An open API service indexing awesome lists of open source software.

https://github.com/nvisosecurity/sec599-resources


https://github.com/nvisosecurity/sec599-resources

Last synced: 4 months ago
JSON representation

Awesome Lists containing this project

README

          

# SEC599-Resources
The following is an overview of links/articles commonly referenced during the SEC599 course

## Section 1: Introduction and Reconnaissance
* [Wired - The untold story of NotPetya](https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/)
* [Cyberbit blog - COM Hijacking](https://www.cyberbit.com/blog/endpoint-security/com-hijacking-windows-overlooked-security-vulnerability/)
* [MITRE ATT&CK](https://attack.mitre.org/)
* [Swift on Security - Sysmon config](https://github.com/SwiftOnSecurity/sysmon-config)
* [APT Groups and Operations Google sheet](https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658)
* [APT Index - Kumu.io](https://embed.kumu.io/0b023bf1a971ba32510e86e8f1a38c38#apt-index?focus=%23elem-gMh8T6PP%20out%202)
* [ThaiCERT - Threat actor encyclopedia](https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf)
* [Malware Archeology - Cheat Sheets](https://www.malwarearchaeology.com/cheat-sheets)
* [NSA Cyber - Windows Secure Host Baseline](https://github.com/nsacyber/Windows-Secure-Host-Baseline)
* [Openstack - Ansible Hardening](https://github.com/openstack/ansible-hardening)
* [NIST Checklists](https://ncp.nist.gov/repository)
* [MITRE ENGENUITY - ATT&CK Evaluations](https://attackevals.mitre-engenuity.org/)
* [x0rz - Phishing Catcher](https://github.com/openstack/ansible-hardening)

## Section 2: Payload Delivery and Execution
* [Fenrir - NAC bypass - Valérien Legrand](https://hackinparis.com/data/slides/2017/2017_Legrand_Valerian_802.1x_Network_Access_Control_and_Bypass_Techniques.pdf)
* [Hackers use BadUSB to target defense firms with ransomware](https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/)
* [YARA Rules Github](https://github.com/Yara-Rules/rules)
* [InsecurePowerShell - PowerShell without System.Management.Automation.dll](https://cobbr.io/InsecurePowershell-PowerShell-Without-System-Management-Automation.html)
* [Ultimate Applocker bypass list](https://github.com/api0cradle/UltimateAppLockerByPassList)
* [USBHarpoon a Charging Cable That Hacks Your Computer](https://latesthackingnews.com/2018/08/27/usbharpoon-a-charging-cable-that-hacks-your-computer/)
* [LOLBAS - Living Off The Land Binaries and Scripts](https://lolbas-project.github.io/)
* [GTFOBins](https://gtfobins.github.io/)
* [Malware-Traffic-Analysis.net](https://www.malware-traffic-analysis.net/)
* [Domain-Level Prevention of LLMNR/NBT-NS Poisoning and WPAD Spoofing](https://medium.com/@s.ganoush/domain-level-prevention-of-llmnr-nbt-ns-poisoning-and-wpad-spoofing-74df09d6f512)
* [Changing default file associations in Windows 10 via GPO](http://woshub.com/managing-default-file-associations-in-windows-10/)

## Section 3: Exploitation, Persistence, and Command and Control
* [Win32K.SYS System call table](https://j00ru.vexillium.org/syscalls/win32k/32/)
* [Zerodium Exploit Acquisition program](https://zerodium.com/program.html)
* [Overview of Windows as a Service](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview)
* [Bill Gates - Trustworthy Computing memo](https://www.wired.com/2002/01/bill-gates-trustworthy-computing/)
* [Salesforce JA3](https://github.com/salesforce/ja3)
* [Hexacorn - Beyond good ol' Run key](http://www.hexacorn.com/blog/2017/01/28/beyond-good-ol-run-key-all-parts/)
* [Microsoft - Control Flow Guard](https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard)
* [Microsoft - Exploit protection reference](https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide)
* [Palentir - Exploit guard base configuration script](https://github.com/palantir/exploitguard/blob/master/configureBaseMachine.ps1)

## Section 4: Lateral Movement
* [JPCert - Detecting lateral movement through tracking event logs](https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf)
* [JEA - Sample DNS roles](https://github.com/PowerShell/JEA/tree/master/Samples/DnsAdministration/RoleCapabilities)
* [Microsoft - Enterprise Access Model](https://docs.microsoft.com/en-us/security/compass/privileged-access-access-model)
* [UACME](https://github.com/hfiref0x/UACME)
* [SharpHound: target Selection and API Usage](https://blog.cptjesus.com/posts/sharphoundtargeting)
* [Blackhat - Abusing Microsoft Kerberos](https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don't-Get-It.pdf)

## Section 5: Actions on Objectives, Threat Hunting, and Incident Response
* [Blackhat - The Adventures of AV and the Leaky Sandbox](https://www.blackhat.com/docs/us-17/thursday/us-17-Kotler-The-Adventures-Of-Av-And-The-Leaky-Sandbox.pdf)
* [Printer dots - How the Intercept outed Reality Winner](https://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html)
* [TaHiTI - A threat hunting methodology](https://www.betaalvereniging.nl/wp-content/uploads/TaHiTI-Threat-Hunting-Methodology-whitepaper.pdf)
* [Syntax-IR - Incident Response playbooks](https://gitlab.com/syntax-ir/playbooks)
* [Aorato Skeleton key scanner](https://web.archive.org/web/20201030071700/https://gallery.technet.microsoft.com/Aorato-Skeleton-Key-24e46b73)
* [Black Tulip - Diginotar breach](https://roselabs.nl/files/audit_reports/Fox-IT_-_DigiNotar.pdf)