├── LICENSE.md
└── README.md
/LICENSE.md:
--------------------------------------------------------------------------------
1 | Creative Commons Attribution 4.0 International License (CC BY 4.0)
2 |
3 | http://creativecommons.org/licenses/by/4.0/
4 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | CyberBodega
2 | A conglomeration of resources for any color of the rainbow
3 |
4 | ```python
5 |
6 | _________ ______ ________ _________
7 | __ ____/____ ____ /______________ ___ __ )___________ /___________ ______ _
8 | _ / __ / / /_ __ \ _ \_ ___/ __ __ | __ \ __ /_ _ \_ __ `/ __ `/
9 | / /___ _ /_/ /_ /_/ / __/ / _ /_/ // /_/ / /_/ / / __/ /_/ // /_/ /
10 | \____/ _\__, / /_.___/\___//_/ /_____/ \____/\__,_/ \___/_\__, / \__,_/
11 | /____/ /____/
12 |
13 | Continuously Updated Since 16 July 2020
14 |
15 | ```
16 |
17 |
18 |
19 | # 
20 |
21 | # Contents
22 | - [Quick-Links](#quick-links)
23 | - [Infosec-News](#infosec-news)
24 | - [Interesting-Articles-Videos](#interesting-articles-videos)
25 | - [Research-Resources](#research-resources)
26 | - [Write-ups](#write-ups)
27 | - [Research-Sites](#research-sites)
28 | - [Cyber-Threat-Intelligence-Dump](#Cyber-Threat-Intelligence-Dump)
29 | - [Training-Resources](#training-resources)
30 | - [Blue-Team-Resources](#blue-team-resources)
31 | - [Utility](#utility)
32 | - [Network-Analysis](#network-analysis)
33 | - [Host-Analysis](#host-analysis)
34 | - [Host-Network-Analysis](#host-network-analysis)
35 | - [Detection](#detection)
36 | - [Malware-Analysis](#malware-analysis)
37 | - [Audit-Vulnerability](#audit-vulnerability)
38 | - [Malware-IOC-Detection-Data-Dumps](#malware-ioc-detection-data-dumps)
39 | - [blue-bin](#blue-bin)
40 | - [Purple-Red-Team-Resources](#purple-red-team-resources)
41 | - [Command-and-Control](#command-and-control)
42 | - [Recon](#recon)
43 | - [Password-Tools](#password-tools)
44 | - [red-bin](#red-bin)
45 | - [Cloud-Things](#cloud-things)
46 | - [tools](#tools)
47 | - [AI-Stuff](#ai-stuff)
48 | - [Awesome-Lists](#awesome-lists)
49 | - [Dump](#dump)
50 |
51 | ## Quick-Links
52 | - [RSS/Twitter-Feed](https://www.netvibes.com/gottcyber1#News) Conglomeration of InfoSec RSS feeds
53 | - [TweetDeck](https://tweetdeck.twitter.com/) Twitter has useful information? YEP
54 |
55 | ## Infosec-News
56 | - [All InfoSec News](https://allinfosecnews.com/) An InfoSec & Cyber news aggregator
57 | - [Security Soup](https://security-soup.net/) Infosec news, commentary, and research
58 | - [Threatpost](https://threatpost.com/) Supposedly the first stop for security news
59 | - [Week in 4N6](https://thisweekin4n6.com/) Your weekly roundup of Digital Forensics and Incident Response news
60 | - [r/blueteamsec](https://www.reddit.com/r/blueteamsec/) Subreddit focused on technical intelligence, research and engineering
61 | - [Krebson Security](https://krebsonsecurity.com/)
62 | - [SANS Webcast](https://www.sans.org/webcasts/)
63 | - [SANS Newsletter](https://www.sans.org/newsletters/)
64 | - [Cyber Scoop](https://www.cyberscoop.com/)
65 | - [SecurityFocus](https://www.securityfocus.com/)
66 | - [Gibson Research Corporation](https://www.grc.com/intro.htm)
67 | - [Security News Wire](https://securitynewswire.com/index.php/Home)
68 | - [PortSwigger](https://portswigger.net/daily-swig)
69 | - [Pentestmonkey](http://pentestmonkey.net/)
70 | - [USCERT (CISA)](https://us-cert.cisa.gov/)
71 | - [FIRST](https://www.first.org/)
72 | - [BleepingComputer](https://www.bleepingcomputer.com/)
73 | - [Schneier Security](https://www.schneier.com/)
74 | - [Opalsec](https://opalsec.substack.com/)
75 |
76 | ## Interesting-Articles-Videos
77 | - [vx-underground](https://www.vx-underground.org/) Really anything from here is pretty sweet
78 | - [Cyb3rWard0g's Lab⭐](https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat.html) Step by step guide on creating a lab enviorment in ESXi
79 | - [SANS Reading Room](https://www.sans.org/white-papers/) See what white papers are top of mind for the SANS community
80 | - [Black Hat Archives](https://www.blackhat.com/html/archives.html) Archive of computer security presentations is provided free of charge as a service to the international computer security community
81 | - [If you've ever wanted to mess around with a SIEM](https://www.hackingarticles.in/threat-hunting-log-monitoring-lab-setup-with-elk/)
82 | - [Spin Up An AD Enviorment Quickly](https://medium.com/@clong/introducing-detection-lab-61db34bed6ae)
83 | - [Lenny Zeltser - Learn Malware Analysis](https://zeltser.com/start-learning-malware-analysis/)
84 | - [PST, Want a Shell?](https://www.mandiant.com/resources/pst-want-shell-proxyshell-exploiting-microsoft-exchange-servers) Mandiant's write-up for ProxyShell
85 | - [De-Fanging Strings with FLOSS](https://medium.com/malware-buddy/reverse-engineering-tips-strings-deobfuscation-with-floss-9424417e285d) Uncovering obfuscated strings with FLOSS
86 | - [Setting up Tripwire](https://www.howtoforge.com/tutorial/monitoring-and-detecting-modified-files-using-tripwire-on-centos-7/) Detecting adversary activity via file changes (Honey Files)
