https://github.com/mthcht/awesome-lists

Security lists for SOC detections
https://github.com/mthcht/awesome-lists

List: awesome-lists

awesome awesome-list awesome-lists blueteam cti hacktools ioc keywords list misp offensive-security open-source purpleteam redteam security soc

Last synced: 3 months ago
JSON representation

Security lists for SOC detections

• Host: GitHub
• URL: https://github.com/mthcht/awesome-lists
• Owner: mthcht
• Created: 2022-12-11T10:45:11.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-05-23T07:56:19.000Z (5 months ago)
• Last Synced: 2024-05-23T08:01:31.035Z (5 months ago)
• Topics: awesome, awesome-list, awesome-lists, blueteam, cti, hacktools, ioc, keywords, list, misp, offensive-security, open-source, purpleteam, redteam, security, soc
• Language: PowerShell
• Homepage:
• Size: 15.5 MB
• Stars: 216
• Watchers: 8
• Forks: 27
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

• ultimate-awesome - awesome-lists - Awesome Security lists for SOC/CERT/CTI. (Other Lists / PowerShell Lists)

README

        
# Security lists for SOC/DFIR detections [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

![dt](https://github.com/mthcht/awesome-lists/assets/75267080/059432aa-cfe9-46d1-a611-fbb225bce66e)

## Threat Hunting:

- [ThreatHunting keywords Site](https://mthcht.github.io/ThreatHunting-Keywords/)

- [ThreatHunting keywords Lists](https://github.com/mthcht/ThreatHunting-Keywords)

- [ThreatHunting Yara rules](https://github.com/mthcht/ThreatHunting-Keywords-yara-rules)

[ThreatHunting searches](https://github.com/mthcht/Purpleteam/tree/main/Detection/Threat%20Hunting/generic)

  

  - [Windows Services Searches](https://detect.fyi/threat-hunting-suspicious-windows-service-names-2f0dceea204c)

  - [User-Agents Searches](https://mthcht.medium.com/threat-hunting-suspicious-user-agents-3dd764470bd0)

  - [DNS Over HTTPS Searches](https://mthcht.medium.com/detecting-dns-over-https-30fddb55ac78)

  - [Suspicious TLDs Searches](https://mthcht.medium.com/threat-hunting-suspicious-tlds-a742c2adbf58)

  - [HijackLibs Searches](https://mthcht.medium.com/detect-dll-hijacking-techniques-from-hijacklibs-with-splunk-c760d2e0656f)

  - [Phishing & DNSTWIST Searches](https://detect.fyi/detecting-phishing-attempts-with-dnstwist-37c426b3bbb8)

  - [Browsers extensions Searches](https://mthcht.medium.com/detecting-browser-extensions-installations-e0ac2b45c46b)

  - [C2 hiding in plain sigh](https://mthcht.medium.com/c2-hiding-in-plain-sight-7a83963b9344)

  - [HTML Smuggling artifacts](https://mthcht.medium.com/detecting-html-smuggling-phishing-attempts-15af824e60e4)

  - [PSEXEC & similar tools Searches](https://mthcht.medium.com/detecting-psexec-and-similar-tools-c812bf3dca6c)

  - [Time Slipping detection](https://mthcht.medium.com/event-log-manipulations-1-time-slipping-55bf95631c40)

## My Detection Lists 

- 📋 Lists: https://github.com/mthcht/awesome-lists/tree/main/Lists

- 🕵️‍♂️ ThreatHunting Guides: https://mthcht.medium.com/list/threat-hunting-708624e9266f

- 🚰 Suspicious Named pipes: [suspicious_named_pipe_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_named_pipe_list.csv)

- 🌐 Suspicious TLDs (updated automatically): [[suspicious_TLDs]](https://github.com/mthcht/awesome-lists/tree/main/Lists/TLDs)

- 🌐 Suspicious ASNs (updated automatically): [[suspicious ASNs]](https://github.com/mthcht/awesome-lists/tree/main/Lists/ASNs)

- 🔧 Suspicious Windows Services: [suspicious_windows_services_names_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_services_names_list.csv)

- ⏲️ Suspicious Windows Tasks: [suspicious_windows_tasks_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_tasks_list.csv)

- 🚪 Suspicious destination port: [suspicious_ports_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_ports_list.csv)

- 🛡️ Suspicious Firewall rules: [suspicious_windows_firewall_rules_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_firewall_rules_list.csv)

- 🆔 Suspicious User-agent: [suspicious_http_user_agents_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_http_user_agents_list.csv)

- 📇 Suspicious USB Ids: [suspicious_usb_ids_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv)

- 🔢 Suspicious MAC address: [suspicious_mac_address_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_mac_address_list.csv)

- 📛 Suspicious Hostname: [suspicious_hostnames_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_hostnames_list.csv)

- 🧮 Metadata Executables: [executables_metadata_informations_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Windows%20Metadata/executables_metadata_informations_list.csv)

- 🕸️ DNS over HTTPS server list: [dns_over_https_servers_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/dns_over_https_servers_list.csv)

- 📚 Hijacklibs (updated automatically): [hijacklibs_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Hijacklibs/hijacklibs_list.csv)

- 🌐 TOR Nodes Lists (updated automatically): [[TOR]](https://github.com/mthcht/awesome-lists/tree/main/Lists/TOR)

- 🛠️ LOLDriver List (updated automatically): [loldrivers_only_hashes_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Drivers/loldrivers_only_hashes_list.csv)

- 🛠️ Malicious Bootloader List (updated automatically): [malicious_bootloaders_only_hashes_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Drivers/malicious_bootloaders_only_hashes_list.csv)

- 📜 Malicious SSL Certificates List (updated automatically): [ssl_certificates_malicious_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/SSL%20CERTS/ssl_certificates_malicious_list.csv)

- 🖥️ RMM detection: [[RMM]](https://github.com/mthcht/awesome-lists/tree/main/Lists/RMM)

- 👤🔑 Important Roles and groups for AD/EntraID/AWS: [[permissions]](https://github.com/mthcht/awesome-lists/tree/main/Lists/permissions)

- 💻🔒 Ransomware known file extensions: [ransomware_extensions_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/ransomware_extensions_list.csv)

- 💻🔒 Ransomware known file name ransom notes: [ransomware_notes_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/ransomware_notes_list.csv)

- 📝 Windows ASR rules: [windows_asr_rules.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/windows_asr_rules.csv)

- 🌐 DNSTWIST Lists (updated automatically): [DNSTWIST Default Domains + script](https://github.com/mthcht/awesome-lists/tree/main/Lists/DNSTWIST)

- 🌍 VPN IP address Lists (updated automatically): 

  - 🛡️ NordVPN: [nordvpn_ips_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/NordVPN/nordvpn_ips_list.csv)

  - 🛡️ ProtonVPN: [protonvpn_ip_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/ProtonVPN/protonvpn_ip_list.csv)

- 🏢 Companies IP Range Lists (updated automatically): [Default Lists + script](https://github.com/mthcht/awesome-lists/tree/main/Lists/Ranges_IP_Address_Company_List/bgp.he.net) / [Microsoft](https://github.com/mthcht/awesome-lists/tree/main/Lists/Ranges_IP_Address_Company_List/Microsoft)

- 📍  GeoIP services Lists: [ip_location_sites_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/GeoIP/ip_location_sites_list.csv)

- 🧬 Yara rules: [Threat Hunting yara rules](https://github.com/mthcht/ThreatHunting-Keywords-yara-rules)

- 🧬 Offensive Tools detection patterns: [offensive_tool_keywords.csv](https://raw.githubusercontent.com/mthcht/ThreatHunting-Keywords/main/offensive_tool_keyword.csv)

- 🧬 Greyware Tools detection patterns: [greyware_tool_keyword.csv](https://raw.githubusercontent.com/mthcht/ThreatHunting-Keywords/main/greyware_tool_keyword.csv)

- 🧬 AV signatures keywords: [signature_keyword.csv](https://github.com/mthcht/ThreatHunting-Keywords/blob/main/signature_keyword.csv)

