Adrian Colyer | Adrian Colyer | When CSI meets public wifi: Inferring your mobile phone password via wifi signals | Hunt, Mobile, WiFi, Password | 2016 |
Amir.H Shahin | Amir.H Shahin | Mobile Application Penetration Testing Cheat Sheet | Hunt, CheatSheet | 2015 |
Andrei Miroshnikov | Microsoft | Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference | Hunt, Windows Event Logs Win10/Server2016 | 2016 |
Ankit Anubhav | FireEye | The Journey of Behavioral Evasion | Threat Intel | 2016 |
Anthony Russ | SANS | Detecting Security Incidents Using Windows Event Logs | Hunt, Windows Event Logs | 2013 |
Anton Chuvakin | Gartner | On Comparing Threat Intelligence Feeds | Threat Intel | 2014 |
Anubis Labs | Anubis Labs | Malware Analysis Sample Report | Report Writing | 2014 |
Anuj Soni | SANS | Closing the Door on Web Shells | Hunt, Web Shells | 2014 |
Balaji N. | GBHackers | How to Build and Run a SOC | CERT, CSIRT, SOC | 2017 |
Basil Alawi S.Taher | SANS | Windows Events log for IR/Forensics ,Part 1 | Hunt | 2016 |
Basil Alawi S.Taher | SANS ISC | NetWitness Tutorial | NetWitness, Tutorial | 2014 |
Benjamin | Benjamin | 99 Best Intelligence Resources | Threat Intel, Links | 2017 |
Brad Garnett | SANS | Intro to Report Writing for Digital Forensics Part 1 | Report Writing | 2010 |
Brad Garnett | SANS | Intro to Report Writing for Digital Forensics Part 2 | Report Writing | 2013 |
Brian Baskin | Brian Baskin | Malware Analysis | Malware Analysis | 2013 |
Brian Girardi | NetWitness | NetWitness Tutorial | NetWitness, Tutorial | 2010 |
Chris Bing | CyberScoop | Hackable Hospital Washing Machine | IoT | 2017 |
Claus Cramon Houmann | PeerLyst | How To Build And Run A SOC for Incident Response | Threat Intel | 2016 |
CrowdStrike | CrowdStrike | CrowdStrike Putter Panda Report | Report Writing | 2014 |
CrowdStrike | CrowdStrike | CrowdStrike Deep Panda Report | Report Writing | 2012 |
Dallas Haselhorst | SANS | Uncovering IoCs Using PowerShell, Event Logs and a Traditional Monitoring Tools | Hunt, TTPs, Windows Event Logs, PowerShell | 2015 |
David Bianco | David Bianco | A Simple Hunting Maturity Model | Hunt | 2015 |
David Bianco | David Bianco | Hunting for Malware Critical Process Impersonation | Hunt | 2016 |
David Bianco | David Bianco | Cyber Hunting: 5 Tips To Bag Your Prey | Hunt | 2015 |
David Bianco | David Bianco | The ThreatHunting Project | Hunt | 2017 |
David Bianco | David Bianco | The ThreatHunting Project (GitHub) | Hunt | |
enigma0x3 | enigma0x3 | Lateral Movement Using MMC20 Part 1 | Lateral Movement | 2017 |
enigma0x3 | enigma0x3 | Lateral Movement Using MMC20 Part 2 | Lateral Movement | 2017 |
fl0x2208 | That Security | Threat Hunting and Pyramid of Pain | Hunt | 2016 |
Fred House, Claudiu Teodorescu, Andrew Davis | FireEye | Shim Shady: Live Investigations of the Application Compatibility Cache | Hunt | 2015 |
Gerard Laygui | Gerard Laygui | Forensic Artifacts From A Pass The Hash (PtH) Attack | Hunt, Pass The Hash | 2015 |
Gregory Weber | Toffler Associates | Are You Certain You’re Prepared for Unpredictable Threat? | Threat Intel | 2016 |
gwern | gwern | BlackMarket Risks | Hunt, Threat Intel | 2016 |
Harmj0y (Will) | Harmj0y (Will) | PowerSCCM | Hunt, SCCM | 2016 |
Harmj0y (Will) | Harmj0y (Will) | PowerSploit Cheatsheet | Hunt, PowerSploit | 2015 |
Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf | (IJCSIS) International Journal of Computer Science and Information Security | Botnet Detection by Monitoring Similar Communication Patterns | Threat Intel | 2010 |
