This page contains links to couple of interesting training resources, tools and other material useful for Incident Response, Penetration Testing, Malware Analysis and other security-related areas.

Although I’ve placed it here mainly for myself and students of my security courses, if you find it useful, it is also accessible through the easily remembered URL csirt.xyz.

Bellow, you may find materials for the following areas:

• Security Monitoring and Incident Response
• Threat Hunting
• Threat Intelligence
• Threat Modeling
• Penetration Testing and Red Teaming
• Purple Teaming
• Malware Analysis
• Application Security
• Miscellaneous

Security Monitoring and Incident Response

• Standards and Best Practices
  • ENISA Good Practice Guide for Incident Management
  • NIST Computer Security Incident Handling Guide (SP 800-61r2)
  • SIM3: Security Incident Management Maturity Model
  • SOC-CMM
  • Handbook for Computer Security Incident Response Teams (CSIRTs)
  • Reference Security Incident Taxonomy (RSIT) (current version)
  • FIRST CSIRT/PSIRT Services Framework
  • MaGMa Use Case Framework
  • Traffic Light Protocol (TLP)
  • Incident Response Hierarchy of Needs
  • INTERPOL Guidelines for Digital Forensics First Responders
  • CISA Cybersecurity Incident & Vulnerability Response Playbooks
  • ITU Cybersecurity Programme: CIRT Framework
  • ENISA CSIRT Maturity Framework
  • De-Facto Standards for CSIRTs, PSIRTs and other security teams
  • RFC 2350 - Expectations for Computer Security Incident Response

• Training Resources
  • CSIRT Training Resources from ENISA
  • Tutorials for Network Miner and Other Netresec Tools
  • PCAP Files for Training - Netresec
  • PCAP Files for Training - Malware Traffic Analysis
  • PCAP Files for Training - Active Countermeasures
  • FIRST Courses
  • TRANSITS Materials
  • Encyclopedia of evasion techniques
  • STOic TTX Facilitator Training

• Collections of Resources
  • List of resources for SOC/CSIRT
  • SANS Information Security Resources
  • Awesome Security APIs
  • List of tools for PDF Analysis
  • Tool Analysis Result Sheet
  • TriOp - Tool for quickly gathering statistical information from Shodan.io
  • Awesome Incident Response
  • Awesome SOAR List

• Tools
  • CyberChef
  • SIFT - SANS Forensic VM
  • Sigma - Generic Signature Format for SIEM Systems
  • Uncoder.IO: Universal Sigma Rule Converter
  • KAPE - Kroll Artifact Parser and Extractor
  • MITRE ATT&CK Navigator
  • DeTT&CT - Detect Tactics, Techniques & Combat Threats
  • YARA
  • Network Miner
  • osquery
  • Velociraptor
  • Wazuh
  • Arkime
  • Zeek
  • Suricata
  • Security Onion
  • Dissect

• Misc
  • Incident Response: Protecting Individual Rights Under the General Data Protection Regulation
  • NISD2: A Common Framework for Information Sharing Among Network Defenders
  • Processing Data to Protect Data: Resolving the Breach Detection Paradox
  • CyberChef Recipes
  • RE&CT Framework
  • Practical SOC Metrics
  • 11 Strategies of a World-Class Cybersecurity Operations Center
  • Permissible Actions Protocol (PAP)

Threat Hunting

• Methodologies and Best Practices
  • Hunt Evil: Your Practical Guide to Threat Hunting
  • Sqrrl Cyber Hunting Maturity Model
  • Crown Jewels Analysis
  • The Endgame Guide to Threat Hunting
  • TaHiTI Threat Hunting Methodology
  • TTP-Based hunting

• Collections of Resources
  • Resource Threat Detection and Hunting
  • Threat Hunter Project
  • The ThreatHunting Project
  • Threat Hunting & DFIR
  • Security Datasets Project (Mordor)

• Training Resources
  • Active Countermeasures Threat Hunt Training Course

• Misc
  • Generating Hypotheses for Successful Threat Hunting

Threat Intelligence

• Methodologies and Best Practices
  • ENISA Threat Landscape Methodology

• Training Resources
  • FIRST Cyber Threat Intelligence Curriculum
  • A Cyber Threat Intelligence Self-Study Plan: Part 1
  • A Cyber Threat Intelligence Self-Study Plan: Part 2

• Misc
  • APT Groups and Operations
  • Malpedia
  • Quantifying Threat Actor Assessments
  • Psychology of Intelligence Analysis

Threat Modeling

• Methodologies and Best Practices
  • Attack Trees
  • DREAD
  • LIDDUN
  • OCTAVE & OCTAVE-Related Assets
  • PASTA
  • STRIDE
  • CARVER
  • Trike
  • VAST
  • NIST Guide to Data-Centric System Threat Modeling (SP 800-154)

• Tools
  • Microsoft Threat Modeling Tool
  • OWASP Threat Dragon
  • Computer Aided Integration of Requirements and Information Security (CAIRIS)
  • Visual Paradigm Online Threat Modeling Toool