- 🧬 Microsoft Defender AV signatures lists: [[Defender]](https://github.com/mthcht/awesome-lists/tree/main/Lists/AV%20signatures/Defender)  

- 🔗 Others correlation Lists: [[Others]](https://github.com/mthcht/awesome-lists/tree/main/Lists/Others)

- 📋 Lists i need to finish: [[todo]](https://github.com/mthcht/awesome-lists/tree/main/todo)

I regularly update most of these lists after each tool i analyze in my [detection keywords](https://github.com/mthcht/ThreatHunting-Keywords) project

## Other Lists

### IOC Feeds/Blacklists:

 

- [ABUSE.CH BLACKLISTS](https://sslbl.abuse.ch/blacklist/)

- [Block Lists](https://github.com/blocklistproject/Lists)

- [DNS Block List](https://github.com/hagezi/dns-blocklists)

- [Phishing Block List](https://github.com/jarelllama/Scam-Blocklist)

- [C2IntelFeeds](https://github.com/drb-ra/C2IntelFeeds)

- [Volexity TI](https://github.com/volexity/threat-intel)

- [Open Source TI](https://github.com/Bert-JanP/Open-Source-Threat-Intel-Feeds)

- [C2 Tracker](https://github.com/montysecurity/C2-Tracker)

- [Unit42 IOC](https://github.com/mthcht/iocs)

- [Sekoia IOC](https://github.com/SEKOIA-IO/Community/tree/main/IOCs)

- [Unit42 Timely IOC](https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel)

- [Unit42 Articles IOC](https://github.com/PaloAltoNetworks/Unit42-Threat-Intelligence-Article-Information)

- [ThreatFOX IOC](https://threatfox.abuse.ch/export/)

- [Zscaler ThreatLabz IOC](https://github.com/threatlabz/iocs)

- [Zscaler ThreatLabz Ransomware notes](https://github.com/ThreatLabz/ransomware_notes)

- [experiant.ca](https://fsrm.experiant.ca/api/v1/get])

- [Sophos lab IOC](https://github.com/sophoslabs/IoCs)

- [ESET Research IOC](https://github.com/eset/malware-ioc)

- [ExecuteMalware IOC](https://github.com/executemalware/Malware-IOCs)

- [Cisco Talos IOC](https://github.com/Cisco-Talos/IOCs)

- [Elastic Lab IOC](https://github.com/elastic/labs-releases/tree/main/indicators)

- [Blackorbid APT Report IOC](https://github.com/blackorbird/APT_REPORT)

- [AVAST IOC](https://github.com/avast/ioc)

- [DoctorWeb IOC](https://github.com/DoctorWebLtd/malware-iocs)

- [BlackLotusLab IOC](https://github.com/blacklotuslabs/IOCs)

- [prodaft IOC](https://github.com/prodaft/malware-ioc)

- [Pr0xylife DarkGate IOC](https://github.com/pr0xylife/DarkGate)

- [Pr0xylife Latrodectus IOC](https://github.com/pr0xylife/Latrodectus)

- [Pr0xylife WikiLoader IOC](https://github.com/pr0xylife/WikiLoader)

- [Pr0xylife SSLoad IOC](https://github.com/pr0xylife/SSLoad)

- [Pr0xylife Pikabot IOC](https://github.com/pr0xylife/Pikabot)

- [Pr0xylife Matanbuchus IOC](https://github.com/pr0xylife/Matanbuchus)

- [Pr0xylife QakBot IOC](https://github.com/pr0xylife/Qakbot)

- [Pr0xylife IceID IOC](https://github.com/pr0xylife/IcedID)

- [Pr0xylife Emotet IOC](https://github.com/pr0xylife/Emotet)

- [Pr0xylife BumbleBee IOC](https://github.com/pr0xylife/Bumblebee)

- [Pr0xylife Gozi IOC](https://github.com/pr0xylife/Gozi)

- [Pr0xylife NanoCore IOC](https://github.com/pr0xylife/Nanocore)

- [Pr0xylife NetWire IOC](https://github.com/pr0xylife/Netwire)

- [Pr0xylife AsyncRAT IOC](https://github.com/pr0xylife/AsyncRAT)

- [Pr0xylife Lokibot IOC](https://github.com/pr0xylife/Lokibot)

- [Pr0xylife RemcosRAT IOC](https://github.com/pr0xylife/RemcosRAT)

- [Pr0xylife nworm IOC](https://github.com/pr0xylife/nworm)

- [Pr0xylife AZORult IOC](https://github.com/pr0xylife/AZORult)

- [Pr0xylife NetSupportRAT IOC](https://github.com/pr0xylife/NetSupportRAT)

- [Pr0xylife BitRAT IOC](https://github.com/pr0xylife/BitRAT)

- [Pr0xylife BazarLoader IOC](https://github.com/pr0xylife/BazarLoader)

- [Pr0xylife SnakeKeylogger IOC](https://github.com/pr0xylife/SnakeKeylogger)

- [Pr0xylife njRat IOC](https://github.com/pr0xylife/njRat)

- [Pr0xylife Vidar IOC](https://github.com/pr0xylife/Vidar)

- [SpamHaus drop.txt](https://www.spamhaus.org/drop/drop.txt)

- [vx-underground - Great Resource for Samples and Intelligence Reports](https://vx-underground.org/Samples)

 

### Github

More github lists: https://github.com/mthcht?tab=stars&user_lists_direction=asc&user_lists_sort=name

### SIEM/SOC related:

  

- [EDR Telemetry](https://github.com/tsale/EDR-Telemetry)

- [PurpleTeam Scripts](https://github.com/mthcht/Purpleteam)

- [Awesome-SOC](https://github.com/cyb3rxp/awesome-soc)

- [Threat-Hunting with Splunk](https://github.com/mthcht/ThreatHunting-Keywords)

  

 

###  Investigation

#### TI

  

  - [Virustotal](https://www.virustotal.com/#/home/search)

  - [SpamHaus](https://check.spamhaus.org/)

  - [AbuseIPDB](https://www.abuseipdb.com/)

  - [Malwarebazaar](https://bazaar.abuse.ch/)

  - [emailrep](https://emailrep.io/)

  - [cloudfare scan](https://radar.cloudflare.com/scan)

  - [shodan](https://www.shodan.io/)

  - [Onyphe](https://www.onyphe.io/)

  - [Censys](https://search.censys.io/)

  - [cybergordon (reputation check)](https://cybergordon.com/)

  - [threatminer](https://www.threatminer.org/)

  - [urlscan](https://urlscan.io/)

  - [Apptotal (apps and extensions analysis)](https://apptotal.io/)

  - [urlquery](http://urlquery.net/)

  - [cloudfare scanner](https://radar.cloudflare.com/)

  - [urlvoid](https://www.urlvoid.com)

  - [urldna.io](https://urldna.io/)

  - [checkphish](https://checkphish.bolster.ai/)

  - [ipvoid](https://www.ipvoid.com/)

  - [mxtoolbox](https://mxtoolbox.com/NetworkTools.aspx)

  - [Microsoft TI](https://ti.defender.microsoft.com/)

  - [pulsedive](https://pulsedive.com/)

  - [threatbook](https://threatbook.io/)

  - [McAfee Threat Intelligence Exchange](https://www.mcafee.com/enterprise/en-us/products/threat-intelligence-exchange.html)

  - [Kaspersky Security Network](https://www.kaspersky.com/security-network)

  - [Microsoft Security Intelligence Report](https://www.microsoft.com/en-us/wdsi/intelligence-report)

  - [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/) 

  - [AlienVault OTX](https://otx.alienvault.com/)

  - [greynoise](https://viz.greynoise.io/)

  - [whoxy](https://www.whoxy.com/reverse-whois/)

#### More TI

  

  - [echotrail](https://www.echotrail.io/)

  - [Malware-Traffic-Analysis (PCAP files)](https://malware-traffic-analysis.net/)

  - [redhuntlabs](https://redhuntlabs.com/online-ide-search)

  - [whois domaintools](https://whois.domaintools.com/)

  - [ASN check bgp.he](/bgp.he.net/)