87 | - [PowerShell Process Hunting](https://www.sans.org/blog/process-threat-hunting-part-1/) Great review of ways to leverage PowerShell to do neat things
88 | - [Canary Tokens](https://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html) Painless way to help defenders discover they've been breached
89 | - [Kerboroasting](https://adsecurity.org/?p=3458) Conversation about extracting service account credentials from Active Directory via kerb
90 | - [Honey Files](https://docs.rapid7.com/insightidr/honey-files/) Honey files are designed to detect attackers who are accessing and removing files
91 | - [CTI Self Study Plan](https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a) Katie Nickels discusses ways you can learn more about CTI
92 | - [Start Learning Malware Analysis](https://zeltser.com/start-learning-malware-analysis/)
93 | - [DFRWS Papers & Presentations](https://dfrws.org/presentation/)
94 | - [Detecting Meterpreter HTTP module Network Traffic](https://blog.didierstevens.com/2015/05/11/detecting-network-traffic-from-metasploits-meterpreter-reverse-http-module/) Didier Stevens discusses meterpreter network traffic
95 | - [Hunting Linux Persistence Part 1](https://www.activecountermeasures.com/hunting-for-persistence-in-linux-part-1-auditd-sysmon-osquery-and-webshells/) Auditd, Sysmon, Osquery and Webshells
96 | - [Adventures in Dynamic Evasion](https://posts.specterops.io/adventures-in-dynamic-evasion-1fe0bac57aa)
97 | - [SSDs/The Challanges Presented to DFIR](https://repository.stcloudstate.edu/cgi/viewcontent.cgi?article=1051&context=msia_etds)
98 | - [Anti-Forensics](https://resources.infosecinstitute.com/topic/anti-forensics-part-1/#gref)
99 | - [Windows Artifacts DFIR](https://resources.infosecinstitute.com/topic/windows-systems-and-artifacts-in-digital-forensics-part-i-registry/)
100 | - [Windows Forensics](https://www.forensicfocus.com/articles/windows-forensics-and-security/)
101 | - [Linux Forensics](http://www.deer-run.com/~hal/LinuxForensicsForNon-LinuxFolks.pdf)
102 | - [Black Hat Stego Brief](https://www.blackhat.com/presentations/bh-usa-04/bh-us-04-raggo/bh-us-04-raggo-up.pdf)
103 | - [Unpacking Malware](https://marcoramilli.com/2020/10/09/how-to-unpack-malware-personal-notes/)
104 | - [Malware Reports](https://www.malwarearchaeology.com/analysis)
105 | - [Journey Into Incident Response](https://www.malwarearchaeology.com/analysis)
106 | - [Deploying T-Pot Framework in the Cloud](https://www.stratosphereips.org/blog/2020/10/10/installing-t-pot-honeypot-framework-in-the-cloud)
107 | - [Getting Started with RE/Malware Analysis](https://hshrzd.wordpress.com/how-to-start/)
108 | - [OpBlueRaven](https://threatintel.blog/OPBlueRaven-Part2/) Details about PRODAFT & INVICTUS Threat Intelligence (PTI) team’s latest operation on different threat actors
109 | - [TrendMicro; Analyzing Common Pentesting Tools](https://www.trendmicro.com/en_us/research/22/g/analyzing-penetration-testing-tools-that-threat-actors-use-to-br.html) Gives a great insight into common abused tools
110 | - [Hunt & Hackett; Concealed code TTP's/Detection](https://www.huntandhackett.com/blog/concealed-code-execution-techniques-and-detection) Covers common defense evasion techniques and how to detect them
111 | - [NCC Group; Detecting DNS Implants](https://research.nccgroup.com/2022/08/11/detecting-dns-implants-old-kitten-new-tricks-a-saitama-case-study/) Interesting TTP's leveraging DNS as a pure means of C2
112 | - [Linux to ATT&CK](https://gist.github.com/timb-machine/05043edd6e3f71569f0e6d2fe99f5e8c) Mapped markdown file listing common Linux malware TTP's mapped to ATT&CK
113 | - [Datadog; AWS Threat Detection](https://securitylabs.datadoghq.com/articles/cyber-attack-simulation-with-stratus-red-team/) Intro to Stratus Red Team, the Atmoic red team for cloud enviorments
114 | - [Nextron Systems; Writing YARA rules](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/) Part 1 of a 4 part series on writing effective YARA rules
115 | - [Tweaking macOS to detect App Bundles](https://redcanary.com/blog/mac-application-bundles/) Adversaries commonly manipulate application bundles to subvert security controls
116 | - [IR/Detection when Cloud is your Data Center](https://www.youtube.com/watch?v=odDpHxnB6Kw) SANS Summit talk about Cloud data center IR/Detection capabilities
117 | - [Event logs and Elastic Security for IR](https://www.wriotsecurity.com/posts/exploring-windows-event-logs-for-incident-response/) Discussion about Elastic security and its use cases
118 | - [Bug bounty guide to IDOR](https://medium.com/techiepedia/an-bug-bounty-hunters-guide-to-idor-vulnerabilities-27012bbccd7) Discusses IDOR and the feasibility surrounding Bug Bounties
119 | - [MalwareJake Presentation](https://github.com/malwarejake-public/conference-presentations/tree/main) Covers a number of topics
120 | - [Degrading MS Defender](https://www.blackhat.com/docs/eu-17/materials/eu-17-Thompson-Red-Team-Techniques-For-Evading-Bypassing-And-Disabling-MS-Advanced-Threat-Protection-And-Advanced-Threat-Analytics.pdf) Presentation about circumventing Microsoft Defender