Ian Barton, boingomw | Ian Barton, boingomw | Deloitte Feed Links Hunt | Hunt | 2016 |
Jack Crook | Jack Crook | Hunting Lateral Movement | Hunt, Lateral Movement | 2016 |
Jack Crook | Jack Crook | The Hunting Cycle and Measuring Success | Hunt, Metrics | 2016 |
Jack Crook | Jack Crook | My Thoughts on Threat Hunting | Hunt | 2016 |
Jack Crook | Jack Crook | Categories of Abnormal | Hunt, TTPs | 2016 |
Jack Crook | Jack Crook | What Does Hunting Look Like? | Hunt | 2017 |
Jake Williams | SANS | Report Writing Part 1 | Report Writing | 2013 |
Jake Williams | SANS | Report Writing Part 2 | Report Writing | 2013 |
Jake Williams | SANS | Report Writing Part 3 | Report Writing | 2013 |
Jeff John Roberts | Fortune | What Companies Get Wrong About Machine Learning | Hunt, Threat Intel | 2016 |
Jeremiah Grossman | Jeremiah Grossman | Jeremiah Grossman | Slide Presentations | Various |
Jeremy Leighton John | Digital Preservation Coalition | Digital Forensics and Preservation | Report Writing | 2012 |
Josh Liburdi | Josh Liburdi | Hunting for PowerShell Using HeatMaps | Hunt, PowerShell | 2017 |
JPCERT | JPCERT | LogonTracer Tool | Tool, Windows Event Logs | 2017 |
JPCERT-CC | JPCERT-CC | Detecting Lateral Movement through Tracking Event Logs | Hunt, Lateral Movement | 2017 |
Julio Cesarfort | Julio Cesarfort | Public PenTesting Report Repository | Report Writing | 2016 |
Ken Thompson | ACM | Reflections on Trusting Trust | Trust, Attribution | 1984 |
Koen Van Impe | Network World | Comparing Different Tools for Threat Sharing | Threat Intel | 2015 |
Kurt Thomas, Rony Amira, Adi Ben-Yoash, Ori Folger, Amir Hardon, Ari Berger, Elie bursztein, Michael Bailey | Google, Inc. | The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges | Threat Intel | 2015 |
Levi Gundert | RecordedFuture | Shell No! (Part 1) Adversary Web Shell Trends and Mitigations | Hunt | 2016 |
Levi Gundert | RecordedFuture | Shell No! (Part 2) Introducing Cknife, China Chopper’s Sibling | Hunt | 2016 |
Luis Rocha | Luis Rocha | CountUponSecurity SOC Metrics | CERT, CSIRT, SOC | 2015 |
Maarten de Frankrijker, Christian Reina, Steve Warnock | Maarten de Frankrijker, Christian Reina, Steve Warnock | CISSP CheatSheet | CISSP, CheatSheet | 2017 |
Mansour A. Alharbi | SANS | Writing a PenTest Report | Report Writing | 2010 |
Marc Rivero López | Marc Rivero López | Hunting .NET Malware | Hunt, Malware | 2017 |
Mark Russinovich | Mark Russinovich | Mark Russinovich Hunting With SysInternals SysMon | Hunt, SysInternals, RSA | 2017 |
Matt Graeber | Matt Graeber | PowerShell is Not Special | Hunt, PowerShell | 2017 |
Matthew Dunwoody | FireEye | Greater Visibility Through PowerShell Logging | Hunt | 2016 |
Melia Kelley | Melia Kelley | Report Writing CheatSheet | Report Writing | 2012 |
Michael Gough | Michael Gough | Malwarearchaeology CheatSheets | Hunt, CheatSheets | 2016 |
Michael Gough | Splunk | Finding Advanced Attacks and Malware With Only 6 Windows EventID’s | Hunt, Windows Event Logs | 2016 |
Microsoft | Microsoft | Windows 8, Server 2012 Security Event Descriptions | Hunt, Windows Event Logs Win8/Server2012 | |
Microsoft | Microsoft | Windows 7, Server 2008R2 Security Event Descriptions | Hunt, Windows Event Logs Win7/Server2008R2 | |
Microsoft | Microsoft | Vista, 2008 Security Event Descriptions | Hunt, Windows Event Logs WinVista/Server2008 | |
Mike Murr | SANS | Writing Malware Reports | Report Writing | 2012 |