  - [viewdns](http://viewdns.info/)

  - [OUI mac address lookup](https://www.wireshark.org/tools/oui-lookup.html)

  - [xcyclopedia](https://strontic.github.io/xcyclopedia/)

  - [abuse.ch](https://abuse.ch/#platforms)

  - [malware-traffic-analysis](https://www.malware-traffic-analysis.net/index.html)

  - [waybackmachine](http://web.archive.org/)

  - [dnshistory](https://dnshistory.org/)

  - [asnlookup](https://asnlookup.com/)

  - [fofa.info](https://fofa.info/)

  - [SecurityTrail](https://securitytrails.com/)

  - [ZommEye](https://www.zoomeye.hk/)

#### Sandbox

  

- [Sandbox Anyrun](https://any.run/)

- [triage](https://tria.ge/s)

- [capesandbox](https://www.capesandbox.com/)

- [joesandbox](https://www.joesandbox.com/analysispaged/0)

- [filescan.io](https://www.filescan.io/)

- [Sandbox HA](https://www.hybrid-analysis.com/)

- [virustotal](https://www.virustotal.com)

- [threat zone](https://app.threat.zone/scan)

- [vmray](https://www.vmray.com/)

### Data manipulation

  

- [jsoncrack](https://jsoncrack.com/editor)

- [JS deobfuscator](https://lelinhtinh.github.io/de4js/)

- [cyberchef](https://cyberchef.org/)

- [PCAP online analyzer](https://apackets.com/)

- [Hash calculator](https://md5calc.com/hash)

- [regex101](https://regex101.com/)

- [CyberChef](https://gchq.github.io/CyberChef/)

- [Javascript Deobfuscator](https://deobfuscate.relative.im/)

- [JSONViewer](https://jsonviewer.stack.hu/)

- [TextMechanic](https://textmechanic.com/)

- [UrlEncode.org](https://www.urlencoder.org/)

- [TextFixer](https://www.textfixer.com/)

- [RegExr](https://regexr.com/)

- [TextUtils](https://textutils.com/)

- [TextCompactor](https://textcompactor.com/)

- [Pretty Diff](https://prettydiff.com/)

- [XML Tree](http://www.xmltree.com/)

- [Online XML Formatter and Beautifier](https://www.freeformatter.com/xml-formatter.html)

- [XML Escape Tool](https://www.freeformatter.com/xml-escape.html)

- [DiffChecker](https://www.diffchecker.com/)

- [CSVJSON](https://www.csvjson.com/)

- [HTML Formatter](https://htmlformatter.com/)

- [Text Tool](https://texttools.netlify.app/)

- [String Manipulation Tool](https://string-functions.com/)

- [unshorten it](https://www.unshorten.it)

- [urlunscrambler](https://www.urlunscrambler.com/)

- [longurl](https://www.longurl.org/)

- [Message Header](https://mha.azurewebsites.net/pages/mha.html)

- [MXToolbox EmailHeaders](https://mxtoolbox.com/EmailHeaders.aspx)

- [Email Header Analyzer](https://emailheaders.verification-check.com/)

- [Email Header Analysis](https://www.email-format.com/header-analysis/)

- [Gitlab dashboard from Excel](https://thisdavej.com/copy-table-in-excel-and-paste-as-a-markdown-table/)

- [OPENAI](https://openai.com/playground)

- [uncoder](https://uncoder.io/)

- [DeHashed](https://dehashed.com/)

### Detection Resources

  

- [MITRE techniques](https://attack.mitre.org/techniques/enterprise/)

- [MITRE Updates](https://attack.mitre.org/resources/updates/)

- [MITRE D3fend](https://d3fend.mitre.org/)

- [MITRE Navigator](https://mitre-attack.github.io/attack-navigator/)

- [MITRE Datasources](https://attack.mitre.org/datasources/)

- [GTFOBIN](https://github.com/mthcht/GTFOBins.github.io)

- [LOLBAS](https://github.com/mthcht/LOLBAS)

- [LOTS](https://lots-project.com/)

- [loldrivers](https://www.loldrivers.io/)

