Update README.md
Adel K
GitHub
parent
51e2752781
commit
4ba1686f37
14
README.md
14
README.md
|
|
@ -70,6 +70,8 @@
|
|||
- [Sentinel Attack](https://github.com/BlueTeamLabs/sentinel-attack) - A repository of Azure Sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework
|
||||
- [Brim](https://github.com/brimsec/brim) - A desktop application to efficiently search large packet captures and Zeek logs
|
||||
- [YARA](https://github.com/virustotal/yara) - The pattern matching swiss knife
|
||||
- [Intel Owl](https://github.com/intelowlproject/IntelOwl) - An Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API at scale.
|
||||
- [Capa](https://github.com/fireeye/capa) - An open-source tool to identify capabilities in executable files.
|
||||
|
||||
#### Alerting Engine
|
||||
|
||||
|
|
@ -119,6 +121,7 @@
|
|||
- [Boss of the SOC (BOTS) Dataset Version 3](https://github.com/splunk/botsv3)
|
||||
- [EMBER](https://github.com/endgameinc/ember) ([paper](https://arxiv.org/abs/1804.04637)) - The EMBER dataset is a collection of features from PE files that serve as a benchmark dataset for researchers
|
||||
- [theZoo](https://github.com/ytisf/theZoo) - A repository of LIVE malwares
|
||||
- [CIC Datasets](https://www.unb.ca/cic/datasets/index.html) - Canadian Institute for Cybersecurity datasets
|
||||
|
||||
|
||||
### Resources
|
||||
|
|
@ -158,6 +161,7 @@
|
|||
- [Detection Spectrum](https://posts.specterops.io/detection-spectrum-198a0bfb9302) ([PDF](docs/specterops-DetectionSpectrum.pdf))
|
||||
- [Capability Abstraction](https://posts.specterops.io/capability-abstraction-fbeaeeb26384) ([PDF](docs/specterops-CapabilityAbstraction.pdf))
|
||||
- [Awesome YARA](https://github.com/InQuest/awesome-yara) - A curated list of awesome YARA rules, tools, and resources
|
||||
- [Defining ATT&CK Data Sources](https://medium.com/mitre-attack/defining-attack-data-sources-part-i-4c39e581454f) - A two-part blog series that outlines a new methodology to extend ATT&CK’s current data sources.
|
||||
|
||||
#### Frameworks
|
||||
|
||||
|
|
@ -172,6 +176,7 @@
|
|||
- [The DML Model](http://ryanstillions.blogspot.com.au/2014/04/the-dml-model_21.html) - The Detection Maturity Level (DML) model is a capability maturity model for referencing ones maturity in detecting cyber attacks.
|
||||
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
|
||||
- [OSSEM](https://github.com/hunters-forge/OSSEM) (Open Source Security Events Metadata) - A community-led project that focuses on the documentation and standardization of security event logs from diverse data sources and operating systems
|
||||
- [MITRE Shield](https://shield.mitre.org) - A knowledge base of active defense techniques and tactics ([Active Defense Matrix](https://shield.mitre.org/matrix/))
|
||||
|
||||
#### DNS
|
||||
|
||||
|
|
@ -187,10 +192,11 @@
|
|||
|
||||
#### Command and Control
|
||||
|
||||
- [Command-and-control Malware Traffic Playbook](https://www.demisto.com/command-control-malware-traffic-playbook/)
|
||||
- [How to Hunt Command & Control Channels Using Bro IDS and RITA](https://www.blackhillsinfosec.com/how-to-hunt-command-and-control-channels-using-bro-ids-and-rita/)
|
||||
- [Detect Beaconing with Flare, Elastic Stack, and Intrusion Detection Systems](http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/)
|
||||
- [Rise of Legitimate Services for Backdoor Command and Control](docs/legit-services.pdf)
|
||||
##### DoH
|
||||
- [Hiding in Plain Sight](https://blog.huntresslabs.com/hiding-in-plain-sight-part-2-dfec817c036f) - A malware abusing Google DoH
|
||||
-
|
||||
|
||||
|
||||
#### Osquery
|
||||
|
||||
|
|
@ -330,6 +336,8 @@ A curated list of awesome adversary simulation resources
|
|||
- [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/) - A PowerShell Post-Exploitation Framework.
|
||||
- [RedHunt-OS](https://github.com/redhuntlabs/RedHunt-OS) - A Virtual Machine for Adversary Emulation and Threat Hunting. RedHunt aims to be a one stop shop for all your threat emulation and threat hunting needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment.
|
||||
- [Infection Monkey](https://github.com/guardicore/monkey) - An open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.
|
||||
- [Splunk Attack Range](https://github.com/splunk/attack_range) - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.
|
||||
|
||||
|
||||
### Resources
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue