Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Lalospidey/awesome-csirt

A list of awesome CSIRT tools and presentations
https://github.com/Lalospidey/awesome-csirt

List: awesome-csirt

Last synced: about 1 month ago
JSON representation

A list of awesome CSIRT tools and presentations

Host: GitHub
URL: https://github.com/Lalospidey/awesome-csirt
Owner: Lalospidey
Created: 2017-08-28T01:58:12.000Z (about 7 years ago)
Default Branch: master
Last Pushed: 2016-09-26T13:51:23.000Z (almost 8 years ago)
Last Synced: 2024-08-12T21:24:52.532Z (about 1 month ago)
Size: 11.7 KB
Stars: 8
Watchers: 2
Forks: 10
Open Issues: 0
Metadata Files:
- Readme: readme.md
- Contributing: contributing.md
- Code of conduct: code-of-conduct.md

Awesome Lists containing this project

ultimate-awesome - awesome-csirt - A list of awesome CSIRT tools and presentations. (Other Lists / PowerShell Lists)

README

        # Awesome CSIRT [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

A list of awesome CSIRT tools, papers and presentations.

*Please read the [contribution guidelines](contributing.md) before contributing.*

## Contents

- [Books](#books)

- [Videos](#videos)

- [Presentations](#presentations)

- [Papers](#papers)

## Communities

## Tools

- [Actortrackr](http://actortrackr.com/)

- [Fast Incident Response](https://github.com/certsocietegenerale/FIR)

- [Maltrail](https://github.com/stamparm/maltrail)

- [Just-Metadata](https://github.com/ChrisTruncer/Just-Metadata)

- [MimikatzHoneyToken](https://github.com/SMAPPER/MimikatzHoneyToken)

- [threat_note](https://github.com/defpoint/threat_note)

- [Kansa - A Powershell incident response framework](https://github.com/davehull/Kansa)

- [PoshSec PowerShell Module](https://github.com/PoshSec/PoshSec)

- [PowerShell - Live disk forensics platform](https://github.com/Invoke-IR/PowerForensics)

- [Fork AChoir - MSVC and WinHTTP](https://github.com/OMENScan/AChoir2)

- [Malcom - Malware Communications Analyzer](https://github.com/tomchop/malcom)

- [FastIR Collector](https://github.com/SekoiaLab/Fastir_Collector)

- [whois-quagga](https://github.com/certtools/whois-quagga)

- [Threatcrowd](https://threatcrowd.org/)

- [BTA](https://bitbucket.org/iwseclabs/bta)

- [Malware Config](https://malwareconfig.com/)

- [Spiderfoot](http://www.spiderfoot.net/info/)

- [IVRE — Network recon framework](https://ivre.rocks/)

- [IPew Attack Map](https://github.com/hrbrmstr/pewpew)

- [OWASP AppSensor Project](https://www.owasp.org/index.php/OWASP_AppSensor_Project)

- [Laika BOSS: Object Scanning System](https://github.com/lmco/laikaboss)

- [YAF](http://tools.netsa.cert.org/yaf/yafdpi.html)

- [AIL-Framework](https://github.com/CIRCL/AIL-framework)

- [CVE-Search](https://github.com/cve-search/cve-search)

- [VorpalSpyglass - A tool for automatic detection of Domain Generation Algorithm (DGA)](https://github.com/BenH11235/VorpalSpyglass)

- [FastNetMon](https://github.com/pavel-odintsov/fastnetmon)

- [DPDK-based packet capture tool)](https://github.com/dpdkcap/dpdkcap)

- [Abuse.IO](https://abuse.io/)

## Resources

- [Splunk query search](http://gosplunk.com/)

- [Public Suffix List](https://publicsuffix.org/)

- [DomainBigData](http://domainbigdata.com/)

- [IOC Bucket](https://www.iocbucket.com/)

- [Cybersecurity 500](http://cybersecurityventures.com/)

- [IP Spoofing](https://spoofer.caida.org/summary.php)

- [CVRF](http://www.icasi.org/cvrf/)

- [CISCO PSIRT](https://developer.cisco.com/site/PSIRT/)

- [Malware Traffic Analysis](http://www.malware-traffic-analysis.net/)

- [APT Groups and Operations](https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/htmlview?pli=1)

## Articles

- [Introduction to DFIR](https://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/)

- [Windows Events log for IR/Forensics Part 1](https://isc.sans.edu/diary/Windows+Events+log+for+IRForensics+%2CPart+1/21493)

- [Windows Events log for IR/Forensics Part 2](https://isc.sans.edu/forums/diary/Windows+Events+log+for+IRForensics+Part+2/21501/)

- [Mozilla Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)

- [Parsing 10TB of Metadata, 26M Domain Names and 1.4M SSL Certs for $10 on AWS](http://blog.waleson.com/2016/01/parsing-10tb-of-metadata-26m-domains.html)