121 | - [Actual MFA bypass techniques](https://medium.com/proferosec-osm/multi-factor-authentication-in-the-wild-bypass-methods-689f53f0b62b) Discusses In-The-Wild MFA bypass methods
122 |
123 |
124 | ## Research-Resources
125 | ### Write-ups
126 | - [Unit 42](https://unit42.paloaltonetworks.com/)
127 | - [Google Security Blog](https://security.googleblog.com/)
128 | - [Trellix Blog](https://www.trellix.com/en-us/about/newsroom/stories.html)
129 | - [The DFIR Report](https://thedfirreport.com/)
130 | - [Sophos X-Ops](https://news.sophos.com/en-us/tag/sophos-x-ops/)
131 | - [Intel471](https://intel471.com/blog/)
132 |
133 | ### Research-Sites
134 | - [Exploit DB](https://www.exploit-db.com/)
135 | - [Shodan](https://www.shodan.io/)
136 | - [National Vulnerability Database](https://nvd.nist.gov/)
137 | - [CVE Proof of Concepts](https://github.com/qazbnm456/awesome-cve-poc)
138 | - [OWASP](https://owasp.org/projects/)
139 | - [OSINT Framework](https://osintframework.com/)
140 | - [OpenThreatResearch](https://blog.openthreatresearch.com/)
141 | - [BellingCat](https://www.bellingcat.com/)
142 | - [Zoomeye](https://www.zoomeye.org/)
143 | - [Spyse](https://spyse.com/)
144 | - [Web Check](https://github.com/lissy93/web-check) Insight into the inner-workings of a given website
145 |
146 | ### Cyber-Threat-Intelligence-Dump
147 | - [Unit 42 Atom](https://unit42.paloaltonetworks.com/atoms/) Threat group information
148 | - [CrowdStrike Adversary](https://adversary.crowdstrike.com/en-US/) APT/Adversary group list
149 | - [SOC Radar](https://labs.socradar.com/apt-feeds/) APT IoC feeds from several public and private sources and sensors
150 | - [APT Campaigns](https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections) Collection of APT and cybercriminals campaign
151 | - [Yet Another Google Doc.1](https://docs.google.com/spreadsheets/u/0/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml) APT Groups and Operations
152 | - [Yet Another Google Doc.2](https://docs.google.com/document/u/1/d/e/2PACX-1vR2TWm68bLidO3e2X0wTCqs0609vo5RXB85f6VL_Zm79wtTK59xADKh6MG0G7hSBZi8cPOiQVWAIie0/pub) Raw intel dump into a word doc
153 | - [Cyber Campaigns](http://www.cybercampaigns.net/) List of multiple cyber-espionage and cyber-attack campaigns
154 | - [APT Secure List](https://apt.securelist.com/) Targeted cyberattack logbook
155 | - [Dragos Threat Activity](https://www.dragos.com/threat-activity-groups/) Dragos threat activity groups
156 | - [Google Threat Analysis](https://blog.google/threat-analysis-group/) Googles TAG (Threat analysis group)
157 | - [Microsoft Threat Intel](https://www.microsoft.com/security/blog/microsoft-security-intelligence/) Microsoft threat intel team
158 | - [APT Map](https://github.com/andreacristaldi/APTmap) Graphical map of known Advanced Persistent Threats
159 | - [MITRE APT Groups](https://attack.mitre.org/groups/) MITRE attack groups
160 | - [APT Netlify](https://aptmap.netlify.app/) Yet another threat actor map
161 | - [Alienvault OTX Groups](https://otx.alienvault.com/browse/global/adversaries?include_inactive=0&sort=-modified&page=1) AlienVault open threat exchange
162 | - [Unit 42 Playbooks](https://pan-unit42.github.io/playbook_viewer/) Playbooks for certain threat groups
163 |
164 | ## Training-Resources
165 | - [CyberDefenders](https://cyberdefenders.org/blueteam-ctf-challenges/) BlueYard - BlueTeam Challenges
166 | - [Malware Traffic Analysis](https://www.malware-traffic-analysis.net/) Infected PCAP's for review
167 | - [EVTX/PCAP Attack Samples](https://github.com/sbousseaden/) Infected PCAP's and EVTX logs for review
168 | - [Open Security Training](https://opensecuritytraining.info/Training.html) Free training for a variety of computer security classes
169 | - [TryHackMe](https://tryhackme.com/) Hands-on cyber security training
170 | - [HackSplaining](https://www.hacksplaining.com/lessons) Number of free training lessons for free
171 | - [Codewars](https://www.codewars.com/) Programming challanges
172 | - [MalwareUnicorn](https://malwareunicorn.org/#/workshops) Free reverse engineering workshops
173 | - [Free Ivy Leauge Courses](https://www.freecodecamp.org/news/ivy-league-free-online-courses-a0d7ae675869/) List of Ivy league courses you can take online for free (CS50)
174 | - [LetsDefend](https://letsdefend.io/) Free-ish training simulating the SOC life. Great for people interested in journying into a IR/SOC enviorment
175 | - [DC540 Reversing Course](https://github.com/sharpicx/reversing-course) Free reverse engineering course
176 | - [Low Level Programming](https://github.com/sharpicx/lowlevel-programming) Low level programming course
177 | - [FreeCodeCamp](https://www.freecodecamp.org/) Free and online, self paced courses to prepare you for a role in programming
178 | - [SocVel](https://www.socvel.com/challenges/) Free live DFIR challenges
179 | - [DFIRArtifactMuseum](https://github.com/AndrewRathbun/DFIRArtifactMuseum) Community-driven archive of DFIR-related artifacts
180 | - [AwesomeDFIR Website](https://awesomedfir.com/) DFIR resources
181 | - [ForensicMethods](https://www.forensicmethods.com/home) Archive of computer forensic information
182 | - [IMFSecurity](https://www.imfsecurity.com/) Good resources to dig through