- [WTFBIN](https://wtfbins.wtf/)

- [Sigma](https://github.com/mthcht/sigma/tree/master/rules)

- [Splunk Rules](https://research.splunk.com/detections/)

- [Elastic Rules](https://github.com/elastic/detection-rules)

- [DFIR-Report Sigma-Rules](https://github.com/The-DFIR-Report/Sigma-Rules)

- [JoeSecurity Sigma-Rules](https://github.com/joesecurity/sigma-rules/tree/master/rules)

- [mdecrevoisier Sigma-Rules](https://github.com/mdecrevoisier/SIGMA-detection-rules)

- [P4T12ICK Sigma-Rules](https://github.com/P4T12ICK/Sigma-Rule-Repository)

- [tsale Sigma-Rules](https://github.com/tsale/Sigma_rules)

- [list of detections resources](https://github.com/jatrost/awesome-detection-rules)

- [detection engineering resources](https://github.com/infosecB/awesome-detection-engineering)

- [awesome-threat-detection](https://github.com/0x4D31/awesome-threat-detection)

### DFIR

  - [EricZimmerman Tools](https://ericzimmerman.github.io/#!index.md)

  - [dfir-orc](https://github.com/dfir-orc)

  - [dfir-orc-config](https://github.com/DFIR-ORC/dfir-orc-config)

  - [Splunk4DFIR](https://github.com/mf1d3l/Splunk4DFIR)

  - [dfiq](https://github.com/google/dfiq)

  - [PSBits](https://github.com/gtworek/PSBits)

  - [Yara TH](https://github.com/mthcht/ThreatHunting-Keywords-yara-rules) + [TH](https://github.com/mthcht/ThreatHunting-Keywords)

  - [Hayabusa](https://github.com/Yamato-Security/hayabusa)

  - [chainsaw](https://github.com/WithSecureLabs/chainsaw)

  - [regripper](https://github.com/warewolf/regripper)

  - [RdpCacheStitcher](https://github.com/BSI-Bund/RdpCacheStitcher)

  - [ripgrep](https://github.com/BurntSushi/ripgrep)

  - [Kape](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape)

  - [Kape Files](https://github.com/EricZimmerman/KapeFiles)

  - [More Kape ressources](https://github.com/AndrewRathbun/Awesome-KAPE)

  - [VolatileDataCollector](https://github.com/gtworek/VolatileDataCollector)

  - [Velociraptor](https://github.com/Velocidex/velociraptor)

  - [MemDump](https://nircmd.nirsoft.net/memdump.html)

  - [MemProcFS](https://github.com/ufrisk/MemProcFS)

  - [avml](https://github.com/microsoft/avml)

  - [Lime](https://github.com/504ensicsLabs/LiME)

  - [WinPmem](https://github.com/Velocidex/WinPmem)

  - [Volatility](https://github.com/volatilityfoundation/volatility3/)

  - [Windows artifacts](https://github.com/Psmths/windows-forensic-artifacts)

  - [UAC](https://github.com/tclahr/uac)

### Security News

  

- [Twitter](https://twitter.com/home)

- [CERT-FR](https://www.cert.ssi.gouv.fr/)

- [CERT FR Alerts](https://www.cert.ssi.gouv.fr/alerte/)

- [CERT FR Avis](https://www.cert.ssi.gouv.fr/avis/)

- [NIST CVEs](https://nvd.nist.gov/vuln/search/results?isCpeNameSearch=false&results_type=overview&form_type=Basic&search_type=all&startIndex=0)

- [JPCERT](https://www.jpcert.or.jp/english/)

- [CISA news](https://www.cisa.gov/news-events/news)

- [thedfirreport Feed](https://thedfirreport.com/feed/)

- [Splunk Research Blog](https://www.splunk.com/en_us/blog/author/secmrkt-research.html)

- [Unit42 Feed](http://feeds.feedburner.com/Unit42)

- [DFIR weekly sumary - thisweekin4n6](https://thisweekin4n6.wordpress.com/feed/)

- [Google Threat Intelligence](https://cloud.google.com/blog/topics/threat-intelligence)

- [Sekoi Blog](https://blog.sekoia.io/)

- [akamai Feed](http://blogs.akamai.com/atom.xml)

- [Elastic Blog](https://www.elastic.co/security-labs)

- [Checkpoint research Feed](https://research.checkpoint.com/feed)

- [Cisco Talos Feed](http://vrt-sourcefire.blogspot.com/feeds/posts/default)

- [Crowdstrike Feed](http://blog.crowdstrike.com/feed)

- [Hexacorn Blog](http://www.hexacorn.com/blog/feed/)

- [simone kraus Blog](https://medium.com/@simone.kraus)

- [Michael Haag Blog](https://haggis-m.medium.com/)

- [EricaZelic Blog](https://ericazelic.medium.com/)

- [Adam Chester Blog Feed](https://blog.xpnsec.com/rss.xml)

- [Mauricio Velazco Blog](https://medium.com/@mvelazco)

- [Clément Notin Feed](https://clement.notin.org/feed.xml)

- [tenable Blog](https://medium.com/tenable-techblog)

- [horizon3 Feed](https://www.horizon3.ai/feed/)

- [Incidents reports Feed](https://fetchrss.com/rss/65b0eb775582bd1c19083c4365b0fdb664898a0daa63bef4.xml)

- [NCC Group Research Feed](https://research.nccgroup.com/feed/)

- [SpecterOps Feed](https://posts.specterops.io/feed)

- [Redcanary Feed](https://www.redcanary.co/feed/)

- [Sophos Research Feed](https://news.sophos.com/en-us/category/threat-research/feed/)

- [virusbulletin](https://www.virusbulletin.com/virusbulletin/)

- [Offensive Research - DSAS by INJECT](https://blog.injectexp.dev/)

- [HackerNews Feed](https://feeds.feedburner.com/TheHackersNews)

- [Bleepingcomputer Feed](https://www.bleepingcomputer.com/feed/)

- [detect.fyi](https://detect.fyi/)

### Formations

#### DFIR

  

  

  - @inversecos - APT Emulation Labs: [xintra](https://www.xintra.org/labs)

  - 13cubed - Investigating Windows Endpoints: [13cubed.com](https://training.13cubed.com/investigating-windows-endpoints)

  - @0gtweet - Forensic course: [Mastering Windows Forensics](https://grzegorz-tworek-s-school.teachable.com/)

  - SANS: [SANS508](https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/)

  - Defensive-security: [Linux-live-forensics](https://edu.defensive-security.com/linux-attack-live-forensics-at-scale)

  - @TheDFIRReport : LABs with logs from the existing reports [dfir-labs](https://the-dfir-report-store.myshopify.com/collections/dfir-labs)

  - @DebugPrivilege : Forensic Debugging free course [InsightEngineering](https://github.com/DebugPrivilege/InsightEngineering)

  - @ACEresponder: Courses with Detailed Explanations and Labs [aceresponder.com](https://www.aceresponder.com/challenges)

  - @binaryz0ne: DFIR challenges with [Datasets](https://www.ashemery.com/dfir.html) 

  

#### SOC

   

   

 - tryhackme - [SOC lvl1](https://tryhackme.com/path/outline/soclevel1)

 - letsdefend.io @chrissanders88 - [letsdefend.io](https://www.letsdefend.io/)

 - SANS: [SANS555](https://www.sans.org/cyber-security-courses/siem-with-tactical-analytics/)

 - Splunk Boss Of The SOC - [BOTS](https://bots.splunk.com/)

   - BOTS [dataset v1](https://github.com/splunk/botsv1)   

   - BOTS [dataset v2](https://github.com/splunk/botsv2)   

   - BOTS [dataset v3](https://github.com/splunk/botsv3)

   

   

 

### Others

  

- [Crontab check](https://crontab.guru/every-2-minutes)

- [Subnet Calculator](https://mxtoolbox.com/subnetcalculator.aspx)

- [chmod calculator](https://chmod-calculator.com/)

- [Epoch time converter](https://www.epochconverter.com/)

- [cyberchef](https://cyberchef.org/)