- [Awesome Malware Analysis List](http://fe9.org/showthread.php?108666-Awesome-Malware-Analysis-Lists-(From-Linkedin))

- [How To Build And Run A SOC for Incident Response - A Collection Of Resources](https://www.peerlyst.com/posts/how-to-build-and-run-a-soc-for-incident-response-and-enterprise-defensibility-a-collection-of-resources)

- [A Simple Hunting Maturity Model](https://detect-respond.blogspot.de/2015/10/a-simple-hunting-maturity-model.html)

- [The Problems with Seeking and Avoiding True Attribution to Cyber Attacks](http://www.robertmlee.org/the-problems-with-seeking-and-avoiding-true-attribution-to-cyber-attacks/)

- [Tools to Detect Routing Anomalies](https://labs.ripe.net/Members/guillaume_valadon/tools-to-parse-bgp-archives)

- [Lean Threat Intelligence, Part 1: The plan](https://www.fastly.com/blog/lean-threat-intelligence-part-1-plan)

- [Lean Threat Intelligence Part 2: The foundation](https://www.fastly.com/blog/lean-threat-intelligence-part-2-foundation)

- [Lean Threat Intelligence Part 3: Battling log absurdity with Kafka](https://www.fastly.com/blog/lean-threat-intelligence-part-3-battling-log-absurdity-kafka)

- [Research Spotlight: Detecting Algorithmically Generated Domains](https://blogs.cisco.com/security/talos/detecting-dga)

- [The New and Improved R Shodan Package](http://datadrivensecurity.info/blog/posts/2015/Aug/the-new-and-improved-r-shodan-package/?utm_content=buffer13774&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer)

- [Gamification in the SOC & IRT](http://seanmason.com/2015/05/11/gamification-in-the-soc-irt/)

- [Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory](https://adsecurity.org/?p=1515)

- [Intelligence Concepts - F3EAD](https://sroberts.github.io/2015/03/24/f3ead/)

- [Incident Response Hunting Tools](https://sroberts.github.io/2015/04/21/hunting-tools/)

- [How Cybersecurity Insurance Will Take Over InfoSec](https://danielmiessler.com/blog/cybersecurity-insurance-infosec/)

- [Amazon Inspector – Automated Security Assessment Service](https://aws.amazon.com/blogs/aws/amazon-inspector-automated-security-assessment-service/)

- [awesome list of honeypot resources](https://github.com/paralax/awesome-honeypots)

- [A practical guide to securing OS X](https://github.com/drduh/OS-X-Security-and-Privacy-Guide)

- [GraphGist: Cyber security and attack analysis](http://neo4j.com/graphgist/40caddf1d7537bce962e/)

- [ATT&CK](https://attack.mitre.org/index.php/Main_Page)

- [My First 5 Minutes On A Server; Or, Essential Security for Linux Servers](https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers)

- [Advanced Defense Posture Assessment](https://nigesecurityguy.wordpress.com/2014/10/09/advanced-defense-posture-assessment/)

- [APTNotes](https://github.com/kbandla/APTnotes)

- [Goin' huntin'](https://windowsir.blogspot.de/2015/11/goin-huntin.html)

- [APT Detection Framework](https://nigesecurityguy.wordpress.com/2013/11/12/apt-detection-framework/)

- [Protecting Windows Networking - Dealing with Credential Theft](https://dfir-blog.com/2015/11/24/protecting-windows-networks-dealing-with-credential-theft/)

- [Ransomware Playbook – Guide for Handling Ransomware Infections](https://www.demisto.com/playbook-for-handling-ransomware-infections/)

- [Phishing Incident Response Playbook](https://www.demisto.com/phishing-incident-response-playbook/)

- [Monitoring pastebin.com within your SIEM](https://blog.rootshell.be/2012/01/17/monitoring-pastebin-com-within-your-siem/)

- [Mitigating DDoS Attacks with NGINX and NGINX Plus](https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/)

### Books

### Videos

### Presentations

- [Large Scale Malware Analysis](https://github.com/REhints/Publications/blob/master/Conferences/BH'2015/BH_2015.pdf)

- [Hunting Through RDP Data](https://www.bro.org/brocon2015/slides/liburdi_hunting_rdp.pdf)

- [Incident Response - Taking CSIRT Modeling to the next level](http://frodehommedal.no/presentations/first-tc-oslo-2015/#/slide-start)

### Papers

- [AmpPot: Monitoring and Defending Against Amplification DDoS Attacks](http://www.christian-rossow.de/publications/amppot-raid2015.pdf)

## License

[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)

To the extent possible under law, [Sindre Sorhus](http://sindresorhus.com) has waived all copyright and related or neighboring rights to this work.