A collection of Blue team / Red Team cyber security resources for all fellow professional information security enthusiast.
- Youtube Channels Information Security News Sites and Blogs
- Splunk Resources
- Malware Analysis and Exploit Development
- Threat Intelligence
- Threat Research
- Threat Hunting
- Detecting Lateral Movement
- Digital Forensics
- DFIR Virtual Machines
- General Penetration Testing
- Scanning and Reconnaissance
- Explotation
- Privilege Escalation
- Web App
- Vulnerable Machines
- Attacking Active Directory
- DNS Tunneling Tools
- Password Lists
- Miscellaneous
- The NewBoston - Multiple Courses on Various Programming Languages
- SANS Pentest Training
- SANs DFIR (https://www.youtube.com/user/DEFCONConference/search?query=incident+response)
- DefCON Switzerland
- BlackHatEurope2017
- How To Pwn an Enterprise (Johnny Xmas)
- The Black Art of Wireless Post-Exploitation (Gabriel Ryan)
- T202 Defending against PowerShell Attacks Lee Holmes
- DEF CON 22 - Ryan Kazanciyan and Matt Hastings, Investigating PowerShell Attacks
- 1337red Blog
- Abatchys Blog
- Bleeping Computer
- The Hacker News
- DFIR SANS Blog
- Jordan Potti
- Finding Bad DFIR & Threat Hunting
- Talos Intelligence
- Hybrid Analysis - Webbased Performs File/URL/YARA/& String Analysis.
- FileSignatures - Webbased Will look into HEX Values.
- VirusTotal - Webbased Scan URL, Domain, Hash, or File.
- Metadefender Opswat Scan a file, IP Address, Hash or search a CVE.
- HxD Editor - Application/Tool Hex Editor
- CFF Explorer Application/Tool PE editor called CFF Explorer and a process viewer.
- Floss / Github - Application/Tool FireEye Labs Obfuscated String Solver (FLOSS) is a tool designed to identify and extract obfuscated strings from malware automatically.
- HashMyFiles - Application/Tool Calculate MD5/SHA1/CRC32 hashes of your files.
- PE Studio - Application/Tool PE analysis tool that displays both ASCII & Unicode.
- PPEE - Application/Tool PE file Explorer.
- Strings for Windows / Sysinternals - Application/Tool Strings ported for Windows. Can display ASCII & Unicode.
- AVCaesar
- Cert-Pa
- Contagiodump
- dasmalwerk Malware Samples
- KernakMode
- Malpedia
- Malware Corpus Tracker - Malicious Download Sites
- Malshare
- Malshare Malware Samples
- MalwareDB
- Virusign Malware Samples
- Virusshare
- Virus Bay
- Vduddu
- theZoo
- vxvault
- UPX High-performance executable packer/depacker for several executable formats.
- Trid Packer Detection.
- Detect it easy Packer Identifier.
- APT Groups & Operations
- ATT&CK Mapping via MITRE
- APT Groups - FireEye
- Fortiguard Threat Encyclopedia
- A curated list of awesome Threat Intelligence resources
- blog post is a partial summary of a SANS webinar on Threat Intelligence and Sources
- STIX and TAXI | A structure language and transportation method for sharing Threat Intelligence
- The Hunting Cycle and Measuring Success
- Tales of a Threat Hunter 1
- Tales of a Threat Hunter 2
- C2 Hunting - Finding Bad
- Hunting for Chains- Finding Bad
- Patterns of Behavior - Finding Bad
- Hunting What Does it Look Like - Finding Bad
- Hunting From The Top - Finding Bad
- Hunting Lateral Movement
- Hunt Evil Your Practical Guide to Threat Hunting
- ThreatHuntingProject
- Intelligent Hunting: Using Threat Intelligence to Guide Your Hunts - SANS Youtube
- SPL - Github/inodee
- Splunk Hunting Searches - Github/Hunt Detect Prevent
- Hunting Web Shells with Splunk - Yotube Splunk Hunting Queries - Github/hunter-3
- Hunting with Sysmon & Splunk - Medium/MHarris
- Detecting Lateral Movement in Windows Event Logs | ThreatHuntingProject Github
- Lateral Movement Tactics MiITRE
- Palo Alto Network - Pulling Back The Curtains on EncodedCommand Powershell Activity
- Detecting Lateral Movement - CERT EU
- Detecting & Mitigating Kerb Golden Ticket - CERT EU
- McCafee Quarterly Threat Reports 2017
- Targeted Ransomware
- Identifying Malware Traffic with Bro and the Collective Intelligence Framework (CIF)
- Sysmon DFIR
- Cyberdog WarLab
- Expert Investigation Guide
- Detecting Lateral Movement through Tracking Event Logs
- Windows Event Logs to Detect Lateral Movement Rapid7-Video
- DFIR Challenges and Images
- Data Leakage Case Scenario with Images*
- The 2018 Lone Wolf Scenario
- Forensics Challenges
- Building Malware Analysis Toolkit
- Advanced Threat Analytics suspicious activity guide
- Redline Free Security Software | Free security software from FireEye
- Yara Basics of Windows Incident Response
- DidierStevens Scripts for conducting analysis
- FLARE VM - A Windows Digital Forensics Environment
- California CyberSecurity Institute 2018 Digital Forensics Training
- CIRCL Forensics Training
- DFRWS - Whitepapers
- SANS DFIR Cheat Sheets
- Forensics CTF - Challenge/Case
- CTF WriteUps - Github
- Netresec A collection of pcaps with malicious indicators
- Betwenwodfirns - A collection of CTFs & Cases
- Volatility - Memory Samples
- Tuts4you Tutorials, Papers, Dissertations, Essays and Guides
- Forensickb Challenge
- Cfreds Data Leakage Case Challenge
- Reverse Engineering Malware Challenges
- CyberSecurityChallenge.uk - Games
- Defcon 2018 CTFs - Challenges
- Digital Forensic Challenge Images (Datasets)
- The Art of Hacking
- pwk-cheatsheet
- Abatchys Blog - How-to-prepare-for-pwkoscp
- Red Teaming Toolkit
- Penetration Testing Methodology/Guide Via 0daysecurity
- A Detailed Guide on OSCP Preparation – From Newbie to OSCP
- Various PenTesting Cheatsheets Via pentestmonkey
- Finding Diamonds in the Rough- Parsing for Pentesters
- Hacking Windows shares from Linux with Samba
- Linux Privilege Escalation
- Local Linux Enumeration & Privilege Escalation Cheatsheet
- Unix-Prvesc-check via pentest monkey
- A Linux alternative to enum.exe via Portcullis
- Local Linux Enumeration & Privilege Escalation Cheatsheet
- UNIX-PrivEsc
- Manual Local Hash Extraction via lanmaster53
- Windows Privilege Escalation Fundamentals
- Windows Post Exploitation Command List
- A Checklist for Windows Privilege Escalation
- A "how to" for the "brute force" module set to "low" level security inside of (DVWA)
- Techniques for spawning shells Via lanmaster53
- LFI to remote command execution using SSH via lanmaster53
- Enigma WebApp Security Training - Challenges
- bWAPP - bWAPP, or a buggy web application, is a deliberately insecure web application.It has over 100 web bugs! bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!
- Game of Hacks - This game was designed to test your application hacking skills. You will be presented with vulnerable pieces of code and your mission if you choose to accept it is to find which vulnerability exists in that code as quickly as possible
- Hackazon - Hackazon Hackazon is a vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and testing ground for IT security professionals. And, it’s full of your favorite vulnerabilities like SQL Injection, cross-site scripting and so on.
- HackThisSite - Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills.
- HackThis - An online plaform with challenges that test your skills in web app attacks.
- Mutillidae II - OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP.
- HackerGateway - Challenges
- HellBound Hackers
- OvertheWire Wargames
- root-me
- Password Cracking Test Data (https://www.hackthebox.eu/)
- Peruggia
- try2hack
- Samurai Web Testing Framework
- Vicnum Project
- WebGoat
- Web Security Dojo
- Attack Methods for Gaining Domain Admin Rights in Active Directory
- BUILDING AND ATTACKING AN ACTIVE DIRECTORY LAB WITH POWERSHELL
- The Forest Is Under Control. Taking over the entire Active Directory forest
- DeNiSe Python tool for tunneling TCP over DNS.
- dns2tcp Written in C, supports TXT request types.
- DNScapy Python tool for packet generation. Supports SSH tunnoeling over DNS.
- Metasploitable 2 Download + Exploitability Guide - The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
- Metasploitable 3 - Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development, software testing, technical job interviews, sales demonstrations, or CTF junkies who are looking for kicks, etc :-)
- Rebootusers HackLab
- Vulnhub
- Create your own Vulnerable Windows Box
- Active Directory Resources
- Free Splunk Training + Splunk User Certification
- Blue & Redteam Challenges
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf http://az4n6.blogspot.com/2018/06/malicious-powershell-in-registry.html
http://sandsprite.com/CodeStuff/scdbg_manual/MANUAL_EN.html https://hashes.org/hashlists.php https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf