Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Lalospidey/awesome-csirt
A list of awesome CSIRT tools and presentations
https://github.com/Lalospidey/awesome-csirt
List: awesome-csirt
Last synced: 16 days ago
JSON representation
A list of awesome CSIRT tools and presentations
- Host: GitHub
- URL: https://github.com/Lalospidey/awesome-csirt
- Owner: Lalospidey
- Created: 2017-08-28T01:58:12.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2016-09-26T13:51:23.000Z (about 8 years ago)
- Last Synced: 2024-12-01T18:02:15.400Z (20 days ago)
- Size: 11.7 KB
- Stars: 8
- Watchers: 2
- Forks: 10
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- Contributing: contributing.md
- Code of conduct: code-of-conduct.md
Awesome Lists containing this project
- ultimate-awesome - awesome-csirt - A list of awesome CSIRT tools and presentations. (Other Lists / Monkey C Lists)
README
# Awesome CSIRT [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
A list of awesome CSIRT tools, papers and presentations.
*Please read the [contribution guidelines](contributing.md) before contributing.*
## Contents
- [Books](#books)
- [Videos](#videos)
- [Presentations](#presentations)
- [Papers](#papers)## Communities
## Tools
- [Actortrackr](http://actortrackr.com/)
- [Fast Incident Response](https://github.com/certsocietegenerale/FIR)
- [Maltrail](https://github.com/stamparm/maltrail)
- [Just-Metadata](https://github.com/ChrisTruncer/Just-Metadata)
- [MimikatzHoneyToken](https://github.com/SMAPPER/MimikatzHoneyToken)
- [threat_note](https://github.com/defpoint/threat_note)
- [Kansa - A Powershell incident response framework](https://github.com/davehull/Kansa)
- [PoshSec PowerShell Module](https://github.com/PoshSec/PoshSec)
- [PowerShell - Live disk forensics platform](https://github.com/Invoke-IR/PowerForensics)
- [Fork AChoir - MSVC and WinHTTP](https://github.com/OMENScan/AChoir2)
- [Malcom - Malware Communications Analyzer](https://github.com/tomchop/malcom)
- [FastIR Collector](https://github.com/SekoiaLab/Fastir_Collector)
- [whois-quagga](https://github.com/certtools/whois-quagga)
- [Threatcrowd](https://threatcrowd.org/)
- [BTA](https://bitbucket.org/iwseclabs/bta)
- [Malware Config](https://malwareconfig.com/)
- [Spiderfoot](http://www.spiderfoot.net/info/)
- [IVRE — Network recon framework](https://ivre.rocks/)
- [IPew Attack Map](https://github.com/hrbrmstr/pewpew)
- [OWASP AppSensor Project](https://www.owasp.org/index.php/OWASP_AppSensor_Project)
- [Laika BOSS: Object Scanning System](https://github.com/lmco/laikaboss)
- [YAF](http://tools.netsa.cert.org/yaf/yafdpi.html)
- [AIL-Framework](https://github.com/CIRCL/AIL-framework)
- [CVE-Search](https://github.com/cve-search/cve-search)
- [VorpalSpyglass - A tool for automatic detection of Domain Generation Algorithm (DGA)](https://github.com/BenH11235/VorpalSpyglass)
- [FastNetMon](https://github.com/pavel-odintsov/fastnetmon)
- [DPDK-based packet capture tool)](https://github.com/dpdkcap/dpdkcap)
- [Abuse.IO](https://abuse.io/)## Resources
- [Splunk query search](http://gosplunk.com/)
- [Public Suffix List](https://publicsuffix.org/)
- [DomainBigData](http://domainbigdata.com/)
- [IOC Bucket](https://www.iocbucket.com/)
- [Cybersecurity 500](http://cybersecurityventures.com/)
- [IP Spoofing](https://spoofer.caida.org/summary.php)
- [CVRF](http://www.icasi.org/cvrf/)
- [CISCO PSIRT](https://developer.cisco.com/site/PSIRT/)
- [Malware Traffic Analysis](http://www.malware-traffic-analysis.net/)
- [APT Groups and Operations](https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/htmlview?pli=1)## Articles
- [Introduction to DFIR](https://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/)
- [Windows Events log for IR/Forensics Part 1](https://isc.sans.edu/diary/Windows+Events+log+for+IRForensics+%2CPart+1/21493)
- [Windows Events log for IR/Forensics Part 2](https://isc.sans.edu/forums/diary/Windows+Events+log+for+IRForensics+Part+2/21501/)
- [Mozilla Server Side TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)
- [Parsing 10TB of Metadata, 26M Domain Names and 1.4M SSL Certs for $10 on AWS](http://blog.waleson.com/2016/01/parsing-10tb-of-metadata-26m-domains.html)
- [Awesome Malware Analysis List](http://fe9.org/showthread.php?108666-Awesome-Malware-Analysis-Lists-(From-Linkedin))
