This page contains links to couple of interesting training resources, tools and other material useful for Incident Response, Penetration Testing, Malware Analysis and other security-related activities.

Although I’ve placed it here mainly for myself and students of my security courses, if you find it useful, it is also accessible through the easily remembered URL csirt.xyz.

Security Monitoring and Incident Response

• Standards and Best Practices
  • ENISA Good Practice Guide for Incident Management
  • NIST Computer Security Incident Handling Guide (SP 800-61r2)
  • SIM3: Security Incident Management Maturity Model
  • SOC-CMM
  • Handbook for Computer Security Incident Response Teams (CSIRTs)
  • Reference Security Incident Taxonomy (RSIT) (current version)
  • FIRST CSIRT/PSIRT Services Framework
  • MaGMa Use Case Framework
  • Traffic Light Protocol (TLP)
  • Incident Response Hierarchy of Needs

• Training Resources
  • CSIRT Training Resources from ENISA
  • Tutorials for Network Miner and Other Netresec Tools
  • PCAP Files for Training - Netresec
  • PCAP Files for Training - SANS
  • PCAP Files for Training - Malware Traffic Analysis
  • FIRST Courses
  • TRANSITS Materials
  • Encyclopedia of evasion techniques

• Collections of resources
  • List of resources for SOC/CSIRT
  • Collection - How To Build And Run A SOC for Incident Response
  • SANS Information Security Resources
  • List of Security APIs from Alexander Jäger
  • List of tools for PDF Analysis
  • Tool Analysis Result Sheet

• Tools
  • Network Miner
  • Flare VM
  • SIFT - SANS Forensic VM
  • Didier Stevens Suite
  • CyberChef
  • YARA
  • Sigma - Generic Signature Format for SIEM Systems
  • KAPE - Kroll Artifact Parser and Extractor
  • MITRE ATT&CK Navigator

• Misc
  • Incident Response: Protecting Individual Rights Under the General Data Protection Regulation
  • Processing Data to Protect Data: Resolving the Breach Detection Paradox

Threat Hunting

• Methodologies and Best Practices
  • Hunt Evil: Your Practical Guide to Threat Hunting
  • Sqrrl Cyber Hunting Maturity Model
  • Crown Jewels Analysis
  • The Endgame Guide to Threat Hunting
  • TaHiTI Threat Hunting Methodology

• Collections of resources
  • Resource Threat Detection and Hunting
  • Threat Hunter Project
  • The ThreatHunting Project
  • Threat Hunting & DFIR
  • The Mordor Project

• Training Resources
  • Active Countermeasures Threat Hunt Training Course

• Misc
  • Ten process injection techniques: A technical survey of common and trending process injection techniques
  • Generating Hypotheses for Successful Threat Hunting

Penetration Testing

• Methodologies and Best Practices
  • OWASP Web Security Testing Guide (WSTG) v4.2
  • Open Source Security Testing Methodology Manual (OSSTMM) v3
  • Open Source Security Testing Methodology Manual (OSSTMM) v2.1
  • Information Systems Security Assessment Framework (ISSAF) v0.2.1
  • Penetration Testing Execution Standard (PTES)
  • NIST Technical Guide to Information Security Testing and Assessment (SP 800-115)
  • FedRAMP Penetration Test Guidance v2.0
  • CREST - A guide for running an effective Penetration Testing programme

• Training Resources
  • Google Hacking for Penetration Testers
  • Cybrary.it - Security Training Videos
  • PentesterLab - Web App Pentesting Training

• Collections of resources

  • PayloadsAllTheThings
  • 20+ Free Resources To Legally Practice Your Ethical Hacking Skills
  • Awesome Penetration Testing

• Tools
  • Red Team Tool Roundup
  • Reverse Shell Generator
  • Nmap

Malware Analysis

• Training Resources
  • Reverse Engineering Tutorials
  • Manual Generation of a Memory Dump
  • Farbar’s Recovery Scan Tool Tutorial
  • Basic Reverse Engineering with Immunity Debugger
  • Malware Hunting with the Sysinternals Tools

• Collections of resources
  • Reverse Engineering resources
  • Awesome Malware Analysis
  • Malware Sample Sources for Researchers
  • theZoo - A Live Malware Repository
  • malware-gems
  • Overview of free online malware analysis sandboxes

• Tools
  • Sysinternals Suite
  • pestudio
  • Cuckoo Sandbox
  • Farbar Recovery Scan Tool

Application Security

• Standards and Best Practices
  • Avoiding the Top 10 Software Security Design Flaws
  • CVSS - Common Vulnerability Scoring System v3.1
  • NIST Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy (SP 800-37r2)
  • NIST Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (SP 800-160 Vol. 1)
  • OWASP Application Security Verification Standard
  • OWASP SAMM - Software Assurance Maturity Model
  • OWASP Secure Coding Practices Quick Reference Guide
  • OWASP Top 10 - 2017
  • SEI Secure Design Patterns