References
- Etherpad-lite – A real-time and collaborative note-taking application that can be privately hosted: https://github.com/ether/etherpad-lite
- Dokuwiki – A simple open-source wiki solution that includes templates, plugins, and integrated authentication: https://github.com/splitbrain/dokuwiki
- EKM – Enterprise Key Management, a feature of slack that lets organizations use their own cryptographic keys to secure communications and logs: https://slack.com/enterprise-key-management
- A chat application that includes strong cryptographic user verification – Melissa Chase, Trevor Perrin, and Greg Zaverucha, 2019, The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption: https://signal.org/blog/pdfs/signal_private_group_system.pdf
- Professional fighter Georges St-Pierre on the importance of innovation: https://www.theglobeandmail.com/report-on-business/careers/careers-leadership/professional-fighter-georges-st-pierre-on-the-importance-of-innovation/article11891399/#
- SANS paid for Online Cybersecurity Training: https://www.sans.org/online-security-training/
- Open Security Training – Free, high-quality information security courses, with college level production: https://opensecuritytraining.info/Training.html
- Cybrary – Free information security courses, including a skill path, with an impressive production value: https://app.cybrary.it/browse/refined?view=careerPath
- CrowdStrike CTO Explains "Breakout Time" — A Critical Metric in Stopping Breaches: https://www.crowdstrike.com/blog/crowdstrike-cto-explains-breakout-time-a-critical-metric-in-stopping-breaches/
- OSQuery: https://github.com/osquery/osquery
- GRR – Open-source EDR framework for Windows, Linux, and macOS: https://github.com/google/grr
- Wazuh – Open-source EDR framework that is an evolution of the OSSEC project. Supports Windows, Linux, and macOS: https://github.com/wazuh/wazuh
- Velociraptor – Open-source EDR framework, inspired by GRR and OSQuery. Supports Windows, Linux, and macOS: https://github.com/Velocidex/velociraptor
- Snort User Manual – Open-source network intrusion detection system for Windows and Linux: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/
- What is Suricata? – Open-source network intrusion and prevention system. Multi-threaded engine designed for Linux systems: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/What_is_Suricata
- Zeek Documentation – An evolution of Bro IDS, is a network IDS that collect logs and metrics on various protocol data: https://docs.zeek.org/en/master/
- Port Mirroring for Network Monitoring Explained: https://blog.niagaranetworks.com/blog/port-mirroring-for-network-monitoring-explained
- Tcpdump: A simple cheatsheet – a command-line tool for acquiring network captures: https://www.andreafortuna.org/2018/07/18/tcpdump-a-simple-cheatsheet/
- What is Wireshark?: https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs
- Adding a basic dissector – Wireshark includes a framework to write custom modules that can parse new protocols in Wireshark: https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html
- tshark Examples – Theory & Implementation: https://www.activecountermeasures.com/tshark-examples-theory-implementation/
- Josh Johnson, Implementing Active Defense Systems on Private Networks: https://www.sans.org/reading-room/whitepapers/detection/implementing-active-defense-systems-private-networks-34312
- Filebeat – A lightweight logging application: https://www.elastic.co/beats/filebeat
- Configure Computers to Forward and Collect Events: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11)
- Splunk: User Behavior Analytics – A feature that allows for anomaly detection in user activities by base-lining users over time: https://www.splunk.com/en_us/software/user-behavior-analytics.html
- HELK, The Threat Hunter's Elastic Stack: https://github.com/Cyb3rWard0g/HELK
- The Elastic Stack: https://www.elastic.co/elastic-stack
- VAST, a SIEM for network data: https://github.com/tenzir/vast
- Cortex, a SOAR application to go with TheHive: https://github.com/TheHive-Project/Cortex
- TALR – Threat Alert Logic Repository: https://github.com/SecurityRiskAdvisors/TALR
- OpenIOC, an open-source alerting format with combinatory logic: https://github.com/mandiant/OpenIOC_1.1
- COPS – Collaborative Open Playbook Standard: https://github.com/demisto/COPS
- ElastAlert - Easy & Flexible Alerting With Elasticsearch: https://elastalert.readthedocs.io/en/latest/elastalert.html
- TheHive, an alert management system: https://github.com/TheHive-Project/TheHive
- MISP – Threat Intelligence Sharing Platform: https://github.com/MISP/MISP
- CRITS – an open-source project that uses Python to manage threat intelligence: https://github.com/crits/crits/wiki
- Windows Sysinternals – Advanced Windows system utilities, includes many functions and useful tools for incident responders: https://docs.microsoft.com/en-us/sysinternals/
- YARA in a nutshell: https://virustotal.github.io/yara/
- Binwalk, automated artifact extraction: https://github.com/ReFirmLabs/binwalk
- Scalpel, targeted artifact extraction: https://github.com/sleuthkit/scalpel
- MITRE ATT&CK Compromise Application Executable: https://attack.mitre.org/techniques/T1577/
- Redline – A free FireEye product that allows for memory capture and analysis on Windows systems: https://www.fireeye.com/services/freeware/redline.html
