CyberBodega

A conglomeration of resources for any color of the rainbow

     _________       ______                  ________      _________                    
     __  ____/____  ____  /______________    ___  __ )___________  /___________ ______ _
     _  /    __  / / /_  __ \  _ \_  ___/    __  __  |  __ \  __  /_  _ \_  __ `/  __ `/
     / /___  _  /_/ /_  /_/ /  __/  /        _  /_/ // /_/ / /_/ / /  __/  /_/ // /_/ / 
     \____/  _\__, / /_.___/\___//_/         /_____/ \____/\__,_/  \___/_\__, / \__,_/  
             /____/                                                     /____/                                                                 

                                          Continuously Updated Since 16 July 2020

Contents

• Quick-Links
• Infosec-News
• Interesting-Articles-Videos
• Research-Resources
  • Write-ups
  • Research-Sites
  • Cyber-Threat-Intelligence-Dump
• Training-Resources
• Blue-Team-Resources
  • Utility
  • Network-Analysis
  • Host-Analysis
  • Host-Network-Analysis
  • Detection
  • Malware-Analysis
  • Audit-Vulnerability
    • Malware-IOC-Detection-Data-Dumps
  • blue-bin
• Purple-Red-Team-Resources
  • Command-and-Control
  • Recon
  • Password-Tools
  • red-bin
• Cloud-Things
  • tools
• AI-Stuff
• Awesome-Lists
• Dump

Quick-Links

• RSS/Twitter-Feed Conglomeration of InfoSec RSS feeds
• TweetDeck Twitter has useful information? YEP

Infosec-News

• All InfoSec News An InfoSec & Cyber news aggregator
• Security Soup Infosec news, commentary, and research
• Threatpost Supposedly the first stop for security news
• Week in 4N6 Your weekly roundup of Digital Forensics and Incident Response news
• r/blueteamsec Subreddit focused on technical intelligence, research and engineering
• Krebson Security
• SANS Webcast
• SANS Newsletter
• Cyber Scoop
• SecurityFocus
• Gibson Research Corporation
• Security News Wire
• PortSwigger
• Pentestmonkey
• USCERT (CISA)
• FIRST
• BleepingComputer
• Schneier Security
• Opalsec

Interesting-Articles-Videos

• vx-underground Really anything from here is pretty sweet
• Cyb3rWard0g's Lab⭐ Step by step guide on creating a lab enviorment in ESXi
• SANS Reading Room See what white papers are top of mind for the SANS community
• Black Hat Archives Archive of computer security presentations is provided free of charge as a service to the international computer security community
• If you've ever wanted to mess around with a SIEM
• Spin Up An AD Enviorment Quickly
• Lenny Zeltser - Learn Malware Analysis
• PST, Want a Shell? Mandiant's write-up for ProxyShell
• De-Fanging Strings with FLOSS Uncovering obfuscated strings with FLOSS
• Setting up Tripwire Detecting adversary activity via file changes (Honey Files)
• PowerShell Process Hunting Great review of ways to leverage PowerShell to do neat things
• Canary Tokens Painless way to help defenders discover they've been breached
• Kerboroasting Conversation about extracting service account credentials from Active Directory via kerb
• Honey Files Honey files are designed to detect attackers who are accessing and removing files
• CTI Self Study Plan Katie Nickels discusses ways you can learn more about CTI
• Start Learning Malware Analysis
• DFRWS Papers & Presentations
• Detecting Meterpreter HTTP module Network Traffic Didier Stevens discusses meterpreter network traffic
• Hunting Linux Persistence Part 1 Auditd, Sysmon, Osquery and Webshells
• Adventures in Dynamic Evasion
• SSDs/The Challanges Presented to DFIR
• Anti-Forensics
• Windows Artifacts DFIR
• Windows Forensics
• Linux Forensics
• Black Hat Stego Brief
• Unpacking Malware
• Malware Reports
• Journey Into Incident Response
• Deploying T-Pot Framework in the Cloud
• Getting Started with RE/Malware Analysis
• OpBlueRaven Details about PRODAFT & INVICTUS Threat Intelligence (PTI) team’s latest operation on different threat actors
• TrendMicro; Analyzing Common Pentesting Tools Gives a great insight into common abused tools
• Hunt & Hackett; Concealed code TTP's/Detection Covers common defense evasion techniques and how to detect them
• NCC Group; Detecting DNS Implants Interesting TTP's leveraging DNS as a pure means of C2
• Linux to ATT&CK Mapped markdown file listing common Linux malware TTP's mapped to ATT&CK
• Datadog; AWS Threat Detection Intro to Stratus Red Team, the Atmoic red team for cloud enviorments
• Nextron Systems; Writing YARA rules Part 1 of a 4 part series on writing effective YARA rules
• Tweaking macOS to detect App Bundles Adversaries commonly manipulate application bundles to subvert security controls
• IR/Detection when Cloud is your Data Center SANS Summit talk about Cloud data center IR/Detection capabilities
• Event logs and Elastic Security for IR Discussion about Elastic security and its use cases
• Bug bounty guide to IDOR Discusses IDOR and the feasibility surrounding Bug Bounties
• MalwareJake Presentation Covers a number of topics
• Degrading MS Defender Presentation about circumventing Microsoft Defender
• Actual MFA bypass techniques Discusses In-The-Wild MFA bypass methods

Research-Resources

Write-ups

• Unit 42
• Google Security Blog
• Trellix Blog
• The DFIR Report
• Sophos X-Ops
• Intel471

Research-Sites

• Exploit DB
• Shodan
• National Vulnerability Database
• CVE Proof of Concepts
• OWASP
• OSINT Framework
• OpenThreatResearch
• BellingCat
• Zoomeye
• Spyse
• Web Check Insight into the inner-workings of a given website

Cyber-Threat-Intelligence-Dump

• Unit 42 Atom Threat group information
• CrowdStrike Adversary APT/Adversary group list
• SOC Radar APT IoC feeds from several public and private sources and sensors
• APT Campaigns Collection of APT and cybercriminals campaign
• Yet Another Google Doc.1 APT Groups and Operations
• Yet Another Google Doc.2 Raw intel dump into a word doc
• Cyber Campaigns List of multiple cyber-espionage and cyber-attack campaigns
• APT Secure List Targeted cyberattack logbook
• Dragos Threat Activity Dragos threat activity groups
• Google Threat Analysis Googles TAG (Threat analysis group)
• Microsoft Threat Intel Microsoft threat intel team
• APT Map Graphical map of known Advanced Persistent Threats
• MITRE APT Groups MITRE attack groups
• APT Netlify Yet another threat actor map
• Alienvault OTX Groups AlienVault open threat exchange
• Unit 42 Playbooks Playbooks for certain threat groups

Training-Resources

• CyberDefenders BlueYard - BlueTeam Challenges
• Malware Traffic Analysis Infected PCAP's for review
• EVTX/PCAP Attack Samples Infected PCAP's and EVTX logs for review
• Open Security Training Free training for a variety of computer security classes
• TryHackMe Hands-on cyber security training
• HackSplaining Number of free training lessons for free
• Codewars Programming challanges
• MalwareUnicorn Free reverse engineering workshops
• Free Ivy Leauge Courses List of Ivy league courses you can take online for free (CS50)
• LetsDefend Free-ish training simulating the SOC life. Great for people interested in journying into a IR/SOC enviorment
• DC540 Reversing Course Free reverse engineering course
• Low Level Programming Low level programming course
• FreeCodeCamp Free and online, self paced courses to prepare you for a role in programming
• SocVel Free live DFIR challenges
• DFIRArtifactMuseum Community-driven archive of DFIR-related artifacts
• AwesomeDFIR Website DFIR resources
• ForensicMethods Archive of computer forensic information
• IMFSecurity Good resources to dig through
• Azure Training A collection of materials related to "JohntheBrit" certification videos