- [How To Build And Run A SOC for Incident Response - A Collection Of Resources](https://www.peerlyst.com/posts/how-to-build-and-run-a-soc-for-incident-response-and-enterprise-defensibility-a-collection-of-resources)
- [A Simple Hunting Maturity Model](https://detect-respond.blogspot.de/2015/10/a-simple-hunting-maturity-model.html)
- [The Problems with Seeking and Avoiding True Attribution to Cyber Attacks](http://www.robertmlee.org/the-problems-with-seeking-and-avoiding-true-attribution-to-cyber-attacks/)
- [Tools to Detect Routing Anomalies](https://labs.ripe.net/Members/guillaume_valadon/tools-to-parse-bgp-archives)
- [Lean Threat Intelligence, Part 1: The plan](https://www.fastly.com/blog/lean-threat-intelligence-part-1-plan)
- [Lean Threat Intelligence Part 2: The foundation](https://www.fastly.com/blog/lean-threat-intelligence-part-2-foundation)
- [Lean Threat Intelligence Part 3: Battling log absurdity with Kafka](https://www.fastly.com/blog/lean-threat-intelligence-part-3-battling-log-absurdity-kafka)
- [Research Spotlight: Detecting Algorithmically Generated Domains](https://blogs.cisco.com/security/talos/detecting-dga)
- [The New and Improved R Shodan Package](http://datadrivensecurity.info/blog/posts/2015/Aug/the-new-and-improved-r-shodan-package/?utm_content=buffer13774&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer)
- [Gamification in the SOC & IRT](http://seanmason.com/2015/05/11/gamification-in-the-soc-irt/)
- [Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory](https://adsecurity.org/?p=1515)
- [Intelligence Concepts - F3EAD](https://sroberts.github.io/2015/03/24/f3ead/)
- [Incident Response Hunting Tools](https://sroberts.github.io/2015/04/21/hunting-tools/)
- [How Cybersecurity Insurance Will Take Over InfoSec](https://danielmiessler.com/blog/cybersecurity-insurance-infosec/)
- [Amazon Inspector – Automated Security Assessment Service](https://aws.amazon.com/blogs/aws/amazon-inspector-automated-security-assessment-service/)
- [awesome list of honeypot resources](https://github.com/paralax/awesome-honeypots)
- [A practical guide to securing OS X](https://github.com/drduh/OS-X-Security-and-Privacy-Guide)
- [GraphGist: Cyber security and attack analysis](http://neo4j.com/graphgist/40caddf1d7537bce962e/)
- [ATT&CK](https://attack.mitre.org/index.php/Main_Page)
- [My First 5 Minutes On A Server; Or, Essential Security for Linux Servers](https://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers)
- [Advanced Defense Posture Assessment](https://nigesecurityguy.wordpress.com/2014/10/09/advanced-defense-posture-assessment/)
- [APTNotes](https://github.com/kbandla/APTnotes)
- [Goin' huntin'](https://windowsir.blogspot.de/2015/11/goin-huntin.html)
- [APT Detection Framework](https://nigesecurityguy.wordpress.com/2013/11/12/apt-detection-framework/)
- [Protecting Windows Networking - Dealing with Credential Theft](https://dfir-blog.com/2015/11/24/protecting-windows-networks-dealing-with-credential-theft/)
- [Ransomware Playbook – Guide for Handling Ransomware Infections](https://www.demisto.com/playbook-for-handling-ransomware-infections/)
- [Phishing Incident Response Playbook](https://www.demisto.com/phishing-incident-response-playbook/)
- [Monitoring pastebin.com within your SIEM](https://blog.rootshell.be/2012/01/17/monitoring-pastebin-com-within-your-siem/)
- [Mitigating DDoS Attacks with NGINX and NGINX Plus](https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/)### Books
### Videos
### Presentations
- [Large Scale Malware Analysis](https://github.com/REhints/Publications/blob/master/Conferences/BH'2015/BH_2015.pdf)
- [Hunting Through RDP Data](https://www.bro.org/brocon2015/slides/liburdi_hunting_rdp.pdf)
- [Incident Response - Taking CSIRT Modeling to the next level](http://frodehommedal.no/presentations/first-tc-oslo-2015/#/slide-start)### Papers
- [AmpPot: Monitoring and Defending Against Amplification DDoS Attacks](http://www.christian-rossow.de/publications/amppot-raid2015.pdf)
## License
[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](https://creativecommons.org/publicdomain/zero/1.0/)
To the extent possible under law, [Sindre Sorhus](http://sindresorhus.com) has waived all copyright and related or neighboring rights to this work.