Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Adversarial Tradecraft in Cybersecurity

You're reading from   Adversarial Tradecraft in Cybersecurity Offense versus defense in real-time computer conflict

Arrow left icon
Product type Paperback
Published in Jun 2021
Publisher Packt
ISBN-13 9781801076203
Length 246 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Dan Borges Dan Borges
Author Profile Icon Dan Borges
Dan Borges
Arrow right icon
View More author details
Toc

References

  1. Etherpad-lite – A real-time and collaborative note-taking application that can be privately hosted: https://github.com/ether/etherpad-lite
  2. Dokuwiki – A simple open-source wiki solution that includes templates, plugins, and integrated authentication: https://github.com/splitbrain/dokuwiki
  3. EKM – Enterprise Key Management, a feature of slack that lets organizations use their own cryptographic keys to secure communications and logs: https://slack.com/enterprise-key-management
  4. A chat application that includes strong cryptographic user verification – Melissa Chase, Trevor Perrin, and Greg Zaverucha, 2019, The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption: https://signal.org/blog/pdfs/signal_private_group_system.pdf
  5. Professional fighter Georges St-Pierre on the importance of innovation: https://www.theglobeandmail.com/report-on-business/careers/careers-leadership/professional-fighter-georges-st-pierre-on-the-importance-of-innovation/article11891399/#
  6. SANS paid for Online Cybersecurity Training: https://www.sans.org/online-security-training/
  7. Open Security Training – Free, high-quality information security courses, with college level production: https://opensecuritytraining.info/Training.html
  8. Cybrary – Free information security courses, including a skill path, with an impressive production value: https://app.cybrary.it/browse/refined?view=careerPath
  9. CrowdStrike CTO Explains "Breakout Time" — A Critical Metric in Stopping Breaches: https://www.crowdstrike.com/blog/crowdstrike-cto-explains-breakout-time-a-critical-metric-in-stopping-breaches/
  10. OSQuery: https://github.com/osquery/osquery
  11. GRR – Open-source EDR framework for Windows, Linux, and macOS: https://github.com/google/grr
  12. Wazuh – Open-source EDR framework that is an evolution of the OSSEC project. Supports Windows, Linux, and macOS: https://github.com/wazuh/wazuh
  13. Velociraptor – Open-source EDR framework, inspired by GRR and OSQuery. Supports Windows, Linux, and macOS: https://github.com/Velocidex/velociraptor
  14. Snort User Manual – Open-source network intrusion detection system for Windows and Linux: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/
  15. What is Suricata? – Open-source network intrusion and prevention system. Multi-threaded engine designed for Linux systems: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/What_is_Suricata
  16. Zeek Documentation – An evolution of Bro IDS, is a network IDS that collect logs and metrics on various protocol data: https://docs.zeek.org/en/master/
  17. Port Mirroring for Network Monitoring Explained: https://blog.niagaranetworks.com/blog/port-mirroring-for-network-monitoring-explained
  18. Tcpdump: A simple cheatsheet – a command-line tool for acquiring network captures: https://www.andreafortuna.org/2018/07/18/tcpdump-a-simple-cheatsheet/
  19. What is Wireshark?: https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs
  20. Adding a basic dissector – Wireshark includes a framework to write custom modules that can parse new protocols in Wireshark: https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html
  21. tshark Examples – Theory & Implementation: https://www.activecountermeasures.com/tshark-examples-theory-implementation/
  22. Josh Johnson, Implementing Active Defense Systems on Private Networks: https://www.sans.org/reading-room/whitepapers/detection/implementing-active-defense-systems-private-networks-34312
  23. Filebeat – A lightweight logging application: https://www.elastic.co/beats/filebeat
  24. Configure Computers to Forward and Collect Events: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748890(v=ws.11)
  25. Splunk: User Behavior Analytics – A feature that allows for anomaly detection in user activities by base-lining users over time: https://www.splunk.com/en_us/software/user-behavior-analytics.html
  26. HELK, The Threat Hunter's Elastic Stack: https://github.com/Cyb3rWard0g/HELK
  27. The Elastic Stack: https://www.elastic.co/elastic-stack
  28. VAST, a SIEM for network data: https://github.com/tenzir/vast
  29. Cortex, a SOAR application to go with TheHive: https://github.com/TheHive-Project/Cortex
  30. TALR – Threat Alert Logic Repository: https://github.com/SecurityRiskAdvisors/TALR
  31. OpenIOC, an open-source alerting format with combinatory logic: https://github.com/mandiant/OpenIOC_1.1
  32. COPS – Collaborative Open Playbook Standard: https://github.com/demisto/COPS
  33. ElastAlert - Easy & Flexible Alerting With Elasticsearch: https://elastalert.readthedocs.io/en/latest/elastalert.html
  34. TheHive, an alert management system: https://github.com/TheHive-Project/TheHive
  35. MISP – Threat Intelligence Sharing Platform: https://github.com/MISP/MISP
  36. CRITS – an open-source project that uses Python to manage threat intelligence: https://github.com/crits/crits/wiki
  37. Windows Sysinternals – Advanced Windows system utilities, includes many functions and useful tools for incident responders: https://docs.microsoft.com/en-us/sysinternals/
  38. YARA in a nutshell: https://virustotal.github.io/yara/
  39. Binwalk, automated artifact extraction: https://github.com/ReFirmLabs/binwalk
  40. Scalpel, targeted artifact extraction: https://github.com/sleuthkit/scalpel
  41. MITRE ATT&CK Compromise Application Executable: https://attack.mitre.org/techniques/T1577/