Blue-Team-Resources

• EricZimmerman

Utility

• Cyber Chef Web app for analysing and decoding data
• Cyber Chef Recipes A list of cyber-chef recipes and curated links
• LOLBAS Windows LOLBins and how they are abused
• GTFOBins Unix LOLBins and how they are abused
• MITRE ATT&CK Globally-accessible knowledge base of adversary tactics and techniques
• MITRE D3FEND Knowledge graph of countermeasures to ATT&CK TTP's
• Wazuh Open source unified XDR and SIEM protection for endpoints and cloud workloads
• MozDef Enterprise defense platform
• Stronghold A way to securely configure your Mac
• ChopShop Framework to aid analysts in the creation and execution of pynids based decoders and detectors of APT tradecraft
• RockNSM An open source Network Security Monitoring platform
• HELK Open source hunt platforms with advanced analytics
• AlienVault OSSIM Feature-rich open source SIEM w/ collection, normalization and correlation
• Prelude Universal SIEM
• TheHive Open source and free Security Incident Response Platform
• OpenEDR Free and open source EDR
• OpenSOC Open source big data technologies in order to offer a centralized tool for security monitoring and analysis
• Munin Online Hash Checker for Virustotal and Other Services
• Threat Hunt Mind Maps Mindmaps for cloud security, threat hunting and incident response
• Hybrid-Analysis Free malware analysis service
• Manalyzer Free service which performs static analysis on PE executables to detect undesirable behavior
• URLScan Free URL/website scanner
• Intezer Analyze Free IOC/malware scanner
• AnyRun Interactive malware analysis
• JoeSandbox Malware anaylsis
• IRIS-H Online automated static analysis of files stored in a directory-based or strictly structured formats
• Yoroi Free file analyzer
• Har-Sai Lookup things related to a specific CVE
• Rastrea2r Multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes
• HijackLibs Aims to keep a record of publicly disclosed DLL Hijacking opportunities
• Diaphore Program diffing tool working as an IDA plugin
• MalAPI List of Windows APIs to common techniques used by malware
• Sentinel Queries List of Azure Sentinel queries
• EchoTrail Windows Process Insights
• PulledPork PulledPork for Snort and Suricata rule management
• Microsoft Threat Modeling Microsoft tool related to threat modeling
• DocIntel DocIntel is an open-source context-centric threat intelligence platform
• Multi Router Traffic Grapher (MRTG) Monitor SNMP network devices and draw pretty pictures showing how much traffic has passed through each interface
• GHOSTS Realistic user simulation framework for cyber simulation, training, and exercise
• DiscØvery Security analysis tool for IoT and 5G systems
• LogonTracer Investigate malicious Windows logon by visualizing and analyzing Windows event log
• Exmaple Pentest Reports Sample penetration testing reports
• EC2 IR General walkthrough of IR capes in AWS

Network-Analysis

• Arkime Open source full packet capturing, indexing and database system. It rebuilds sessions automatically!
• Wireshark Tride and true network protocol analyzer
• Zeek An Open Source Network Security Monitoring Tool
• Google Stenographer Stenographer is a full-packet-capture utility for buffering packets to disk. Allows you to rip out
• PcapXray A tool to visualize Packet Capture offline as a Network Diagram
• RITA Open-source framework for detecting command and control communication through network traffic analysis
• Whats that C2/Exfil? Github repo full of known c2 and exfil traffic keywords
• Incubating Open source software for leveraging insights from flow and packet analysis
• Network Miner Open source Network Forensic Analysis Tool
• VAST Network telemetry engine for data-driven security investigations
• NetSniff Free Linux networking toolkit
• SpoofSpotter A tool to catch spoofed NBNS responses
• Grass Marlin🦅 Network situational awareness of ICS and SCADA networks
• SELKS Open source Debian-based IDS/IPS/Network Security Monitoring platform
• SiLK Collection of traffic analysis tools

Host-Analysis

• Velociraptor Tool for collecting host based state information using The Velociraptor Query Language (VQL) queries
• Hayabusa Windows event log fast forensics timeline generator and threat hunting tool (Sigma compatible)
• Osquery Tool that provides performant endpoint visibility
• Sysinternalsuite Suite of tools providing a multitude of capabiltiies for defenders or attackers
• Sticky Keys Slayer Scans for accessibility tools backdoors via RDP
• CimSweep Suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely
• Seatbelt Security oriented host-survey tool performing "safety checks" relevant from both offensive and defensive security perspectives
• Live-Forensicator Assist's responders in carrying out live forensic investigations
• DeepBlueCLI PowerShell Module for Threat Hunting via Windows Event Logs
• Chainsaw Powerful ‘first-response’ capability to quickly identify threats within Windows event logs
• Google Rapid Response Python agent that is installed on target systems, and python server infrastructure that can manage and talk to clients
• PSHunt Powershell Threat Hunting Module designed to scan remote endpoints
• PSRecon Gathers data from a remote Windows host using PowerShell
• Redline Free EDR, thats pretty cool
• Power Forensics Inclusive framework for hard drive forensic analysis
• Block Parse PowerShell script block parser
• Sysmon4Linux The sysmon you love for a flavor of nix
• Dissect Digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats

Host-Network-Analysis

• DARKSURGEON Windows packer project to empower incident response, digital forensics, malware analysis, and network defense

Detection

• Sigma Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner
• Yara Tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples
• Snort Open source intrusion prevention and detection system
• Suricata High performance Network IDS, IPS and Network Security Monitoring engine
• BlockBlock Monitors common persistence locations and alerts whenever a persistent component is added
• Santa Binary authorization system for macOS
• MalTrail Malicious traffic detection system

Malware-Analysis

• Remnux
• Tools by hasherezade Linux toolkit for reverse-engineering and analyzing malicious software
• IDA Binary code analysis tool
• FLARE Floss Automatically deobfuscate strings from malware binaries
• BinaryNinja Interactive disassembler, decompiler, and binary analysis platform
• BinaryPig Malware Processing and Analytics
• Ghidra🦅 Software reverse engineering suite of tools
• HxD Carefully designed and fast hex editor
• Redare2 Set of libraries, tools and plugins to ease reverse engineering tasks
• TheMatrix Project created to ease the malware analysis process
• OllyDbg 32-bit assembler level analysing debugger
• oletools Package of python tools to analyze files
• The Sleuth Kit/Autopsy Open Source Digital Forensics
• Cuckoo Sandbox Leading open source automated malware analysis system
• Malcat Feature-rich hexadecimal editor / disassembler for Windows and Linux
• malwoverview First response tool used for threat hunting and offers intel information from OSINT sites

Forensics

• CyLR Cold disk file collector
• Dissect Digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats
• Volatility Python tool used for the extraction of digital artifacts from volatile memory (RAM) samples

Audit-Vulnerability

• nuclei Fast and customisable vulnerability scanner based on simple YAML based DSL
• Clair Open source project for the static analysis of vulnerabilities in application containers
• Chef InSpec Audit and automated testing framework
• Lynis Security auditing tool for *nix and macOS
• VulnWhisperer Vulnerability management tool and report aggregator
• OpenVAS Full-featured vulnerability scanner

Malware-IOC-Detection-Data-Dumps

• vx-underground samples The largest collection of malware source code, samples, and papers on the internet
• jstrosch Samples Repository intended to provide access to a wide variety of malicious files and other artifacts
• DigitalSide Threat-Intel Repo Repository that contains a set of Open Source Cyber Threat Intellegence information
• MalwareBazar Project from abuse.ch with the goal of sharing malware samples
• DailyIOC Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
• Valhalla Yara Rules
• Yara Rules Project
• Virustotal Yara
• Florian Roth

blue bin

• Zeek to Cuckoo Automating file extraction submission and analysis to Cuckoo Sandbox from Zeek
• Ox4Shell De-obfuscate Log4Shell payloads

Purple-Red-Team-Resources

• Metasploit Framework An exploit framework
• APTSimulator A Windows Batch script that creates files to make a system look as if it was compromised
• Atomic Red Team Library of tests mapped to the MITRE ATT&CK® framework
• Metta Adversary simulation tool
• Network Flight Simulator Lightweight utility used to generate malicious network traffic
• Cladera Framework Platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response
• PowerSploit Collection of Microsoft PowerShell module's to aid in multiple phases of an assessment
• Impacket Impacket is a collection of Python classes for working with network protocols
• sqlmap Open source tool that automates the process of detecting and exploiting SQL injection flaws
• Silver Open source cross-platform adversary emulation/red team framework
• Gobuster Gobuster is a tool used to brute-force subdomains, website URI's, open S3 buckets and more
• Exegol Exegol is a community-driven hacking environment, powerful and yet simple enough to be used by anyone in day to day engagements
• EmpireProject Empire is a post-exploitation framework, which is sadly not maintained anymore
• Reubeus Rubeus is a C# toolset for raw Kerberos interaction and abuses
• Responder Responder is an LLMNR, NBT-NS and MDNS poisoner
• Inveigh Inveigh is a cross-platform .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
• ExploitDB Archive of public exploits and corresponding vulnerable software
• DumpsterFire Tool used for building repeatable, time-delayed, and distributed security events
• Stratus Red Team Essentially Atmoic red team, but focused on cloud
• RTA Framework of scripts designed to allow blue teams to test their detection capabilities against malicious tradecraft
• Infection Monkey Open source security tool for testing resiliency on perimeter breaches and internal server infection
• Invoke-Powershell PowerShell script that helps you to evaluate security products and monitoring solutions
• DSInternals Active directory PowerShell Module and Framework

