└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # Wild-West---SOC-Core-Skills---Notes
  2 | links collected from SOC Core Skills class, December 14 to 17, 2020.
  3 | 
  4 | [SOC Core Skills w/ John Strand](https://wildwesthackinfest.com/training/soc-core-skills-john-strand/)
  5 | 
  6 | 
  7 | ## Links from Day 1 and Day 2
  8 | 
  9 | * [strandjs/IntroLabs: These are the labs for my Intro class(Yes, this is public. Yes, this is intentional.](https://github.com/strandjs/IntroLabs)
 10 | * [Home - PingCastle](https://www.pingcastle.com/)
 11 | * [sans-blue-team/DeepBlueCLI](https://github.com/sans-blue-team/DeepBlueCLI)
 12 | * [davehull/Kansa: A Powershell incident response framework](https://github.com/davehull/Kansa)
 13 | * [Velociraptor / Dig deeper](https://www.velocidex.com/)
 14 | * [ComodoSecurity/openedr: Open EDR public repository](https://github.com/ComodoSecurity/openedr)
 15 | * [OS Detection | Nmap Network Scanning](https://nmap.org/book/man-os-detection.html)
 16 | * [Service and Version Detection | Nmap Network Scanning](https://nmap.org/book/man-version-detection.html)
 17 | * [Unfetter Project](https://nsacyber.github.io/unfetter/)
 18 | * [Neo23x0/sigma: Generic Signature Format for SIEM Systems](https://github.com/Neo23x0/sigma)
 19 | * [mvelazc0/PurpleSharp: PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments](https://github.com/mvelazc0/PurpleSharp)
 20 | * [Home | CyberDefenders ® | Blue Team CTF Challenges](https://cyberdefenders.org/)
 21 | * [Online translator for SIEM saved searches, filters, queries and Sigma rules - Uncoder.IO](https://uncoder.io/)
 22 | * [Endpoint security delivers anti-malware, high-fidelity alerting, and faster hunting & response | Elastic](https://www.elastic.co/endpoint-security/)
 23 | * [Training - Cyber Threat Hunting w/ Chris Brenton - Active Countermeasures](https://www.activecountermeasures.com/event/training-cyber-threat-hunting-w-chris-brenton/)
 24 | * [Cybersecurity Supply And Demand Heat Map](https://www.cyberseek.org/heatmap.html)
 25 | * [Cyber Security Resources | SANS Institute](https://www.sans.org/security-resources/)
 26 | * [Welcome to Zentral - Zentral](https://zentral.readthedocs.io/en/latest/)
 27 | * [Joplin - an open source note taking and to-do application with synchronisation capabilities](https://joplinapp.org/)
 28 | * [Objective-See](https://objective-see.com/malware.html#resources)
 29 | * [cherrytree – giuspen](https://www.giuspen.com/cherrytree/)
 30 | * [fireeye/red_team_tool_countermeasures](https://github.com/fireeye/red_team_tool_countermeasures)
 31 | * [Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools](https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools)
 32 | * [IOC Bucket - Most Recent IOCs Uploaded](https://www.iocbucket.com/)
 33 | * [Cyberseek](https://www.cyberseek.org/index.html)
 34 | * [The Ultimate List of SANS Cheat Sheets | SANS Institute](https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/)
 35 | * [Boundary by HashiCorp](https://www.boundaryproject.io/)
 36 | * [OverTheWire: Bandit](https://overthewire.org/wargames/bandit/)
 37 | * [Terminus](https://web.mit.edu/mprat/Public/web/Terminus/Web/main.html)
 38 | * [SS64 Command line reference](https://ss64.com/)
 39 | * [The Bash Guide](https://guide.bash.academy/)
 40 | * [Linux Survival | Where learning Linux is easy](https://linuxsurvival.com/)
 41 | * [explainshell.com - match command-line arguments to their  help text](https://www.explainshell.com/)
 42 | * [aristocratos/bpytop: Linux/OSX/FreeBSD resource monitor](https://github.com/aristocratos/bpytop)