183 | - [Azure Training](https://github.com/johnthebrit/CertificationMaterials) A collection of materials related to "JohntheBrit" certification videos
184 |
185 | ## Blue-Team-Resources
186 | - [EricZimmerman](https://github.com/EricZimmerman)
187 | ### Utility
188 | - [Cyber Chef](https://gchq.github.io/CyberChef/) Web app for analysing and decoding data
189 | - [Cyber Chef Recipes](https://github.com/mattnotmax/cyberchef-recipes) A list of cyber-chef recipes and curated links
190 | - [LOLBAS](https://lolbas-project.github.io/) Windows LOLBins and how they are abused
191 | - [GTFOBins](https://gtfobins.github.io/) Unix LOLBins and how they are abused
192 | - [MITRE ATT&CK](https://attack.mitre.org/) Globally-accessible knowledge base of adversary tactics and techniques
193 | - [MITRE D3FEND](https://d3fend.mitre.org/) Knowledge graph of countermeasures to ATT&CK TTP's
194 | - [Wazuh](https://wazuh.com/) Open source unified XDR and SIEM protection for endpoints and cloud workloads
195 | - [MozDef](https://github.com/mozilla/MozDef) Enterprise defense platform
196 | - [Stronghold](https://github.com/alichtman/stronghold) A way to securely configure your Mac
197 | - [ChopShop](https://github.com/MITRECND/chopshop) Framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft
198 | - [RockNSM](https://rocknsm.io/) An open source Network Security Monitoring platform
199 | - [HELK](https://github.com/Cyb3rWard0g/HELK) Open source hunt platforms with advanced analytics
200 | - [AlienVault OSSIM](https://www.alienvault.com/open-threat-exchange/projects) Feature-rich open source SIEM w/ collection, normalization and correlation
201 | - [Prelude](https://www.prelude-siem.org/) Universal SIEM
202 | - [TheHive](https://thehive-project.org/) Open source and free Security Incident Response Platform
203 | - [OpenEDR](https://github.com/ComodoSecurity/openedr) Free and open source EDR
204 | - [OpenSOC](https://github.com/OpenSOC/opensoc) Open source big data technologies in order to offer a centralized tool for security monitoring and analysis
205 | - [Munin](https://github.com/Neo23x0/munin) Online Hash Checker for Virustotal and Other Services
206 | - [Threat Hunt Mind Maps](https://github.com/christophetd/mindmaps) Mindmaps for cloud security, threat hunting and incident response
207 | - [Hybrid-Analysis](https://www.hybrid-analysis.com/) Free malware analysis service
208 | - [Manalyzer](https://www.manalyzer.org/) Free service which performs static analysis on PE executables to detect undesirable behavior
209 | - [URLScan](https://urlscan.io/) Free URL/website scanner
210 | - [Intezer Analyze](https://analyze.intezer.com/) Free IOC/malware scanner
211 | - [AnyRun](https://app.any.run/) Interactive malware analysis
212 | - [JoeSandbox](https://www.joesandbox.com/#windows) Malware anaylsis
213 | - [IRIS-H](https://iris-h.services/pages/dashboard#/pages/dashboard) Online automated static analysis of files stored in a directory-based or strictly structured formats
214 | - [Yoroi](https://yomi.yoroi.company/upload) Free file analyzer
215 | - [Har-Sai](https://har-sia.info/index-en.html) Lookup things related to a specific CVE
216 | - [Rastrea2r](https://github.com/rastrea2r/rastrea2r) Multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes
217 | - [HijackLibs](https://github.com/wietze/hijacklibs) Aims to keep a record of publicly disclosed DLL Hijacking opportunities
218 | - [Diaphore](https://github.com/joxeankoret/diaphora) Program diffing tool working as an IDA plugin
219 | - [MalAPI](https://malapi.io/) List of Windows APIs to common techniques used by malware
220 | - [Sentinel Queries](https://github.com/reprise99/Sentinel-Queries) List of Azure Sentinel queries
221 | - [EchoTrail](https://www.echotrail.io/) Windows Process Insights
222 | - [PulledPork](https://github.com/shirkdog/pulledpork) PulledPork for Snort and Suricata rule management
223 | - [Microsoft Threat Modeling](https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-getting-started) Microsoft tool related to threat modeling
224 | - [DocIntel](https://docintel.org/) DocIntel is an open-source context-centric threat intelligence platform
225 | - [Multi Router Traffic Grapher (MRTG)](https://oss.oetiker.ch/mrtg/) Monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface
226 | - [GHOSTS](https://github.com/cmu-sei/GHOSTS) Realistic user simulation framework for cyber simulation, training, and exercise
227 | - [DiscØvery](https://github.com/CyberLens/Discovery) Security analysis tool for IoT and 5G systems
228 | - [LogonTracer](https://github.com/JPCERTCC/LogonTracer) Investigate malicious Windows logon by visualizing and analyzing Windows event log
229 | - [Exmaple Pentest Reports](https://www.offsec.com/reports/sample-penetration-testing-report.pdf) Sample penetration testing reports
230 | - [EC2 IR](https://www.cadosecurity.com/aws-ec2-incident-response/) General walkthrough of IR capes in AWS
231 |
232 | ### Network-Analysis
233 | - [Arkime](https://github.com/arkime) Open source full packet capturing, indexing and database system. It rebuilds sessions automatically!
234 | - [Wireshark](https://www.wireshark.org/) Tride and true network protocol analyzer
235 | - [Zeek](https://zeek.org/) An Open Source Network Security Monitoring Tool
236 | - [Google Stenographer](https://github.com/google/stenographer) Stenographer is a full-packet-capture utility for buffering packets to disk. Allows you to rip out
237 | - [PcapXray](https://github.com/Srinivas11789/PcapXray) A tool to visualize Packet Capture offline as a Network Diagram
238 | - [RITA](https://www.activecountermeasures.com/free-tools/rita/) Open-source framework for detecting command and control communication through network traffic analysis
239 | - [Whats that C2/Exfil?](https://github.com/silence-is-best/c2db) Github repo full of known c2 and exfil traffic keywords
240 | - [Incubating](https://github.com/apache/incubator-spot) Open source software for leveraging insights from flow and packet analysis
241 | - [Network Miner](https://www.netresec.com/?page=networkminer) Open source Network Forensic Analysis Tool
242 | - [VAST](https://github.com/tenzir/vast) Network telemetry engine for data-driven security investigations
243 | - [NetSniff](http://netsniff-ng.org/) Free Linux networking toolkit
244 | - [SpoofSpotter](https://github.com/NetSPI/SpoofSpotter) A tool to catch spoofed NBNS responses
245 | - [Grass Marlin🦅](https://github.com/nsacyber/GRASSMARLIN) Network situational awareness of ICS and SCADA networks
246 | - [SELKS](https://github.com/StamusNetworks/SELKS) Open source Debian-based IDS/IPS/Network Security Monitoring platform
247 | - [SiLK](https://tools.netsa.cert.org/silk/) Collection of traffic analysis tools
248 |
249 | ### Host-Analysis
250 | - [Velociraptor](https://github.com/Velocidex/velociraptor) Tool for collecting host based state information using The Velociraptor Query Language (VQL) queries
251 | - [Hayabusa](https://github.com/Yamato-Security/hayabusa) Windows event log fast forensics timeline generator and threat hunting tool (Sigma compatible)
252 | - [Osquery](https://osquery.io/) Tool that provides performant endpoint visibility
253 | - [Sysinternalsuite](https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite) Suite of tools providing a multitude of capabiltiies for defenders or attackers
254 | - [Sticky Keys Slayer](https://github.com/linuz/Sticky-Keys-Slayer) Scans for accessibility tools backdoors via RDP
255 | - [CimSweep](https://github.com/PowerShellMafia/CimSweep) Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely
256 | - [Seatbelt](https://github.com/GhostPack/Seatbelt) Security oriented host-survey tool performing "safety checks" relevant from both offensive and defensive security perspectives
257 | - [Live-Forensicator](https://github.com/Johnng007/Live-Forensicator) Assist's responders in carrying out live forensic investigations
258 | - [DeepBlueCLI](https://github.com/sans-blue-team/DeepBlueCLI) PowerShell Module for Threat Hunting via Windows Event Logs
259 | - [Chainsaw](https://github.com/countercept/chainsaw) Powerful ‘first-response’ capability to quickly identify threats within Windows event logs
260 | - [Google Rapid Response](https://github.com/google/grr) Python agent that is installed on target systems, and python server infrastructure that can manage and talk to clients
261 | - [PSHunt](https://github.com/Infocyte/PSHunt) Powershell Threat Hunting Module designed to scan remote endpoints
262 | - [PSRecon](https://github.com/gfoss/PSRecon) Gathers data from a remote Windows host using PowerShell
263 | - [Redline](https://fireeye.market/apps/211364) Free EDR, thats pretty cool
264 | - [Power Forensics](https://github.com/Invoke-IR/PowerForensics) Inclusive framework for hard drive forensic analysis
265 | - [Block Parse](https://github.com/matthewdunwoody/block-parser) PowerShell script block parser
266 | - [Sysmon4Linux](https://github.com/Sysinternals/SysmonForLinux) The sysmon you love for a flavor of nix
267 | - [Dissect](https://github.com/fox-it/dissect) Digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats
268 |
269 | ### Host-Network-Analysis
270 | - [DARKSURGEON](https://github.com/cryps1s/DARKSURGEON) Windows packer project to empower incident response, digital forensics, malware analysis, and network defense
271 |
272 | ### Detection
273 | - [Sigma](https://github.com/SigmaHQ/sigma/blob/master/README.md) Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner
274 | - [Yara](https://yara.readthedocs.io) Tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples
275 | - [Snort](https://snort.org/) Open source intrusion prevention and detection system
276 | - [Suricata](https://suricata.readthedocs.io) High performance Network IDS, IPS and Network Security Monitoring engine
277 | - [BlockBlock](https://objective-see.com/products/blockblock.html) Monitors common persistence locations and alerts whenever a persistent component is added
278 | - [Santa](https://github.com/google/santa) Binary authorization system for macOS
