SQL Scripts
https://github.com/CloudDBM/mentor
https://github.com/A-poc/BlueTeam-Tools
Blue Team Tips 4 tips
- Payload extraction with Process Hacker @embee_research
- Prevent Script Execution via Double Click Default Application GPO Change
- Detect Cryptojacking Malware with Proxy Logs Dave Mckay
- Remove null bytes in CyberChef malware analysis @Securityinbits
Network Discovery and Mapping 6 tools
Vulnerability Management 4 tools
- OpenVAS Open-source vulnerability scanner
- Nessus Essentials Vulnerability scanner
- Nexpose Vulnerability management tool
- HackerOne Bug Bounty Management Platform
Security Monitoring 10 tools
- Sysmon System Monitor for Windows
- Kibana Data visualization and exploration
- Logstash Data collection and processing
- parsedmarc Email DMARC data visualisation
- Phishing Catcher Phishing catcher using Certstream
- maltrail Malicious traffic detection system
- AutorunsToWinEventLog Windows AutoRuns Event Parser
- procfilter YARA-integrated process denial framework
- velociraptor Endpoint visibility and collection tool
- SysmonSearch Sysmon event log visualisation
Threat Tools and Techniques 11 tools
- lolbas-project.github.io Living Off The Land Windows Binaries
- gtfobins.github.io Living Off The Land Linux Binaries
- filesec.io Attacker file extensions
- KQL Search KQL query aggregator
- Unprotect Project Malware evasion techniques knowledge base
- chainsaw Fast Windows Forensic Artefacts Searcher
- freq Domain generation algorithm malware detection
- yarGen YARA rule generator
- EmailAnalyzer Suspicious emails analyser
- VCG Code security scanning tool
- CyberChef GCHQ online data manipulation platform
Threat Intelligence 4 tools
- Maltego Threat Intelligence Platform
- MISP Malware Information Sharing Platform
- ThreatConnect Threat data aggregation
- Adversary Emulation Library An open library of adversary emulation plans
Incident Response Planning 5 tools
- NIST Cybersecurity Framework
- Incident Response Plan Framework for incident response
- Ransomware Response Plan Framework for ransomware response
- Incident Response Reference Guide Incident preparation guidance paper
- Awesome Incident Response List of tools for incident response
Malware Detection and Analysis 11 tools
- VirusTotal Malicious IOC Sharing Platform
- IDA Malware disassembler and debugger
- Ghidra Malware reverse engineering tool
- decode-vbe Encoded VBE script decoder
- pafish Virtual machine sandbox detector
- lookyloo Phishing domain mapping
- YARA Malware identification via pattern matching
- Cuckoo Sandbox Malware analysis sandbox
- Radare2 Reverse engineering framework
- dnSpy .NET debugger and assembly editor
- malware-traffic-analysis.net Malware and packet capture samples
Data Recovery 3 tools
- Recuva File recovery
- Extundelete Ext3 or ext4 partition recovery
- TestDisk Data Recovery
Digital Forensics 3 tools
- SANS SIFT Forensic toolkit
- The Sleuth Kit Disk images analysis tools
- Autopsy Digital forensics platform
Security Awareness Training 4 tools
- TryHackMe Cyber security challenges platform
- HackTheBox Cyber security challenges platform
- CyberDefenders Blue team cyber security challenges platform
- PhishMe Phishing training
Communication and Collaboration 2 tools
- Twitter Cyber Security Accounts
- Facebook TheatExchange Malicious indicators sharing platform
Learn from Blue Teamers with a collection of Blue Teaming Tips. These tips cover a range of tactics, tools, and methodologies to improve your blue teaming abilities.
🔙Payload extraction with Process Hacker
Description: 'Malware Analysis Tip - Use Process Hacker to watch for suspicious .NET assemblies in newly spawned processes. Combined with DnSpy - it's possible to locate and extract malicious payloads without needing to manually de-obfuscate.'
Credit: @embee_research
Comments