 43 | * [trashhalo/readcli: Tool that lets you read website  content on the command line](https://github.com/trashhalo/readcli)
 44 | * [steveshogren/10-minute-vim-exercises: The exercise files from 10 Minute Vim, for convenience of readers](https://github.com/steveshogren/10-minute-vim-exercises)
 45 | * [Learn SQL | Codecademy](https://www.codecademy.com/learn/learn-sql)
 46 | * [Smart Searching with GoogleDorking](https://exposingtheinvisible.org/guides/google-dorking/)
 47 | * [Bpytop - An Efficient Resource Monitor in Linux](https://linoxide.com/tools/bpytop-resource-monitor-in-linux/)
 48 | * [12 Days of Cyber Defense - YouTube](https://www.youtube.com/playlist?list=PLUze0rzlzxgJ2Ys5lpm3HCCa2xC6oNMuK)
 49 | * [Checklists & Step-by-Step Guides | SCORE | SANS Institute](https://www.sans.org/score/checklists)
 50 | * [IncidentResponse.com | Incident Response Playbooks Gallery](https://www.incidentresponse.com/playbooks/)
 51 | * [Rumble Network Discovery](https://www.rumble.run/)
 52 | * [IT & Software - Tutorial Bar](https://www.tutorialbar.com/category/it-software/)
 53 | * [CIS Controls SME Companion Guide](https://www.cisecurity.org/white-papers/cis-controls-sme-guide/)
 54 | * [Microsoft Word - SEC503HANDOUT_TCPIP_RG_E01_01](https://www.sans.org/security-resources/tcpip.pdf)
 55 | * [SANS Blue Team Operations](https://wiki.sans.blue/#!index.md)
 56 | * [Protocol Header Cheetsheets — Pingfu](https://pingfu.net/reference/ethernet-ip-tcp-udp-icmp-protocol-header-cheatsheets)
 57 | * [Default TTL (Time To Live) Values of Different OS - Subin's Blog](https://subinsb.com/default-device-ttl-values/)
 58 | * [Learn Azure in a Month of Lunches | Microsoft Azure](https://azure.microsoft.com/en-us/resources/learn-azure-in-a-month-of-lunches/)
 59 | * [Welcome to SecurityTube.net](http://www.securitytube.net/)
 60 | * [Chappell University | Laura's Lab Blog](https://www.chappell-university.com/lauras-lab)
 61 | * [Wireshark Tutorial: Changing Your Column Display](https://unit42.paloaltonetworks.com/unit42-customizing-wireshark-changing-column-display/)
 62 | * [Cheat Sheet - Common Ports](https://packetlife.net/media/library/23/common-ports.pdf)
 63 | * [Cheat Sheets - PacketLife.net](https://packetlife.net/library/cheat-sheets/)
 64 | * [5 Fun & Geeky Things You Can Do With the Telnet Client | Digital Citizen](https://www.digitalcitizen.life/5-fun-geeky-things-you-can-do-telnet-client/)
 65 | * [Shodan Cheat Sheet: Keep IoT In Your Pocket | The Dark Source](https://thedarksource.com/shodan-cheat-sheet/)
 66 | * [Shodan Pentesting Guide – TurgenSec Community](https://community.turgensec.com/shodan-pentesting-guide/)
 67 | * [ICS Village](https://www.icsvillage.com/)
 68 | * [15 Vulnerable Sites To (Legally) Practice Your Hacking Skills](https://dst.com.ng/15-vulnerable-sites-legally-practice-hacking-skills/)
 69 | * [124 legal hacking websites to practice and learn – blackMORE Ops](https://www.blackmoreops.com/2018/11/06/124-legal-hacking-websites-to-practice-and-learn/)
 70 | * [Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer – Wild West Hackin' Fest](https://wildwesthackinfest.com/training/enterprise-attacker-emulation-and-c2-implant-development-w-joff-thyer/)
 71 | * [Hacking VoIP | No Starch Press](https://nostarch.com/voip.htm)
 72 | * [Cyber Security Training : HTB Academy](https://academy.hackthebox.eu/#courses)
 73 | * [OverTheWire: Wargames](https://overthewire.org/wargames/)
 74 | * [TryHackMe | 25 Days of Cyber](https://www.tryhackme.com/christmas)
 75 | * [Offensive Countermeasures: 9781974671694: Computer Science Books @ Amazon.com](https://www.amazon.com/Offensive-Countermeasures-John-Strand/dp/1974671690)
 76 | * [Applied Incident Response: 9781119560265: Computer Science Books @ Amazon.com](https://www.amazon.com/Applied-Incident-Response-Steve-Anson/dp/1119560268)
 77 | * [Electronic library Download books free. Finding books](https://b-ok.cc/)
 78 | * [google/timesketch: Collaborative forensic timeline analysis](https://github.com/google/timesketch)
 79 | * [How SPF, DKIM, and DMARC Authentication Works to Increase Inbox Penetration (Testing) Rates - Black Hills Information Security](https://www.blackhillsinfosec.com/how-spf-dkim-and-dmarc-authentication-works-to-increase-inbox-penetration-testing-rates/)
 80 | * [Cyber Range - Black Hills Information Security](https://www.blackhillsinfosec.com/services/cyber-range/)
 81 | * [Wappalyzer - Chrome Web Store](https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg)
 82 | * [Complete Python Developer in 2021: Zero to Mastery | Udemy](https://www.udemy.com/course/complete-python-developer-zero-to-mastery/)
 83 | * [Recorded Future - Chrome Web Store](https://chrome.google.com/webstore/detail/recorded-future/cdblaggcibgbankgilackljdpdhhcine)
 84 | * [Blog - Active Countermeasures](https://www.activecountermeasures.com/blog/)
 85 | * [How to Think Like a Computer Scientist — How to Think Like a Computer Scientist: Learning with Python 3](http://openbookproject.net/thinkcs/python/english3e/)
 86 | * [Ransomware Activity Targeting the Healthcare and Public Health Sector | CISA](https://us-cert.cisa.gov/ncas/alerts/aa20-302a)
 87 | * [Certified Reverse Engineering Analyst (CREA)](https://www.iacertification.org/crea_certified_reverse_engineering_analyst.html)
 88 | * [Department of Computer Science and Technology – Course pages 2019–20: Software and Security Engineering – Course materials](https://www.cl.cam.ac.uk/teaching/1920/SWSecEng/materials.html)
 89 | * [Homepage | CISA](https://us-cert.cisa.gov/)
 90 | * [redcanaryco/atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.](https://github.com/redcanaryco/atomic-red-team)
 91 | * [Hacking a Security Career - Deviant Ollam - YouTube](https://www.youtube.com/watch?v=jZFuCYyQB6c)
 92 | * [palantir/alerting-detection-strategy-framework: A framework for developing alerting and detection strategies for incident response.](https://github.com/palantir/alerting-detection-strategy-framework)
 93 | * [Library Genesis](http://gen.lib.rus.ec/search.php?req=No+Starch+Press≶_topic=libgen&open=0&view=simple&res=25&phrase=1&column=def)
 94 | * [Exploit Pack](http://exploitpack.com/index.html)
 95 | * [VECTR | Overview](https://vectr.io/)
 96 | * [Autonomous Red Teaming for Everyone | Prelude Operator](https://www.prelude.org/)
 97 | * [SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack - YouTube](https://www.youtube.com/watch?v=qP3LQNsjKWw&ab_channel=SANSInstitute)
 98 | * [Summary of SolarWinds breach for InfoSec noobs –  Michele's Blog](https://michelepariani.com/2020/12/15/summary-of-the-solarwinds-hijack-for-infosec-noobs/)
 99 | * [Kroll Artifact Parser and Extractor - KAPE](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape)
100 | * [Eric Zimmerman's tools](https://ericzimmerman.github.io/#!index.md)
101 | * [Active Defense & Cyber Deception w/ John Strand – (16 Hours) – Wild West Hackin' Fest](https://wildwesthackinfest.com/training/active-defense-cyber-deception-john-strand/)
102 | * [But what is a Neural Network? | Deep learning, chapter 1 - YouTube](https://www.youtube.com/watch?v=aircAruvnKk&feature=youtu.be)
103 | * [Blue Team News (@blueteamsec1) / Twitter](https://twitter.com/blueteamsec1)
104 | * [CybatiWorks - CybatiWorks for Applied Research and Development](https://cybati.org/index.php/cybatiworks-for-applied-research-and-development)
105 | 
106 | ## Links from Day 3
107 | 
108 | * [Free Firewall for Home Edition | Sophos Home Firewall](https://www.sophos.com/en-us/products/free-tools/sophos-xg-firewall-home-edition.aspx)
109 | * [13Cubed Episode Guide](https://www.13cubed.com/episodes/all.html)
110 | * [SRUM forensics](https://digital-forensics.sans.org/summit-archives/file/summit-archive-1492184583.pdf)
111 | * [Another Forensics Blog: Triage Collection and Timeline Generation with KAPE](https://az4n6.blogspot.com/2019/08/triage-collection-and-timeline.html)
112 | * [Introduction to DFIR(One of my favorite things is talking to… | by Scott J Roberts | Medium](https://sroberts.medium.com/introduction-to-dfir-d35d5de4c180)
113 | * [Autopsy and Cyber Triage DFIR Training](https://dfir-training.basistech.com/collections)
114 | * [The DFIR Report - Real Intrusions by Real Attackers, The Truth Behind the Intrusion](https://thedfirreport.com/)
115 | * [Firewalla | Firewalla: Cybersecurity Firewall For Your Family and Business](https://firewalla.com/)
116 | * [Cyber Triage - Online Incident Response Training with Brian Carrier](https://www.cybertriage.com/training/)
117 | * [Protectli: Trusted Firewall Appliances with Firmware Protection](https://protectli.com/)
118 | * [Download VMware vSphere Hypervisor for Free](https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi7)
119 | * [LabGopher :: Great server deals on eBay](https://www.labgopher.com/)
120 | * [Sophos Free Demos: Next Generation Security Solutions](https://www.sophos.com/en-us/products/demos.aspx)
121 | * [Hackers used SolarWinds' dominance against it in sprawling spy campaign | Reuters](https://www.reuters.com/article/global-cyber-solarwinds/hackers-used-solarwinds-dominance-against-it-in-sprawling-spy-campaign-idUSKBN28Q07P)
122 | * [How the SolarWinds Hackers Bypassed Duo’s Multi-Factor   Authentication - Schneier on Security](https://www.schneier.com/blog/archives/2020/12/how-the-solarwinds-hackers-bypassed-duo-multi-factor-authentication.html)
123 | 
124 | Networking
125 | 
126 | * [tcpdump-cheat-sheet.jpg (2500×1803)](https://cdn.comparitech.com/wp-content/uploads/2019/06/tcpdump-cheat-sheet.jpg)
127 | * [Getting Started With TCPDump - Black Hills Information  Security](https://www.blackhillsinfosec.com/getting-started-with-tcpdump/)
128 | * [Visio-tcpdump.vsd](https://packetlife.net/media/library/12/tcpdump.pdf)
129 | * [ASCII - Wikipedia](https://en.wikipedia.org/wiki/ASCII)
130 | * [Why use a named pipe instead of a file? - Ask Ubuntu](https://askubuntu.com/questions/449132/why-use-a-named-pipe-instead-of-a-file)
131 | * [Using ping to exfiltrate data](https://www.bengrewell.com/2019/01/01/slipping-out-through-the-front-door/)
132 | * [Malware-Traffic-Analysis.net](https://malware-traffic-analysis.net/)
133 | * [Practical Packet Analysis, 3rd Edition | No Starch Press](https://nostarch.com/packetanalysis3)
134 | * [tcpdump101.com - Build PCap Syntax Online](https://tcpdump101.com/)
135 | * [Getting Started With Wireshark - Black Hills Information Security](https://www.blackhillsinfosec.com/getting-started-with-wireshark/)
136 | * [A tcpdump Tutorial with Examples — 50 Ways to Isolate Traffic | Daniel Miessler](https://danielmiessler.com/study/tcpdump/)
137 | * [tcpdump.pdf](https://wiki.sans.blue/Tools/pdfs/tcpdump.pdf)
138 | * [Microsoft Word - SEC503HANDOUT_TCPIP_RG_E01_01](https://www.sans.org/security-resources/tcpip.pdf?msc=Cheat+Sheet+Blog)
139 | * [Wireshark Tutorial: Identifying Hosts and Users](https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/)
140 | * [Malware-Traffic-Analysis.net - Traffic Analysis Exercises](https://www.malware-traffic-analysis.net/training-exercises.html)
141 | * [wizardzines](https://wizardzines.com/zine-index/)
142 | * [Brim](https://www.brimsecurity.com/)
143 | * [Wireshark Tutorial: Decrypting HTTPS Traffic (Includes SSL and TLS)](https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/)
144 | * [Scapy](https://scapy.net/)
145 | * [Packet Analysis | Chris Sanders](https://chrissanders.org/category/packet-analysis/)
146 | * [GDPR Summary - An overview of the General Data Protection Act](https://www.gdprsummary.com/gdpr-summary/)
147 | * [The Zeek Network Security Monitor](https://zeek.org/)
148 | * [how to make IP geolocation map using WireShark - kalitut](https://kalitut.com/geoip-map-wireshark/)
149 | * [Malware of the Day Archives - Active Countermeasures](https://www.activecountermeasures.com/category/malware-of-the-day/)
150 | * [Malware-Traffic-Analysis.net](https://www.malware-traffic-analysis.net/)
151 | * [Decrypting and analyzing HTTPS traffic without MITM – Silent Signal Techblog](https://blog.silentsignal.eu/2020/05/04/decrypting-and-analyzing-https-traffic-without-mitm/)
152 | * [Getting started with TCPDump - John Strand - YouTube](https://www.youtube.com/watch?v=hC3ANnUXn_o)
153 | * [Chappell University | Certification](https://www.chappell-university.com/certification)
154 | * [Notable Privacy and Security Books 2020 - TeachPrivacy](https://teachprivacy.com/notable-privacy-and-security-books-2020/)
155 | * [ntopng – ntop](https://www.ntop.org/products/traffic-analysis/ntop/)
156 | * [Cisco Certified CyberOps Associate - Cisco](https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/cyberops-associate.html)
157 | 
158 | Memory Forensics
159 | 
160 | * [editcap - The Wireshark Network Analyzer 3.4.1](https://www.wireshark.org/docs/man-pages/editcap.html)
161 | * [Security for Professionals](https://www.greycortex.com/)
162 | * [Understanding IP Addressing and CIDR Charts — RIPE Network Coordination Centre](https://www.ripe.net/about-us/press-centre/understanding-ip-addressing)
163 | * [robcowart/elastiflow: Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack](https://github.com/robcowart/elastiflow)
164 | * [SampleCaptures - The Wireshark Wiki](https://wiki.wireshark.org/SampleCaptures)
165 | * [CyberChef](https://gchq.github.io/CyberChef/)
166 | * [Powershell: Encode and decode Base64 strings](https://michlstechblog.info/blog/powershell-encode-and-decode-base64-strings/)
167 | * [TLS Fingerprinting with JA3 and JA3S | by John Althouse | Salesforce Engineering](https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967)
168 | * [clong/DetectionLab: Automate the creation of a lab environment complete with security tooling and logging best practices](https://github.com/clong/DetectionLab)
169 | * [Packet Diagrams in Wireshark - YouTube](https://www.youtube.com/watch?v=qdd_8462cHI)
170 | * [brimsec/zq: Search and analysis tooling for structured logs](https://github.com/brimsec/zq)
171 | * [Office 95 Excel 4 Macros](https://isc.sans.edu/forums/diary/Office+95+Excel+4+Macros/26876/)
172 | * [RITA - Black Hills Information Security](https://www.blackhillsinfosec.com/projects/rita/)
173 | * [SIEMonster | Affordable Security Monitoring Software Solution](https://siemonster.com/)
174 | * [PacketTotal - A free, online PCAP analysis engine](https://www.packettotal.com/)
175 | * [Link-Local Multicast Name Resolution - Wikipedia](https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution)
176 | * [Releases | volatilityfoundation](https://www.volatilityfoundation.org/releases)
177 | * [Product Downloads | AccessData](https://accessdata.com/product-download)
178 | * [fireeye/win10_volatility: An advanced memory forensics framework](https://github.com/fireeye/win10_volatility)
179 | * [2020 Agenda - OSDFCon](https://www.osdfcon.org/2020-event/2020-agenda/)
180 | * [Belkasoft RAM Capturer: Volatile Memory Acquisition Tool](https://belkasoft.com/ram-capturer)
181 | * [CheatSheet_v2.4](https://downloads.volatilityfoundation.org/releases/2.4/CheatSheet_v2.4.pdf)
182 | * [Mimikatz – Active Directory Security](https://adsecurity.org/?page_id=1821)
183 | * [Memory Forensics Cheat Sheet](https://www.dfir.training/memory-cheats/320-memory-forensics-cheat-sheet-v1-2/file)
184 | * [Six Facts about Address Space Layout Randomization on Windows | FireEye Inc](https://www.fireeye.com/blog/threat-research/2020/03/six-facts-about-address-space-layout-randomization-on-windows.html)
185 | * [gcla/termshark: A terminal UI for tshark, inspired by Wireshark](https://github.com/gcla/termshark)
186 | * [AMF | memoryanalysis](https://www.memoryanalysis.net/amf)
187 | 
188 | Egress Traffic Analysis
189 | 
190 | * [LOLBAS](https://lolbas-project.github.io/)
191 | * [WADComs](https://wadcoms.github.io/)
192 | * [Webcast: Attack Tactics 7 - The Logs You Are Looking For - Black Hills Information Security](https://www.blackhillsinfosec.com/webcast-attack-tactics-7-the-logs-you-are-looking-for/)
193 | * [Cyber Threat Hunting | Chris Brenton | October 2020 | 4 Hours - YouTube](https://www.youtube.com/watch?v=FzYPT1xTVHY)
194 | * [Pi-hole – Network-wide protection](https://pi-hole.net/)
195 | * [BPF: A New Type of Software](http://www.brendangregg.com/blog/2019-12-02/bpf-a-new-type-of-software.html)
196 | * [salesforce/ja3: JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.](https://github.com/salesforce/ja3)
197 | * [Raspberry Pi sensors for home networks - YouTube](https://www.youtube.com/watch?v=5gL7Ug9H2RE)
198 | * [Corelight@Home](https://www3.corelight.com/nsm@home)
199 | * [How to use a Raspberry Pi as a Network Sensor - Bill  Stearns - YouTube](https://www.youtube.com/watch?v=vja_H59fh1I)
200 | * [The Practice of Network Security Monitoring | No Starch Press](https://nostarch.com/nsm)
201 | * [Real Intelligence Threat Analytics (RITA) Overview &  AI-Hunter Demo - YouTube](https://www.youtube.com/watch?v=h8KNyhSMoig)
202 | 
203 | 
204 | ## Links from Day 4
205 | 
206 | 
207 | 
208 | 
209 | 
210 | 
211 | 
212 | 
213 | 
214 | 
215 | * [cyber.dhs.gov - Emergency Directive 21-01](https://cyber.dhs.gov/ed/21-01/)
216 | * [SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack - SANS Institute](https://www.sans.org/webcasts/emergency-webcast-about-solarwinds-supply-chain-attack-118015)
217 | * [ET Pro Telemetry edition — OPNsense documentation](https://docs.opnsense.org/manual/etpro_telemetry.html)
218 | * [Tool Analysis Result Sheet](https://jpcertcc.github.io/ToolAnalysisResultSheet/)
219 | * [Advanced Persistent Threat Actors Targeting U.S(Think Tanks | CISA](https://us-cert.cisa.gov/ncas/alerts/aa20-336a)
220 | * [JPCERTCC/LogonTracer: Investigate malicious Windows logon by visualizing and analyzing Windows event log](https://github.com/JPCERTCC/LogonTracer)
221 | * [Neo4j Graph Platform – The Leader in Graph Databases](https://neo4j.com/)
222 | * [Defenders think in lists(Attackers think in graphs. As long as this is true, attackers win. | Microsoft Docs](https://docs.microsoft.com/en-us/archive/blogs/johnla/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win)
223 | * [Security Researcher Reveals Solarwinds' Update Server  Was 'Secured' With The Password 'solarwinds123' | Techdirt](https://www.techdirt.com/articles/20201215/13203045893/security-researcher-reveals-solarwinds-update-server-was-secured-with-password-solarwinds123.shtml)
224 | * [You Should Probably Change Your Password! | Michael  McIntyre Netflix Special - YouTube](https://www.youtube.com/watch?v=aHaBH4LqGsI)
225 | * [Sysmon - Windows Sysinternals | Microsoft Docs](https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon)
226 | * [splunk/botsv1](https://github.com/splunk/botsv1)
227 | * [splunk/botsv2: Splunk Boss of the SOC version 2 dataset.](https://github.com/splunk/botsv2)
228 | * [splunk/botsv3: Splunk Boss of the SOC version 3 dataset.](https://github.com/splunk/botsv3)
229 | * [Enterprise Cybersecurity - Recon InfoSec](https://www.reconinfosec.com/)
230 | * [OpenSOC - Network Defense Simulation](https://opensoc.io/)
231 | * [Demystifying the Windows Firewall – Learn how to irritate attackers without crippling your network | New Zealand 2016 | Channel 9](https://channel9.msdn.com/Events/Ignite/New-Zealand-2016/M377)
232 | * [research/uniq-hostnames.txt at main · bambenek/research](https://github.com/bambenek/research/blob/main/sunburst/uniq-hostnames.txt)
233 | * [Windows Security Log Encyclopedia](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx)
234 | * [Detecting Kerberoasting Activity – Active Directory Security](https://adsecurity.org/?p=3458)
235 | * [Kerberos & Attacks 101 - SANS Institute](https://www.sans.org/webcasts/kerberos-attacks-101-111735)
236 | * [Basic Kerberos Authentication - YouTube](https://www.youtube.com/watch?v=u7MQoSN19O4)
237 | * [PowerPoint Presentation](https://www.redsiege.com/wp-content/uploads/2020/09/SIEGECAST-KERBEROS-AND-ATTACKS-101.pdf)
238 | * [SANS Webcast: Kerberos & Attacks 101 - YouTube](https://www.youtube.com/watch?v=LmbP-XD1SC8)
239 | * [Kerberos and Attacks 101 - Tim Medin - YouTube](https://www.youtube.com/watch?v=9lOFpUA25Nk)
240 | * [How To Disable LLMNR & Why You Want To - Black Hills Information Security](https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/)
241 | * [Kerberos & Attacks 101 - YouTube](https://www.youtube.com/watch?v=IBeUz7zMN24&t=564s)
242 | * [Kerberos & Attacks 101 - YouTube](https://www.youtube.com/watch?v=IBeUz7zMN24)
243 | * [Proof-of-Concept Exploit Code for Kerberos Bronze Bit Attack Published - Binary Defense](https://www.binarydefense.com/threat_watch/proof-of-concept-exploit-code-for-kerberos-bronze-bit-attack-published/)
244 | * [Kerberoasting How To with Tim Medin - YouTube](https://www.youtube.com/watch?v=Jaa2LmZaNeU&feature=youtu.be)
245 | * [Unofficial Guide to Mimikatz & Command Reference – Active Directory Security](https://adsecurity.org/?p=2207)
246 | * [Mimikatz - Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/Mimikatz/)
247 | * [Prevent Windows from storing an LM hash of the password in AD and local SAM databases - Windows Server | Microsoft Docs](https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/prevent-windows-store-lm-hash-password)
248 | * [Collecting Process Start Events (4688) Without the Noise](https://support.logbinder.com/SuperchargerKB/50141/Collecting-Process-Start-Events-4688-Without-the-Noise)
