Roasting | hackndo - Explanation of as_rep roasting attack.
  - Silver Ticket | hackndo - Explanation of silver ticket attack.
  - Skeleton Key | adsecurity - Explanation of Skeleton Key attack.
  - NTLM Relay | hackndo - Explanation of NTLM Relay.
  - FortiGate FortiOS Log Types and Subtypes
  - Microsoft Errors Search
  - Microsoft Defender Event IDs
  - Microsoft Defender for Cloud Alert References
  - Microsoft Defender for Identity Alert References
  - Microsoft Defender XDR Schemas
  - Microsoft DNS Debug Event IDs - logging-and-diagnostics-1)
  - Sysmon Event IDs
  - Cisco ASA Event IDs
  - Palo Alto PAN-OS Log Fields
  - Palo Alto PAN-OS Threat Categories
  - Palo Alto PAN-OS Applications
  - FortiGate FortiOS Log Fields
  - FortiGate FortiGuard Encyclopedia
  - GCP Threat Detection Findings
  - GuardDuty Finding Types
  - Barracuda Firewall Log Files Structure and Log Fields
  - Barracuda Web Application Firewall Log Format - log-formats)
  - Check Point Firewall Log Fields
  - Cisco Umbrella Proxy Log Format - umbrella/docs/dns-log-formats) and [Cisco Umbrella Content Categories](https://docs.umbrella.com/deployment-umbrella/docs/new-content-category-definitions)
  - Cisco WSA Access Log Fields - security-appliance/datasheet_C78-718442.html)
  - Cisco ESA Log Types
  - Juniper Junos OS Log Fields
  - Broadcom Edge Secure Web Gateway (Bluecoat) Access Log Format - descriptions)
  - Broadcom Endpoint Protection Manager Log Format
  - SonicWall SonicOS Log Events Documentation
  - WatchGuard Fireware OS Log Format
  - Sophos Firewall Log Documentation
  - Sophos Central Admin Events
  - Apache Custom Log Format
  - IIS Log File Format
  - NGINX Access Log Format
  - The DFIR Report - Detailed and thorough analysis of real intrusions.
  - Bad Sector Labs - Good catch all aggregator.
  - This Week In 4n6 - Good catch all aggregator focused a lot on dfir.
  - SOC Investigation - SOC related articles.
  - Elastic Security Labs - Good collection of malware analysis blogposts.
  - Dark Reading - Cyber security news.
  - Bleeping Computer - Cyber security news.
  - Imperva Log Fields - waf-system-events-reference-guide/page/63179.htm)
  - Squid Log Fields and Log Types - cache.org/Features/LogFormat)
  - Suricata Log Format
  - ZScaler Web Log Format - feed-output-format-firewall-logs), [ZScaler DNS Log Format](https://help.zscaler.com/zia/nss-feed-output-format-dns-logs) and [ZScaler URL Categories](https://help.zscaler.com/zia/about-url-categories).
  - The Hacker News - Cyber security news.
  - A Tour Inside a SOC Analyst Mind | Ali Alwashali
  - Anton’s Alert Fatigue: The Study
  - Last Week in Security (LWiS)
  - CyberWeekly
  - tl;dr sec
  - Darknet Diaries - True stories from the dark side of the Internet.
  - Blue Team Handbook: SOC, SIEM, and Threat Hunting
  - Blue Team Handbook: Incident Response Edition
  - Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
  - BTFM: Blue Team Field Manual
  - Blue Team Labs Online - A gamified platform for defenders to practice their skills in security investigations and challenges covering; Incident Response, Digital Forensics, Security Operations, Reverse Engineering, and Threat Hunting.
  - The DFIR Labs - Cloud-based DFIR Labs offer a hands-on learning experience, using real data from real intrusions.
  - LetsDefend SOC Analyst Path
  - TCM Security Security Operations (SOC) 101
  - TCM Security Security SOC Level 1 Live Training
  - Security Blue Team L1
  - Security Blue Team L2
  - HackTheBox Academy SOC Analyst
  - TryHackMe SOC Simulator
  - TryHackMe SOC Level 2 Training Path
  - Constructing Defense
  - CyberDefenders CCD
  - SANS SEC401: Security Essentials - Network, Endpoint, and Cloud
  - SANS SEC450: Blue Team Fundamentals: Security Operations and Analysis
  - SANS SEC504: Hacker Tools, Techniques, and Incident Handling
  - OffSec SOC-200: Foundational Security Operations and Defensive Analysis
  - TCM Security Practical SOC Analyst Associate
  - Kaspersky Threat Intelligence Portal - Kaspersky file analysis.
  - Cisco Talos Intelligence | IP, URL, Domain, Hash