- The Sleuth Kit, an open-source framework for forensic analysis of disk images: https://www.sleuthkit.org/
- Volatility Framework - Volatile memory extraction utility framework: https://github.com/volatilityfoundation/volatility
- BLUESPAWN, a defender's multitool for hardening, hunting, and monitoring: https://github.com/ION28/BLUESPAWN
- BLUESPAWN: An open-source active defense and EDR solution: https://github.com/ION28/BLUESPAWN/blob/master/docs/media/Defcon28-BlueTeamVillage-BLUESPAWN-Presentation.pdf
- PE-Sieve, an in-memory scanner for process injection artifacts: https://github.com/hasherezade/pe-sieve
- Viper, a Python platform for artifact storage and automated analysis: https://github.com/viper-framework/viper
- Cuckoo Sandbox, a dynamic sandbox for teasing out executable functionality: https://github.com/cuckoosandbox/cuckoo
- BoomBox, an automated deployment of Cuckoo Sandbox: https://github.com/nbeede/BoomBox
- INetSim, a fake network simulator for dynamic sandbox solutions: https://github.com/catmin/inetsim
- VirusTotal – An online application that offers basic static analysis, anti-virus analysis, and threat intel analysis on a particular file: https://www.virustotal.com/gui/
- JoeSecurity – A commercial online dynamic sandbox application that offers rich executable information: https://www.joesecurity.org/
- ANY.RUN –A free dynamic sandboxing application for Windows executables: https://any.run/
- Hybrid Analysis – A dynamic sandboxing solution with both free and paid offerings, supports CrowdStrike intelligence: https://www.hybrid-analysis.com/
- CyberChef, an open-source, data sharing and transformation application: https://github.com/gchq/CyberChef
- Pure Funky Magic – An open-source data transformation application written in Python: https://github.com/mari0d/PFM
- What is Maltego?: https://docs.maltego.com/support/solutions/articles/15000019166-what-is-maltego-
- Security Onion 2 – An evolution of Security Onion, designed to support signal generation, log aggregation, and full SIEM like capabilities: https://www.youtube.com/watch?v=M-ty0o8dQU8
- 14 Cybersecurity Metrics + KPIs to Track: https://www.upguard.com/blog/cybersecurity-metrics
- Carloz Perez, Are we measuring Blue and Red Right?: https://www.darkoperator.com/blog/2015/11/2/are-we-measuring-blue-and-red-right
- John Lambert – Twitter quote on offensive research: https://twitter.com/johnlatwc/status/442760491111178240
- AutoRecon, automated scanning tools: https://github.com/Tib3rius/AutoRecon
- Scantron, a distributed scanning solution with a web interface: https://github.com/rackerlabs/scantron
- nmap vulners, an advanced vulnerability scanning module for nmap: https://github.com/vulnersCom/nmap-vulners
- OpenVAS, an open-source vulnerability scanning solution: https://github.com/greenbone/openvas
- Metasploit, a modular, open source scanning, exploitation, and post exploitation framework: https://github.com/rapid7/metasploit-framework
- Metasploit Resource Scripts – A type of scripting for automating the Metasploit framework, including post-exploitation functionality: https://docs.rapid7.com/metasploit/resource-scripts/
- PowerView: https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
- BloodHound – A tool for querying Windows domains and mapping their trust relationships in a Neo4j graph database: https://github.com/BloodHoundAD/BloodHound
- CobaltStrike – A popular commercial command and control framework, that includes a GUI and a scripting language called Aggressor Script: https://www.cobaltstrike.com/
- Empire – A popular open-source command and control framework, supports both Windows and macOS, includes many post-exploitation features: https://github.com/BC-SECURITY/Empire
- Burp Suite – The defacto web proxy for web application hacking, includes a free version and a commercial version with advanced features: https://portswigger.net/burp
- Taipan – Web application vulnerability scanner, includes both a community version and a commercial version: https://taipansec.com/index
- Sqlmap – Automated vulnerability scanner focused on SQL Injection: https://github.com/sqlmapproject/sqlmap
- Jeff McJunkin's blogpost on measuring Nmaps performance and improving it with Masscan: https://jeffmcjunkin.wordpress.com/2018/11/05/masscan/
- EternalBlue: https://en.wikipedia.org/wiki/EternalBlue
- Gscript, a cross platform dropper in Go: https://github.com/gen0cide/gscript
- Garble, a Go based obfuscation engine: https://github.com/burrowers/garble
- Operations security: https://en.wikipedia.org/wiki/Operations_security
- Fat Rodzianko's blog post on domain fronting in Azure: https://fatrodzianko.com/2020/05/11/covenant-c2-infrastructure-with-azure-domain-fronting/
- The C2 Matrix – An open-source collection of various command and control frameworks comparing their features: https://www.thec2matrix.com/matrix
- Sliver, an open-source C2 framework written in Go: https://github.com/BishopFox/sliver
- Cracklord, an application for managing hash cracking jobs, written in Go: https://github.com/jmmcatee/cracklord
- CeWL – Custom Word List generator: https://github.com/digininja/CeWL
- Kali Linux – A collection of offensive security tools in a bootable Linux distro: https://www.kali.org/
- Red Team Metrics Quick Reference Sheet: https://casa.sandia.gov/_assets/documents/2017-09-13_Metrics_QRS-Paper-Size.pdf