  42. Redline – A free FireEye product that allows for memory capture and analysis on Windows systems: https://www.fireeye.com/services/freeware/redline.html
  43. The Sleuth Kit, an open-source framework for forensic analysis of disk images: https://www.sleuthkit.org/
  44. Volatility Framework - Volatile memory extraction utility framework: https://github.com/volatilityfoundation/volatility
  45. BLUESPAWN, a defender's multitool for hardening, hunting, and monitoring: https://github.com/ION28/BLUESPAWN
  46. BLUESPAWN: An open-source active defense and EDR solution: https://github.com/ION28/BLUESPAWN/blob/master/docs/media/Defcon28-BlueTeamVillage-BLUESPAWN-Presentation.pdf
  47. PE-Sieve, an in-memory scanner for process injection artifacts: https://github.com/hasherezade/pe-sieve
  48. Viper, a Python platform for artifact storage and automated analysis: https://github.com/viper-framework/viper
  49. Cuckoo Sandbox, a dynamic sandbox for teasing out executable functionality: https://github.com/cuckoosandbox/cuckoo
  50. BoomBox, an automated deployment of Cuckoo Sandbox: https://github.com/nbeede/BoomBox
  51. INetSim, a fake network simulator for dynamic sandbox solutions: https://github.com/catmin/inetsim
  52. VirusTotal – An online application that offers basic static analysis, anti-virus analysis, and threat intel analysis on a particular file: https://www.virustotal.com/gui/
  53. JoeSecurity – A commercial online dynamic sandbox application that offers rich executable information: https://www.joesecurity.org/
  54. ANY.RUN –A free dynamic sandboxing application for Windows executables: https://any.run/
  55. Hybrid Analysis – A dynamic sandboxing solution with both free and paid offerings, supports CrowdStrike intelligence: https://www.hybrid-analysis.com/
  56. CyberChef, an open-source, data sharing and transformation application: https://github.com/gchq/CyberChef
  57. Pure Funky Magic – An open-source data transformation application written in Python: https://github.com/mari0d/PFM
  58. What is Maltego?: https://docs.maltego.com/support/solutions/articles/15000019166-what-is-maltego-
  59. Security Onion 2 – An evolution of Security Onion, designed to support signal generation, log aggregation, and full SIEM like capabilities: https://www.youtube.com/watch?v=M-ty0o8dQU8
  60. 14 Cybersecurity Metrics + KPIs to Track: https://www.upguard.com/blog/cybersecurity-metrics
  61. Carloz Perez, Are we measuring Blue and Red Right?: https://www.darkoperator.com/blog/2015/11/2/are-we-measuring-blue-and-red-right
  62. John Lambert – Twitter quote on offensive research: https://twitter.com/johnlatwc/status/442760491111178240
  63. AutoRecon, automated scanning tools: https://github.com/Tib3rius/AutoRecon
  64. Scantron, a distributed scanning solution with a web interface: https://github.com/rackerlabs/scantron
  65. nmap vulners, an advanced vulnerability scanning module for nmap: https://github.com/vulnersCom/nmap-vulners
  66. OpenVAS, an open-source vulnerability scanning solution: https://github.com/greenbone/openvas
  67. Metasploit, a modular, open source scanning, exploitation, and post exploitation framework: https://github.com/rapid7/metasploit-framework
  68. Metasploit Resource Scripts – A type of scripting for automating the Metasploit framework, including post-exploitation functionality: https://docs.rapid7.com/metasploit/resource-scripts/
  69. PowerView: https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
  70. BloodHound – A tool for querying Windows domains and mapping their trust relationships in a Neo4j graph database: https://github.com/BloodHoundAD/BloodHound
  71. CobaltStrike – A popular commercial command and control framework, that includes a GUI and a scripting language called Aggressor Script: https://www.cobaltstrike.com/
  72. Empire – A popular open-source command and control framework, supports both Windows and macOS, includes many post-exploitation features: https://github.com/BC-SECURITY/Empire
  73. Burp Suite – The defacto web proxy for web application hacking, includes a free version and a commercial version with advanced features: https://portswigger.net/burp
  74. Taipan – Web application vulnerability scanner, includes both a community version and a commercial version: https://taipansec.com/index
  75. Sqlmap – Automated vulnerability scanner focused on SQL Injection: https://github.com/sqlmapproject/sqlmap
  76. Jeff McJunkin's blogpost on measuring Nmaps performance and improving it with Masscan: https://jeffmcjunkin.wordpress.com/2018/11/05/masscan/
  77. EternalBlue: https://en.wikipedia.org/wiki/EternalBlue
  78. Gscript, a cross platform dropper in Go: https://github.com/gen0cide/gscript
  79. Garble, a Go based obfuscation engine: https://github.com/burrowers/garble
  80. Operations security: https://en.wikipedia.org/wiki/Operations_security
  81. Fat Rodzianko's blog post on domain fronting in Azure: https://fatrodzianko.com/2020/05/11/covenant-c2-infrastructure-with-azure-domain-fronting/
  82. The C2 Matrix – An open-source collection of various command and control frameworks comparing their features: https://www.thec2matrix.com/matrix
  83. Sliver, an open-source C2 framework written in Go: https://github.com/BishopFox/sliver
  84. Cracklord, an application for managing hash cracking jobs, written in Go: https://github.com/jmmcatee/cracklord
  85. CeWL – Custom Word List generator: https://github.com/digininja/CeWL
  86. Kali Linux – A collection of offensive security tools in a bootable Linux distro: https://www.kali.org/
  87. Red Team Metrics Quick Reference Sheet: https://casa.sandia.gov/_assets/documents/2017-09-13_Metrics_QRS-Paper-Size.pdf
You have been reading a chapter from
Adversarial Tradecraft in Cybersecurity
Published in: Jun 2021
Publisher: Packt
ISBN-13: 9781801076203
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime