This page contains links to couple of interesting training resources, tools and other material useful for Incident Response, Penetration Testing, Malware Analysis and other security-related areas.
Although I’ve placed it here mainly for myself and students of my security courses, if you find it useful, it is also accessible through the easily remembered URL csirt.xyz.
Bellow, you may find materials for the following areas:
- Security Monitoring and Incident Response
- Threat Hunting
- Penetration Testing
- Malware Analysis
- Application Security
- Miscellaneous
Security Monitoring and Incident Response
- Standards and Best Practices
- ENISA Good Practice Guide for Incident Management
- NIST Computer Security Incident Handling Guide (SP 800-61r2)
- SIM3: Security Incident Management Maturity Model
- SOC-CMM
- Handbook for Computer Security Incident Response Teams (CSIRTs)
- Reference Security Incident Taxonomy (RSIT) (current version)
- FIRST CSIRT/PSIRT Services Framework
- MaGMa Use Case Framework
- Traffic Light Protocol (TLP)
- Incident Response Hierarchy of Needs
- Training Resources
- CSIRT Training Resources from ENISA
- Tutorials for Network Miner and Other Netresec Tools
- PCAP Files for Training - Netresec
- PCAP Files for Training - SANS
- PCAP Files for Training - Malware Traffic Analysis
- PCAP Files for Training - Active Countermeasures
- FIRST Courses
- TRANSITS Materials
- Encyclopedia of evasion techniques
- Collections of Resources
- List of resources for SOC/CSIRT
- SANS Information Security Resources
- List of Security APIs from Alexander Jäger
- List of tools for PDF Analysis
- Malware Analysis Fundamentals - Files & Tools
- Tool Analysis Result Sheet
- TriOp - Tool for quickly gathering statistical information from Shodan.io
- Awsome Incident Response
- Tools
- Threat Intelligence and Threat Modelling
- Misc
- Incident Response: Protecting Individual Rights Under the General Data Protection Regulation
- Processing Data to Protect Data: Resolving the Breach Detection Paradox
- CyberChef Recipes
- Ten process injection techniques: A technical survey of common and trending process injection techniques
- Practical SOC Metrics
Threat Hunting
- Methodologies and Best Practices
- Collections of Resources
- Training Resources
Penetration Testing and Red Teaming
- Methodologies and Best Practices
- OWASP Web Security Testing Guide (WSTG) v4.2
- Open Source Security Testing Methodology Manual (OSSTMM) v3
- Open Source Security Testing Methodology Manual (OSSTMM) v2.1
- Information Systems Security Assessment Framework (ISSAF) v0.2.1
- Penetration Testing Execution Standard (PTES)
- NIST Technical Guide to Information Security Testing and Assessment (SP 800-115)
- CVSS - Common Vulnerability Scoring System v3.1
- FedRAMP Penetration Test Guidance v2.0
- CREST - A guide for running an effective Penetration Testing programme
- GFMA Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry
- TIBER-EU Framework
- Training Resources
-
Collections of Resources
Malware Analysis
- Training Resources
- Collections of Resources
Application Security
- Standards and Best Practices
- Avoiding the Top 10 Software Security Design Flaws
- Microsoft Security Development Lifecycle Practices
- NIST Secure Software Development Framework (SSDF)
- NIST Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (SP 800-37r2)
- NIST Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (SP 800-160 Vol. 1)
- OWASP Application Security Verification Standard
- OWASP SAMM - Software Assurance Maturity Model
- OWASP Secure Coding Practices Quick Reference Guide
- OWASP Top 10 - 2017
- OWASP DSOMM - DevSecOps Maturity Model
- SEI Secure Design Patterns
- SEI Top 10 Secure Coding Practices
- Training Resources
- Collections of Resources
- Tools
Miscellaneuos
- Standards and Best Practices
- Training Resources