Mike Rothman | Securosis | Building a Threat Intelligence Program | Threat Intel | 2016 |
Mike Rothman | Securosis | Applied Threat Intelligence | Threat Intel | 2015 |
Monnappa KA | Monnappa KA | Process Hollowing and HollowFind | Hunt, HollowFind, Volatility | 2016 |
N/A | N/A | Security Assessment Maintenance Checklist | Report Writing | 2008 |
Network World | Network World | 12 managed security-services providers you should know | Threat Intel, MSSP | 2008 |
Nicholas Popovich | Optiv | MSSQL Agent Jobs for Command Execution | Hunt | 2016 |
Nick Caldwell | HackerNoon | Worst Career Advice I Ever Received | | 2019 |
Offensive Security | Offensive Security | PenTesting Report Sample | Report Writing | 2013 |
PagerDuty | PagerDuty | PagerDuty Incident Response Templates | Incident Response | 2017 |
Paul Poputa-Clean | SANS | Automated Defense Using Threat Intelligence | Threat Intel | 2015 |
Rafeeq Rehman | Rafeeq Rehman | Building a Successful SOC | CERT, CSIRT, SOC | 2017 |
RedTeamBlueTeam | RedTeamBlueTeam | Spotting the Adversary with Windows Event Log Monitoring, Part I | Hunt | 2015 |
RedTeamBlueTeam | RedTeamBlueTeam | Spotting the Adversary with Windows Event Log Monitoring, Part II | Hunt | 2015 |
Richard Chirgwin | Register UK | Dishwasher Directory Traversal Bug | IoT | 2017 |
Robert M. Lee | SANS | The Problems with Seeking and Avoiding True Attribution to Cyber Attacks | Advanced Persistent Threat, Cyber Threat, Incident Response, Hunt | 2016 |
Robert M. Lee | Robert M. Lee | Common Analyst Mistakes and Claims of Energy Company Targeting Malware | Threat Intel | 2016 |
Ronnie Flathers | Ronnie Flathers | Payload CheatSheet | Payload, CheatSheet, Exfil | 2016 |
Ryan Fyffe | CrowdStrike | Open Source Recon | Hunt | 2016 |
Samuel Alonso | Samuel Alonso | Cyber Threat Hunting (1): Intro | Cyber kill chain, Incident Detection, incident response, Hunt | 2016 |
Sean Metcalf | ActiveDirectory Security | Beyond the MCSE: Red Teaming Active Directory | Hunt | 2014 |
Sergio Caltagirone | ActiveResponse | | Hunt | 2016 |
Sergio Caltagirone | ActiveResponse | Unofficial Microsoft Threat Intelligence | Threat Intel | 2016 |
Sergio Caltagirone | ActiveResponse | 15 Things Wrong with Today’s Threat Intelligence Reporting | Threat Intel | 2014 |
Sergio Caltagirone, Andrew Pendergast, Christopher Betz | Malaysia University | The Diamond Model of Intrusion Analysis | Threat Intel | 2013 |
Shusei Tomonaga | JPCERT-CC | Windows Commands Abused by Attackers | Hunt | 2016 |
Shusei Tomonaga | JPCERT | Visualise Event Logs to Identify Compromised Accounts - LogonTracer | Hunt, Windows Event Logs | 2017 |
Team Cymru | Team Cymru | THE DARKNET PROJECT | Hunt | 2004 |
ThreatConnect | ThreatConnect | THREAT INTELLIGENCE PLATFORMS Everything Youve Ever Wanted toKnow But Didn’t Know to Ask | Threat Intel | 2015 |
Toffler Associates | Toffler Associates | Odays: How Hacking Really Works | Hunt, Threat Intel | 2005 |
Ton Sager | SANS | Killing Advanced Threats in Their Tracks | Hunt, TTPs | 2014 |
Various | University of Wisconson-Madison | Fuzz Testing of Application Reliability | Hunt, Tool | Various |
Various | SANS | Cyber Threat Intelligence Summit | Threat Intel | 2017 |
Wayne Piekarski | Wayne Piekarski | Google Android Internet of Things platform | Google, Android, IoT | 2016 |
William Hart | RSA | NetWitness Tutorial | NetWitness, Tutorial | 2016 |
Y.M. Wara, D. Singh | IEEE | CSIRT Success | CERT, CSIRT, SOC | 2015 |