279 | - [MalTrail](https://github.com/stamparm/maltrail) Malicious traffic detection system
280 |
281 | ### Malware-Analysis
282 | - [Remnux](https://remnux.org/)
283 | - [Tools by hasherezade](https://hasherezade.github.io/) Linux toolkit for reverse-engineering and analyzing malicious software
284 | - [IDA](https://hex-rays.com/ida-free/) Binary code analysis tool
285 | - [FLARE Floss](https://github.com/mandiant/flare-floss) Automatically deobfuscate strings from malware binaries
286 | - [BinaryNinja](https://binary.ninja/) Interactive disassembler, decompiler, and binary analysis platform
287 | - [BinaryPig](https://github.com/endgameinc/binarypig) Malware Processing and Analytics
288 | - [Ghidra🦅](https://ghidra-sre.org/) Software reverse engineering suite of tools
289 | - [HxD](https://mh-nexus.de/en/hxd/) Carefully designed and fast hex editor
290 | - [Redare2](https://github.com/radareorg/radare2) Set of libraries, tools and plugins to ease reverse engineering tasks
291 | - [TheMatrix](https://github.com/enkomio/thematrix) Project created to ease the malware analysis process
292 | - [OllyDbg](https://www.ollydbg.de/) 32-bit assembler level analysing debugger
293 | - [oletools](https://github.com/decalage2/oletools) Package of python tools to analyze files
294 | - [The Sleuth Kit/Autopsy](https://www.sleuthkit.org/) Open Source Digital Forensics
295 | - [Cuckoo Sandbox](https://cuckoosandbox.org/) Leading open source automated malware analysis system
296 | - [Malcat](https://malcat.fr/) Feature-rich hexadecimal editor / disassembler for Windows and Linux
297 | - [malwoverview](https://github.com/alexandreborges/malwoverview) First response tool used for threat hunting and offers intel information from OSINT sites
298 |
299 | ### Forensics
300 | - [CyLR](https://github.com/orlikoski/CyLR) Cold disk file collector
301 | - [Dissect](https://github.com/fox-it/dissect) Digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats
302 | - [Volatility](https://github.com/volatilityfoundation/volatility) Python tool used for the extraction of digital artifacts from volatile memory (RAM) samples
303 | ### Audit-Vulnerability
304 | - [nuclei](https://github.com/projectdiscovery/nuclei) Fast and customisable vulnerability scanner based on simple YAML based DSL
305 | - [Clair](https://github.com/quay/clair) Open source project for the static analysis of vulnerabilities in application containers
306 | - [Chef InSpec](https://www.inspec.io/?azure-portal=true) Audit and automated testing framework
307 | - [Lynis](https://cisofy.com/lynis/) Security auditing tool for *nix and macOS
308 | - [VulnWhisperer](https://github.com/HASecuritySolutions/VulnWhisperer) Vulnerability management tool and report aggregator
309 | - [OpenVAS](https://www.openvas.org/) Full-featured vulnerability scanner
310 |
311 | #### Malware-IOC-Detection-Data-Dumps
312 | - [vx-underground samples](https://samples.vx-underground.org/samples/Families/) The largest collection of malware source code, samples, and papers on the internet
313 | - [jstrosch Samples](https://github.com/jstrosch/malware-samples) Repository intended to provide access to a wide variety of malicious files and other artifacts
314 | - [DigitalSide Threat-Intel Repo](https://osint.digitalside.it/) Repository that contains a set of Open Source Cyber Threat Intellegence information
315 | - [MalwareBazar](https://bazaar.abuse.ch/browse/) Project from abuse.ch with the goal of sharing malware samples
316 | - [DailyIOC](https://github.com/StrangerealIntel/DailyIOC) Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
317 | - [Valhalla Yara Rules](https://valhalla.nextron-systems.com/)
318 | - [Yara Rules Project](https://github.com/Yara-Rules)
319 | - [Virustotal Yara](https://github.com/VirusTotal/yara)
320 | - [Florian Roth](https://github.com/Neo23x0/signature-base)
321 |
322 | ### blue bin
323 | - [Zeek to Cuckoo](https://github.com/HASecuritySolutions/zeek_to_cuckoo/blob/master/zeek_to_cuckoo.py) Automating file extraction submission and analysis to
324 | Cuckoo Sandbox from Zeek
325 | - [Ox4Shell](https://github.com/ox-eye/Ox4Shell) De-obfuscate Log4Shell payloads
326 |
327 | ## Purple-Red-Team-Resources
328 | - [Metasploit Framework](https://github.com/rapid7/metasploit-framework) An exploit framework
329 | - [APTSimulator](https://github.com/NextronSystems/APTSimulator) A Windows Batch script that creates files to make a system look as if it was compromised
330 | - [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team/) Library of tests mapped to the MITRE ATT&CK® framework
331 | - [Metta](https://github.com/uber-common/metta) Adversary simulation tool
332 | - [Network Flight Simulator](https://github.com/alphasoc/flightsim) Lightweight utility used to generate malicious network traffic
333 | - [Cladera Framework](https://github.com/mitre/caldera) Platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response
334 | - [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) Collection of Microsoft PowerShell module's to aid in multiple phases of an assessment
335 | - [Impacket](https://github.com/SecureAuthCorp/impacket) Impacket is a collection of Python classes for working with network protocols
336 | - [sqlmap](https://github.com/sqlmapproject/sqlmap) Open source tool that automates the process of detecting and exploiting SQL injection flaws
337 | - [Silver](https://github.com/BishopFox/sliver) Open source cross-platform adversary emulation/red team framework
338 | - [Gobuster](https://github.com/OJ/gobuster) Gobuster is a tool used to brute-force subdomains, website URI's, open S3 buckets and more
339 | - [Exegol](https://github.com/ShutdownRepo/Exegol) Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day to day engagements
340 | - [EmpireProject](https://github.com/EmpireProject) Empire is a post-exploitation framework, which is sadly not maintained anymore
341 | - [Reubeus](https://github.com/GhostPack/Rubeus) Rubeus is a C# toolset for raw Kerberos interaction and abuses
342 | - [Responder](https://github.com/lgandx/Responder) Responder is an LLMNR, NBT-NS and MDNS poisoner
343 | - [Inveigh](https://github.com/Kevin-Robertson/Inveigh) Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
344 | - [ExploitDB](https://github.com/offensive-security/exploitdb) Archive of public exploits and corresponding vulnerable software
345 | - [DumpsterFire](https://github.com/TryCatchHCF/DumpsterFire) Tool used for building repeatable, time-delayed, and distributed security events
346 | - [Stratus Red Team](https://stratus-red-team.cloud/) Essentially Atmoic red team, but focused on cloud
347 | - [RTA](https://github.com/endgameinc/RTA) Framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft
348 | - [Infection Monkey](https://github.com/guardicore/monkey) Open source security tool for testing resiliency on perimeter breaches and internal server infection
349 | - [Invoke-Powershell](https://github.com/CyberMonitor/Invoke-Adversary) PowerShell script that helps you to evaluate security products and monitoring solutions
350 | - [DSInternals](https://github.com/MichaelGrafnetter/DSInternals) Active directory PowerShell Module and Framework
351 |
352 | ### Command-and-Control
353 | - [C2 Matrix](https://www.thec2matrix.com/matrix) Find the best C2 framework for your needs based on your target environment
354 | - [Cobalt Strike](https://www.cobaltstrike.com/) Post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer’s network
355 | - [Brute Ratel C4](https://bruteratel.com/) Customized Command and Control Center for Red Team and Adversary Simulation
356 | - [PoshC2](https://github.com/nettitude/PoshC2) Proxy aware C2 framework
357 |
358 | ### Recon
359 | - [Photon Crawler](https://github.com/s0md3v/Photon) Incredibly fast crawler designed for OSINT
360 | - [Subcrawl](https://github.com/hpthreatresearch/subcrawl) Developed to find, scan and analyze open directories
361 | - [subfinder](https://github.com/projectdiscovery/subfinder) Fast passive subdomain enumeration tool
362 | - [MASSCAN](https://github.com/robertdavidgraham/masscan) An Internet-scale port scanner
363 | - [Nmap](https://nmap.org/) Open source utility for network discovery and security auditing
364 | - [Angry IP Scanner](https://angryip.org/) Fast and friendly network scanner
365 | - [Google Dorking](https://www.exploit-db.com/google-hacking-database) Technique that uses Google Search and other Google applications to find security holes
366 | - [Github Dorking](https://github.com/techgaun/github-dorks) Technique that uses Github to find interesting things
367 | - [Shoder](https://github.com/idanbuller/IP-Tools/blob/master/shoder.py) PoC leveraging shodan's pythons library
368 | - [naabu](https://github.com/projectdiscovery/naabu) Port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner
369 | - [uncover](https://github.com/projectdiscovery/uncover) Quickly discover exposed hosts on the internet using multiple search engines
370 | - [wtfis](https://github.com/pirxthepilot/wtfis) Passive hostname, domain and IP lookup tool for non-robots
371 | - [OsintUI](https://github.com/wssheldon/osintui) OSINT from your favorite services in a friendly terminal user interface
372 | - [ExchangeFinder](https://github.com/mhaskar/ExchangeFinder) Find Microsoft Exchange instance for a given domain and identify the exact version
373 |
374 | ### Password-Tools
375 | - [Cain & Abel](https://web.archive.org/web/20160214132154/http://www.oxid.it/cain.html) Password recovery tool for Microsoft Operating Systems
376 | - [Hashcat](https://hashcat.net/hashcat/) Advanced password recovery tool for most operating systems
377 | - [John](https://www.openwall.com/john/) Open Source password security auditing and password recovery tool
378 | - [Mimikatz](https://github.com/ParrotSec/mimikatz) Extract plaintexts passwords, hashs, PIN codes and kerberos tickets from memory
379 | - [LaZange](https://github.com/AlessandroZ/LaZagne) Credentials recovery project
380 |
381 | ### red bin
382 | - [NYAN-x-CAT Repo](https://github.com/NYAN-x-CAT) All of your RAT needs
383 | - [Sulealothman Repo](https://github.com/sulealothman/MysteryLegacyPenetrationTools) Legacy penetration tools
384 | - [Matterpreter Repo](https://github.com/matterpreter?tab=repositories) Payload gen
385 | - [Evil WinRM](https://github.com/Hackplayers/evil-winrm) Ultimate WinRM shell for hacking/pentesting
386 | - [COMProxy](https://github.com/leoloobeek/COMProxy) A COM client and server for testing COM hijack proxying
387 | - [ysoserial](https://github.com/frohoff/ysoserial) PoC tool for generating payloads that exploit unsafe Java object deserialization
388 |
389 | ## Cloud-Things
390 | - [Azure AD IR Guide](https://misconfig.io/azure-ad-incident-response-life-cycle-tools/)
391 | - [O365 Attack Toolkit](https://github.com/david-burkett/o365-attack-toolkit)
392 |
393 | ### Tools
394 | - [Basic Blob Finder](https://github.com/joswr1ght/basicblobfinder) POC tool to hunt for public Azure storage containers and enumerate the blobs
395 | - [TeamFiltration](https://github.com/Flangvik/TeamFiltration) Framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
396 | - [cloudlist](https://github.com/projectdiscovery/cloudlist) Multi-cloud tool for getting Assets from Cloud Providers
397 |
398 | ### AI Stuff
399 | - [ChatGPT](https://chat.openai.com/)
400 | - [SlidesAI](https://www.slidesai.io/) Create Presentation Slides with AI in seconds
401 | - [Replit](https://replit.com/) Build software collaboratively with the power of AI
402 |
403 | ## Awesome-Lists
404 | - [Master List of all Awesome Distros](https://github.com/sindresorhus/awesome)
405 | - [Awesome Threat Detection and Hunting](https://github.com/0x4D31/awesome-threat-detection)
406 | - [Awesome Threat Intelligence](https://github.com/hslatman/awesome-threat-intelligence)
407 | - [Awesome Malware Analysis](https://github.com/rshipp/awesome-malware-analysis)
408 | - [Awesome PCAP Tools](https://github.com/caesar0301/awesome-pcaptools)
409 | - [Awesome Threat Modeling](https://github.com/redshiftzero/awesome-threat-modeling)
410 | - [Awesome CTF](https://github.com/apsdehal/awesome-ctf)
411 | - [Awesome Cyber Skills](https://github.com/joe-shenouda/awesome-cyber-skills)
412 | - [Awesome Personal Security](https://github.com/Lissy93/personal-security-checklist)
413 | - [Awesome Hacking](https://github.com/carpedm20/awesome-hacking)
414 | - [Awesome Honeypots](https://github.com/paralax/awesome-honeypots)
415 | - [Awesome Pentest Tools](https://github.com/enaqx/awesome-pentest)
416 | - [Awesome Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets)
417 | - [Awesome Incident Response](https://github.com/meirwah/awesome-incident-response)
418 | - [Awesome Web Hacking](https://github.com/infoslack/awesome-web-hacking)
419 | - [Awesome Hacking](https://github.com/carpedm20/awesome-hacking)
420 | - [Awesome Industrial Control System Security](https://github.com/mpesen/awesome-industrial-control-system-security)
421 | - [Awesome YARA](https://github.com/InQuest/awesome-yara)
422 | - [Awesome Container Security](https://github.com/kai5263499/container-security-awesome)
423 | - [Awesome Crypto Papers](https://github.com/pFarb/awesome-crypto-papers)
424 | - [Awesome Shodan Search Queries](https://github.com/jakejarvis/awesome-shodan-queries)
425 | - [Awesome Anti Forensics](https://github.com/remiflavien1/awesome-anti-forensic)
426 | - [Awesome Security Talks and Videos](https://github.com/PaulSec/awesome-sec-talks)
427 |
428 | ## Dump
429 | - [Pexpect](https://github.com/pexpect/pexpect) Python module for spawning child applications; controlling them; and responding to expected patterns in their output
430 | - [Unofficial OSCP Tool Distro](https://falconspy.medium.com/unofficial-oscp-approved-tools-b2b4e889e707)
431 | - [Florian Roth's BlueLedger](https://github.com/Neo23x0/BlueLedger) A list of some interesting community support projects
432 | - [CIS CAT](https://github.com/CISecurity/SecureSuiteResourceGuide/blob/master/docs/CIS-CAT/CIS-CATAssessorGuide.md)
433 | - [ProjectDiscovery](https://github.com/projectdiscovery) Security Through Intelligent Automation
434 | - [HashR](https://github.com/google/hashr) HashR allows you to build your own hash sets based on your data sources
435 | - [ATT&CK Pyton Client](https://github.com/OTRF/ATTACK-Python-Client) Python module to access up-to-date ATT&CK content
436 | - [SilkETW](https://github.com/mandiant/SilkETW) Collects, filters and processes Windows Event Tracing (ETW) data
437 | - [Ransomwatch](https://ransomwatch.telemetry.ltd/#/) Latest news on ransomware related posts
438 |
439 |
440 |
441 |
442 |
443 |
--------------------------------------------------------------------------------