249 | * [Set up PowerShell script block logging for added security](https://searchwindowsserver.techtarget.com/tutorial/Set-up-PowerShell-script-block-logging-for-added-security)
250 | * [Use Windows Event Forwarding to help with intrusion detection (Windows 10) - Windows security |Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection)
251 | * [olafhartong/sysmon-modular: A repository of sysmon configuration modules](https://github.com/olafhartong/sysmon-modular)
252 | * [activecm/BeaKer: Beacon Kibana Executable Report(Aggregates Sysmon Network Events With Elasticsearch and Kibana](https://github.com/activecm/BeaKer)
253 | * [palantir/windows-event-forwarding: A repository for using windows event forwarding for incident detection and response](https://github.com/palantir/windows-event-forwarding)
254 | * [Applied Purple Teaming w/ Kent Ickler and Jordan Drysdale – (16 Hours) – Wild West Hackin' Fest](https://wildwesthackinfest.com/training/applied-purple-teaming/)
255 | * [How to Write Sigma Rules - Nextron Systems](https://www.nextron-systems.com/2018/02/10/write-sigma-rules/)
256 | * [How to Build an Active Directory Hacking Lab - YouTube](https://www.youtube.com/watch?v=xftEuVQ7kY0)
257 | * [Setting up Active Directory in Windows Server 2019 (Step By Step Guide) - YouTube](https://www.youtube.com/watch?v=h3sxduUt5a8)
258 | * [Sigma Rules Repository Mirror | TDM by SOC Prime](https://sigma.socprime.com/#!/)
259 | * [Accessing Event Data and Fields in the Configuration | Logstash Reference [7.10] | Elastic](https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html)
260 | * [Filter plugins | Logstash Reference [7.10] | Elastic](https://www.elastic.co/guide/en/logstash/current/filter-plugins.html)
261 | * [AWS Penetration Testing](https://www.packtpub.com/security/aws-penetration-testing)
262 | * [sbousseaden/EVTX-ATTACK-SAMPLES: Windows Events Attack Samples](https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES)
263 | * [Windows Security Log Event ID 4776 - The domain controller attempted to validate the credentials for an account](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4776)
264 | * [Jump start with Docker · JPCERTCC/LogonTracer Wiki](https://github.com/JPCERTCC/LogonTracer/wiki/jump-start-with-docker)
265 | * [Attack Tactics 6: Return of the Blue Team - YouTube](https://www.youtube.com/watch?v=c7x5JsR16Qw&ab_channel=BlackHillsInformationSecurity)
266 | * [4724(S, F) An attempt was made to reset an account's password((Windows 10) - Windows security | Microsoft Docs](https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4724)
267 | * [Attack Tactics 7: The logs you are looking for - YouTube](https://www.youtube.com/watch?v=jL6Somex_58&list=PLqz80p7f6dFsaPX-eDVk8qDZAlGXW_VwW)
268 | * [Attack Tactics - YouTube](https://www.youtube.com/playlist?list=PLqz80p7f6dFsaPX-eDVk8qDZAlGXW_VwW)
269 | * [nathanmcnulty/Disable-NetBIOS.ps1 at master - nathanmcnulty/nathanmcnulty](https://github.com/nathanmcnulty/nathanmcnulty/blob/master/ActiveDirectory/Disable-NetBIOS.ps1)
270 | * [Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS](https://blog.netspi.com/exploiting-adidns/)
271 | * [Memory Samples · volatilityfoundation/volatility Wiki](https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples)
272 | * [ATT&CK® EVALUATIONS](https://attackevals.mitre-engenuity.org/)
273 | 
274 | Endpoint Protection Analysis
275 | 
276 | Vulnerability Management
277 | 
278 | 
279 | 
280 | 


--------------------------------------------------------------------------------