Welcome to the CyberSecurity-Playground wiki!
A good reference for my CyberSecurity Playground
IP Addresses Blocking
@echo off
if "%1"=="list" (
netsh advfirewall firewall show rule Blockit | findstr RemoteIP
exit/b
)
:: Deleting existing block on ips
netsh advfirewall firewall delete rule name="Blockit"
:: Block new ips (while reading them from blockit.txt)
for /f %%i in (blockit.txt) do (
netsh advfirewall firewall add rule name="Blockit" protocol=any dir=in action=block remoteip=%%i
netsh advfirewall firewall add rule name="Blockit" protocol=any dir=out action=block remoteip=%%i
)
:: call this batch again with list to show the blocked IPs
call %0 list
a. Create a blockit.txt with your IPs to block and run blockit.
b. You can run blockit list to check which IPs are blocked at the moment.
Note: This needs to be run as Administrator.
Note: if you wanted outgoing or incoming traffic blocked so we added both dir=in and dir=out. We can delete one or the other (or leave them both for both directions).
Vulnerability Management/Research
- Vfeed
- Proactive Detection Content of Specific Vulnerability Mapped Against ATT&CK Sigma
- CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege
- PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth (CVE-2020-1048 & more)
- SMBGhost pre-auth RCE abusing Direct Memory Access structs
- Cmd Hijack - a command/argument confusion with path traversal in cmd.exe
- OpenCVE Vuln Alerts
- Continuous Vuln Scanner - NERVE
DDoS
Offense & Defense
- Introduction to Pentesting
- Atomic Red Team
- Passive Recon & Asset Discovery
- OWASP Nettacker
- Active Directory Attack & Defense
- Windows 10 Recommended Block Rules
- Application Whitelisting Bypass (DotNet)
- DLL Auto Execution Technique
- OSCP Resources
- Powershell Obfuscation using Secure String
- Sigma Rules
- Windows Red Team Cheat Sheet
- Evasion Techniques
- Windows Privilege Escalation Guide
- Heaven Gate Technique on Linux
- Pivoting Guide
- Using SRDI to Bypass AV & EDR
- File Upload Vulnerability Scanner and Exploitation Tool
- Windows Server 2008R2-2019 NetMan DLL Hijacking
- Breaking Typical Windows Hardening Implementations
- Curated SecTools
- APTSimulator
- ezEmu
- Sharp-Suite
- RustScan - Modern Port Scanner
- Shodan Pentest Guide
- SSRF — Server Side Request Forgery (Types and ways to exploit it)
- Demo – Illicit Consent Grant Attack In Azure AD / Office 365
- Fast TCP tunnel, transported over HTTP, secured via SSH
- WAF Evasion
- TREVORspray is a modular password sprayer with threading, SSH proxying, loot modules, and more!
- Azure Outlook C2
- Impulsive DLL Hijack
- AzureAD ATT/DEF
- Simple ShellCode
- Full DLL Unhooking CSharp
- Windows API Hashing
- Pass Stealing NPPSPY
Malware Related
- 0 day malware prevention / detection
- Ransomware Protection and Containment Strategies
- Understanding Malware
- Multi-Platform Malware
- Google Play BankBot Trojan 0 detection
- Android Two Stages Decryption
- Multiple Platform Malware Databases
- Ransomware Builder
- Weaponize Legitimate PE
- Emotet-Havoc Wreaking Malware
- Rank Strings Output Speedier Malware Analysis
- Malware Analysis Fundamentals - Files & Tools
- Manual Dridex Dropper Malicious Document Deobfuscation Methods
- When Anti-Virus Engines Look Like Kernel Rootkits
- First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol
- Hiding your .NET - COMPlus_ETWEnabled
- theZoo - A Live Malware Repository
- NetLoader
- PE-SIEVE
- DLL Proxy Loading Your Favourite C# Implant
- Codex Gigas malware DNA profiling
- Memory Hunter
- RE the Emotet
Reversing
- Dissected PE Breakthrough
- Reversing for Beginners
- Deobfuscating APT Flow Graphs with cutter and radare2
- Advanced Binary Deobfuscation
- Finding executables prone to DLL hijacking
- Converting an EXE to a DLL
Threat Intelligence
- Guide To Cyber Threat Intelligence
- Reporting Template
- RecordedFuture Threat Intelligence Handbook
- How Threat Intelligence Helps Organizations
- Tracking user location from IP address using Google API
- CTI is Better Served with Context: Getting better value from IOCs
- Lupo — Malware IOC Extractor
- OSINT VM
- Real Intelligence Threat Analytics
- Semi-Auto OSINT
Audit, Automated Framework
Threat Hunting
- MageCart
- DNS over HTTPS
- Hunting TA with TLS Cert
- Hunting for Privilege Escalation
- Threat-Hunting-Cheat-Sheat
- Hunting for Apache rootkit using OSquery
- APT Hunter Windows Event Logs
- Kestrel TH Language
- Hunting NGROK
- Translation Engine for Threat Hunters
Log Management/SOC
- Windows Powershell Logging Cheat Sheet
- https://cyberstartupobservatory.com/cyber-security-frameworks/
- Automate the boring for your SOC with automatic investigation and remediation!
Digital Forensic and Incident Response (DFIR)
- Banking Trojan
- DFIR Cheat Sheet
- Volatility Workbench
- Incident Handling Automation Project
- Excel Pivot Functions Forensic Analysis Techniques
- RE&CT Framework
- Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints.
- Sysmon 11 — DNS improvements and FileDelete events
- GRR Rapid Response
- Writing Reports
- Collecting And Analyzing Logs In Azure AD
- Latest File Extension used by Hackers
- Windows Common Techniques used by Malware
- Finding the Evil in TLS 1.2 Traffic – Detecting Malware on Encrypted Traffic
- Most Common Windows Event IDs to Hunt – Mind Map
- No Logs? No Problem!
Scripting
CyberSecurity Framework
Misc
- Moloch Full Packet Capture
- An OODA-driven SOC Strategy using: SIEM, SOAR and EDR
- SOC Automated Workflow
TO BE UPDATED FROM TIME TO TIME
IF YOU WISH TO CONTRIBUTE TO THIS REPO, PLEASE SEND EMAIL TO [email protected] OR VIA TELEGRAM: @Viszsec