Command-and-Control

• C2 Matrix Find the best C2 framework for your needs based on your target environment
• Cobalt Strike Post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer’s network
• Brute Ratel C4 Customized Command and Control Center for Red Team and Adversary Simulation
• PoshC2 Proxy aware C2 framework

Recon

• Photon Crawler Incredibly fast crawler designed for OSINT
• Subcrawl Developed to find, scan and analyze open directories
• subfinder Fast passive subdomain enumeration tool
• MASSCAN An Internet-scale port scanner
• Nmap Open source utility for network discovery and security auditing
• Angry IP Scanner Fast and friendly network scanner
• Google Dorking Technique that uses Google Search and other Google applications to find security holes
• Github Dorking Technique that uses Github to find interesting things
• Shoder PoC leveraging shodan's pythons library
• naabu Port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner
• uncover Quickly discover exposed hosts on the internet using multiple search engines
• wtfis Passive hostname, domain and IP lookup tool for non-robots
• OsintUI OSINT from your favorite services in a friendly terminal user interface
• ExchangeFinder Find Microsoft Exchange instance for a given domain and identify the exact version

Password-Tools

• Cain & Abel Password recovery tool for Microsoft Operating Systems
• Hashcat Advanced password recovery tool for most operating systems
• John Open Source password security auditing and password recovery tool
• Mimikatz Extract plaintexts passwords, hashs, PIN codes and kerberos tickets from memory
• LaZange Credentials recovery project

red bin

• NYAN-x-CAT Repo All of your RAT needs
• Sulealothman Repo Legacy penetration tools
• Matterpreter Repo Payload gen
• Evil WinRM Ultimate WinRM shell for hacking/pentesting
• COMProxy A COM client and server for testing COM hijack proxying
• ysoserial PoC tool for generating payloads that exploit unsafe Java object deserialization

Cloud-Things

• Azure AD IR Guide
• O365 Attack Toolkit

Tools

• Basic Blob Finder POC tool to hunt for public Azure storage containers and enumerate the blobs
• TeamFiltration Framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
• cloudlist Multi-cloud tool for getting Assets from Cloud Providers

AI Stuff

• ChatGPT
• SlidesAI Create Presentation Slides with AI in seconds
• Replit Build software collaboratively with the power of AI

Awesome-Lists

• Master List of all Awesome Distros
• Awesome Threat Detection and Hunting
• Awesome Threat Intelligence
• Awesome Malware Analysis
• Awesome PCAP Tools
• Awesome Threat Modeling
• Awesome CTF
• Awesome Cyber Skills
• Awesome Personal Security
• Awesome Hacking
• Awesome Honeypots
• Awesome Pentest Tools
• Awesome Pentest Cheat Sheets
• Awesome Incident Response
• Awesome Web Hacking
• Awesome Hacking
• Awesome Industrial Control System Security
• Awesome YARA
• Awesome Container Security
• Awesome Crypto Papers
• Awesome Shodan Search Queries
• Awesome Anti Forensics
• Awesome Security Talks and Videos

Dump

• Pexpect Python module for spawning child applications; controlling them; and responding to expected patterns in their output
• Unofficial OSCP Tool Distro
• Florian Roth's BlueLedger A list of some interesting community support projects
• CIS CAT
• ProjectDiscovery Security Through Intelligent Automation
• HashR HashR allows you to build your own hash sets based on your data sources
• ATT&CK Pyton Client Python module to access up-to-date ATT&CK content
• SilkETW Collects, filters and processes Windows Event Tracing (ETW) data
• Ransomwatch Latest news on ransomware related posts