This page contains links to couple of interesting training resources, tools and other material useful for Incident Response, Penetration Testing, Malware Analysis and other security-related areas.
Although I’ve placed it here mainly for myself and students of my security courses, if you find it useful, it is also accessible through the easily remembered URL csirt.xyz.
Bellow, you may find materials for the following areas:
- Security Monitoring and Incident Response
- Threat Hunting
- Threat Intelligence
- Threat Modeling
- Penetration Testing and Red Teaming
- Purple Teaming
- Malware Analysis
- Application Security
- OT Security
- Miscellaneous
Security Monitoring and Incident Response
- Standards and Best Practices
- ENISA Good Practice Guide for Incident Management
- NIST Computer Security Incident Handling Guide (SP 800-61r2)
- SIM3: Security Incident Management Maturity Model
- SOC-CMM
- Reference Security Incident Taxonomy (RSIT) (current version)
- FIRST CSIRT/PSIRT Services Framework
- MaGMa Use Case Framework
- Traffic Light Protocol (TLP)
- Incident Response Hierarchy of Needs
- INTERPOL Guidelines for Digital Forensics First Responders
- CISA Cybersecurity Incident & Vulnerability Response Playbooks
- ENISA CSIRT Maturity Framework
- RFC 2350 - Expectations for Computer Security Incident Response
- Training Resources
- Collections of Resources
- Tools
- CyberChef
- SIFT - SANS Forensic VM
- Sigma - Generic Signature Format for SIEM Systems
- Uncoder.IO: Universal Sigma Rule Converter
- KAPE - Kroll Artifact Parser and Extractor
- MITRE ATT&CK Navigator
- DeTT&CT - Detect Tactics, Techniques & Combat Threats
- YARA
- Network Miner
- osquery
- Velociraptor
- Wazuh
- Arkime
- Zeek
- Suricata
- Security Onion
- Dissect
- Misc
- Incident Response: Protecting Individual Rights Under the General Data Protection Regulation
- Processing Data to Protect Data: Resolving the Breach Detection Paradox
- NISD2: A Common Framework for Information Sharing Among Network Defenders
- CyberChef Recipes
- RE&CT Framework
- Practical SOC Metrics
- 11 Strategies of a World-Class Cybersecurity Operations Center
- Incident Response Public Playbooks and Structure
- Permissible Actions Protocol (PAP)
Threat Hunting
- Methodologies and Best Practices
- Collections of Resources
- Training Resources
Threat Intelligence
- Methodologies and Best Practices
- Training Resources
- Misc
Threat Modeling
- Methodologies and Best Practices
- Tools
- Collections of Resources
- Misc
Penetration Testing and Red Teaming
- Methodologies and Best Practices
- OWASP Web Security Testing Guide (WSTG) v4.2
- Open Source Security Testing Methodology Manual (OSSTMM) v3
- Open Source Security Testing Methodology Manual (OSSTMM) v2.1
- Information Systems Security Assessment Framework (ISSAF) v0.2.1
- Penetration Testing Execution Standard (PTES)
- NIST Technical Guide to Information Security Testing and Assessment (SP 800-115)
- CVSS - Common Vulnerability Scoring System v3.1
- FedRAMP Penetration Test Guidance v2.0
- CREST - A guide for running an effective Penetration Testing programme
- GFMA Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry
- TIBER-EU Framework
- NESCOR Guide to Penetration Testing for Electric Utilities
- CyberArk Thick Client Penetration Testing Methodology
- Training Resources
-
Collections of Resources
- Misc
Purple Teaming
- Methodologies and Best Practices
- Collections of Resources
Malware Analysis
- Training Resources
- Collections of Resources
- Sample sources
- Tools
- Misc
Application Security
- Standards and Best Practices
- Avoiding the Top 10 Software Security Design Flaws
- Microsoft Security Development Lifecycle Practices
- NIST Secure Software Development Framework (SSDF)
- NIST Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (SP 800-160 Vol. 1)
- NIST Developing Cyber-Resilient Systems: A Systems Security Engineering Approach (SP 800-160 Vol. 2)
- ISO/IEC 21827:2008 - Systems Security Engineering — Capability Maturity Model (SSE-CMM)
- OWASP Application Security Verification Standard
- OWASP SAMM - Software Assurance Maturity Model
- OWASP Secure Coding Practices Quick Reference Guide
- OWASP Mobile Security Project
- OWASP Code Review Guide
- OWASP Top 10
- OWASP Top 10 CI/CD Security Risks
- OWASP API Security Top 10
- OWASP DSOMM - DevSecOps Maturity Model
- SEI Secure Design Patterns
- SEI Top 10 Secure Coding Practices
- Training Resources
- Collections of Resources
- Tools
OT Security
- Standards and Best Practices
Miscellaneuos
- Standards and Best Practices
- CIS Critical Security Controls
- CIS Risk Assessment Method (RAM)
- NIST Cybersecurity Framework (CSF)
- NIST Guide for Conducting Risk Assessments (SP 800-30r1)
- NIST Risk Management Framework for Information Systems and Organizations (SP 800-37r2)
- European Cybersecurity Skills Framework Role Profiles
- NICE Framework Resource Center
- RFC 9116 - A File Format to Aid in Security Vulnerability Disclosure
- Training Resources
- Other
- MITRE ATT&CK
- MITRE ATT&CK Top 10 Techniques Calculator
- MITRE D3FEND
- MITRE Engage
- MITRE Cyber Resiliency Engineering Framework (CREF) Navigator
- Categorizing human phishing difficulty: a PhishScale
- Hexacorn Blog
- BloodHound versus Ransomware: A Defender’s Guide
- Active Directory Security
- Active Directory Fundamentals
- ShodanTools - Collection of scripts & fingerprinting tricks for Shodan.io
- AuditScripts Collective Risk Project
- Cloud Controls Matrix
- SANS Vulnerability Management Maturity Model (VMMM)
- Cybersecurity Capability Maturity Model (C2M2)
- Cybrary.it - Security Training Videos