• Misc
  • Threat Modeling Manifesto
  • Threat Modeling: 12 Available Methods
  • Cyber Threat Modeling: Survey, Assessment, and Representative Framework
  • A Threat Modeling Field Guide
  • A Threat-Driven Approach to Cyber Security
  • OWASP Threat Modeling Cheat Sheet

Penetration Testing and Red Teaming

• Methodologies and Best Practices
  • OWASP Web Security Testing Guide (WSTG) v4.2
  • Open Source Security Testing Methodology Manual (OSSTMM) v3
  • Open Source Security Testing Methodology Manual (OSSTMM) v2.1
  • Information Systems Security Assessment Framework (ISSAF) v0.2.1
  • Penetration Testing Execution Standard (PTES)
  • NIST Technical Guide to Information Security Testing and Assessment (SP 800-115)
  • CVSS - Common Vulnerability Scoring System v3.1
  • FedRAMP Penetration Test Guidance v2.0
  • CREST - A guide for running an effective Penetration Testing programme
  • GFMA Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry
  • TIBER-EU Framework
  • NESCOR Guide to Penetration Testing for Electric Utilities
  • CyberArk Thick Client Penetration Testing Methodology

• Training Resources
  • Google Hacking for Penetration Testers
  • Cybrary.it - Security Training Videos
  • PentesterLab - Web App Pentesting Training
  • PortSwigger WebSecurity Academy

• Collections of Resources

  • PayloadsAllTheThings
  • 20+ Free Resources To Legally Practice Your Ethical Hacking Skills
  • Awesome Penetration Testing
  • Kerberosity Killed the Domain: An Offensive Kerberos Overview
  • LOLBAS - Living Off The Land Binaries, Scripts and Libraries
  • GTFOBins

• Tools
  • Pentest-Tools
  • Reverse Shell Generator
  • Nmap

Purple Teaming

• Methodologies and Best Practices
  • Purple Team Exercise Framework (PTEF)
  • Purple Team Maturity Model

• Tools
  • Atomic Red Team
  • MITRE Caldera
  • Prelude Operator
  • Infection Monkey
  • APTSimulator
  • VECTR

• Collections of Resources
  • Enterprise Purple Teaming
  • CTID Adversary Emulation Library

Malware Analysis

• Training Resources
  • Malware Unicorn Workshops
  • Haseherezade Malware Training vol. 1
  • Introduction to Malware Analysis and Reverse Engineering
  • Malware Hunting with the Sysinternals Tools

• Collections of Resources
  • Reverse Engineering resources
  • Awesome Malware Analysis
  • Malware Sample Sources for Researchers
  • malware-gems
  • Overview of free online malware analysis sandboxes

• Sample sources
  • theZoo - A Live Malware Repository
  • Malware Samples
  • MalwareBazaar

• Tools
  • Flare VM
  • REMnux: A Linux Toolkit for Malware Analysis
  • Sysinternals Suite
  • Didier Stevens Suite
  • pestudio
  • Cuckoo Sandbox
  • Malware Hash Registry

• Misc
  • Ten process injection techniques: A technical survey of common and trending process injection techniques
  • How To Build A Malware Analysis Lab
  • Malware Analysis Fundamentals - Files & Tools
  • Manual Generation of a Memory Dump

Application Security

• Standards and Best Practices
  • Avoiding the Top 10 Software Security Design Flaws
  • Microsoft Security Development Lifecycle Practices
  • NIST Secure Software Development Framework (SSDF)
  • NIST Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (SP 800-160 Vol. 1)
  • OWASP Application Security Verification Standard
  • OWASP SAMM - Software Assurance Maturity Model
  • OWASP Secure Coding Practices Quick Reference Guide
  • OWASP Mobile Security Project
  • OWASP Top 10
  • OWASP DSOMM - DevSecOps Maturity Model
  • SEI Secure Design Patterns
  • SEI Top 10 Secure Coding Practices

• Training Resources
  • DevSecOps University

• Collections of Resources
  • Department of Defense and Federal Government Cloud Computing and DevSecOps
  • Ultimate DevSecOps Library
  • NTIA Software Bill of Materials Library

• Tools
  • Analysis Tools

• Misc
  • OWASP CycloneDX
  • Threat Modeling Resources

Miscellaneuos

• Standards and Best Practices
  • CIS Controls
  • CIS Risk Assessment Method (RAM)
  • NIST Cybersecurity Framework (CSF)
  • NIST Guide for Conducting Risk Assessments (SP 800-30r1)
  • NIST Risk Management Framework for Information Systems and Organizations (SP 800-37r2)
  • NICE Framework Resource Center
  • RFC 9116 - A File Format to Aid in Security Vulnerability Disclosure

• Training Resources
  • BHIS - 30 things to get you started
  • Wireshark Tutorial

• Other
  • MITRE ATT&CK
  • MITRE D3FEND
  • Categorizing human phishing difficulty: a PhishScale
  • Hexacorn Blog
  • BloodHound versus Ransomware: A Defender’s Guide
  • Active Directory Security
  • Active Directory Fundamentals
  • ShodanTools - Collection of scripts & fingerprinting tricks for Shodan.io
  • AuditScripts Collective Risk Project
  • SANS Vulnerability Management Maturity Model (VMMM)