  - AbuseIPDB | IP, Subnet, Domain
  - CompTIA CySA+
  - CompTIA Security+
  - EC-Council Certified SOC Analyst
  - EC-Council Certified Incident Handler
  - TheDFIRReport
  - Unit42
  - malwrhunterteam
  - abuse_ch
  - elasticseclabs
  - nextronresearch
  - TheHackersNews
  - BleepinComputer
  - DarkWebInformer
  - vxunderground
  - Cryptolaemus1
  - SOC List
  - SOC Interview Questions | LetsDefend
  - Interview Questions | socinvestigation.com
  - SOC Interview Questions | siemxpert.com
  - VirusTotal - Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches.
  - Hybrid Analysis - Free malware analysis service for the community that detects and analyzes unknown threats.
  - AnyRun - Interactive malware analysis sandbox.
  - Triage | Recorded Future - Malware analysis sandbox.
  - JOE Sandbox Cloud Basic - Malware analysis sandbox.
  - Threat Zone - Holistic malware analysis platform - interactive sandbox, static analyzer, emulation, URL Analyzer.
  - Filescan.io - Insightful Malware Analysis Powered by Emulation.
  - Kaspersky Threat Intelligence Portal | Hash, IP, Domain, URL
  - SpamHaus | IP, Domain, ASN, SBL, Email, Hash
  - MalwareBazaar | Hash
  - URLHaus | Domain, URL, Hash
  - ThreatFox IOC Database | IP, Domain, URL, Hash
  - GreyNoise | IP
  - Pulsedive | IP, URL, Domain
  - threatbook | IP, Domain
  - FortiGuard Labs | IP, Domain, URL
  - Spamhaus IP Reputation | IP
  - Spamhaus Domain Reputation | Domain
  - Palo Alto URL | URL
  - Tor Metrics - ExoneraTor | IP (Tor network)
  - Tor Metrics - Relay Search | IP (Tor relay)
  - MXToolbox Emails| DMARC, SPF, DKIM, Header Analyzer
  - IPVoid
  - MXToolbox
  - HackerTarget
  - ViewDNS
  - IPduh
  - SPUR
  - Censys
  - Shodan
  - ZoomEye
  - Onyphe
  - FOFA
  - MXToolbox Network Tools
  - ASN LookUp
  - HackerTarget ASN Lookup
  - MXToolbox TCP Port Scan
  - MXToolbox Ping
  - MXToolbox Traceroute
  - HackerTarget Nmap Scanner
  - HackerTarget TCP Port Scan
  - HackerTarget UDP Port Scan
  - HackerTarget Ping
  - HackerTarget Traceroute
  - DNSChecker Port Scanner
  - HackerTarget Drupal Scan
  - urlscan.io - Page source code, requests analysis.
  - Cloudflare Radar URL Scan - Gives you information about cookies, technology used, SSL certificates, headers and dns records and other.
  - URLVoid - Reputation check.
  - URLQuery - Very nice analysis of the the scanned URL along with reputation check.
  - CyberGordon - Multiple engines scan.
  - Tiny Scan - Gives you information about cookies, technology used, SSL certificates, headers and dns records and other.
  - CheckPhish - Check if URL is phishing.
  - PhishTank - Check if URL is phishing.
  - HTTPStatus.io - Check URLs.
  - Redirect Checker - Shows redirects.
  - MXToolbox DNS Tools - MXToolbox DNS tools.
  - DNSChecker DNS Tools - DNSChecker DNS Tools.
  - IPVoid Dig Lookup - Dig DNS Lookup.
  - DNS Dumpster - DNS records.
  - DNS History - Historical DNS records.
  - DNS Checker MAC Lookup - Information about manufacturers.
  - MXToolbox ASN Lookup
  - CRXaminer - Chrome extension analyzer.
  - WhatMyUserAgent
  - Text Mechanic - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Text Fixer - Text manipulation (Remove duplicates, prefix, suffix, word count etc.).
  - Free Formatter - Formatter for XML, JSON, HTML.
  - HTML Formatter - Formatter for HTML.
  - Diff Checker - Diff comparison.
  - ChatGPT - Can be used to transform data.
  - Microsoft Entra authentication and authorization error codes
  - IBM X-Force Exchange | IP, URL, Hash
  - VirusTotal - Scans provided URLs.
  - DOGGuard | URL, Hash
  - MXToolbox Subnet Calculator - Enter a subnet range (CIDR) and see IP address information about that range.

Programming Languages

Categories

Uncategorized 234

Sub Categories

Uncategorized 234

Keywords

powershell 1 infosec 1 dfir 1 cybersecurity 1 blueteam 1 parsing 1 hashing 1 encryption 1 encoding 1 data-manipulation 1 data-analysis 1 compression 1 unpacker 1 online-tools 1 offline-app 1 javascript-deobfuscator 1 javascript 1 deobfuscator 1 deobfuscation 1 deobfuscate 1 decode 1