Interesting links - PSJoshi/Notes GitHub Wiki

• Threat analysis:

  • https://www.threatminer.org
  • http://threatcrowd.org/domain.php?domain=emailapp.karvy.com

• Possibly with own sandbox based on cuckoo - http://www.threatexpert.com/

• Good presentation from logrhythm - https://www.slideshare.net/LogRhythm/5-obstacles-to-faster-cyber-threat-detection-and-response-slideshare

• Tripwire article - Creating anti-honeypots - https://www.tripwire.com/state-of-security/security-data-protection/anti-honeypot-repelling-attackers-using-fake-indicators/

• Detect sandbox by cursor movement speed - https://github.com/G4lB1t/SmoothCriminal

• Databricks spark reference applications - https://github.com/databricks/reference-apps

• Whois REST API - https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API List windows hotfixes - https://support.industry.siemens.com/cs/document/48844294/how-can-you-find-out-which-microsoft-patches-are-installed-on-the-pc?dti=0&lc=en-WW

• Determine Windows patching level - http://searchmidmarketsecurity.techtarget.com/tip/Determine-your-Microsoft-Windows-patch-level

• Hardware info about machine - https://github.com/rdobson/python-hwinfo

• Nmon output parser - https://pypi.python.org/pypi/pyNmonAnalyzer/1.0.3

• Microsoft Systeminfo Security Bulletin Parser - https://github.com/Meatballs1/kb2mssb

• Screenshot of webpage- https://github.com/Meatballs1/PyWebShot

• Noriben - portable,simple malware analysis sandbox -https://github.com/Rurik/Norib

• Memory forensics using Volatility - http://volatility-labs.blogspot.in/2016/08/automating-detection-of-known-malware.html

• Digit classifier - https://github.com/karandesai-96/digit-classifier

• Motion controlled smart mirror - https://github.com/Shinao/SmartMirror

• Bluetooth enabled door and security camera - https://github.com/Shinao/Home

• Check vulnerabilities on hosts using python/open source tools - https://github.com/PeterMosmans/security-scripts

• Interesting data science article - https://www.analyticsvidhya.com/blog/2016/08/tutorial-data-science-command-line-scikit-learn/

• CyMon Host enricher - https://github.com/cudeso/host-enrich

• OPML security feeds - https://github.com/cudeso/OPML-Security-Feeds

• Data analytics on vulnerability data - https://www.sans.org/reading-room/whitepapers/riskmanagement/applying-data-analytics-vulnerability-data-3 6532

• Practical guide to anomaly detection - https://bigpanda.io/blog/a-practical-guide-to-anomaly-detection

• Steelscript framework - https://support.riverbed.com/apis/steelscript/SharkFest2014.slides.html

• Cohort analysis using python - http://www.gregreda.com/2015/08/23/cohort-analysis-with-python/

• Redsketch - https://medium.com/@mbromileyDFIR/scripting-saturday-redsketch-1eff44baa09c#.a07bmhlfe

• Watch for ip/url strings in process - https://github.com/adamkramer/film_reel/blob/master/film_reel.py

• https://digital-forensics.sans.org/blog/2017/05/11/turning-a-snapshot-into-a-story-simple-method-to-enhance-live-analysis

• CVE bot - https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/

• scripts - https://github.com/xme/toolbox

• Scan the systems with NMAP and find potential vulnerabilities - https://github.com/NorthernSec/CVE-Scan

• Establish baseline using WMI scripts - https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-37482

• Flask based system information - https://github.com/ThomasTJdev/flask_system_information/tree/master

• Detect firewall,anti-virus,anti-spyware on Windows using WMI - http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-changes-course-triple-checks-security-software/

• Tracking HTTP Post requests using mod_security and ELK - https://isc.sans.edu/forums/diary/Tracking+HTTP+POST+data+with+ELK/20345/

• Detect website changes - http://codereview.stackexchange.com/questions/119951/email-a-notification-when-detecting-changes-on-a-website

• proxy list- https://github.com/Chan9390/Proxy-List/blob/master/Proxy-List.py

• IP address tracker

  • http://www.solarwinds.com/free-tools/ip-address-tracker
  • http://xmodulo.com/how-to-detect-ip-address-conflicts-in.html

• Detect address change and send tweet to your account - https://github.com/iiSeymour/tweetdns/blob/master/tweetdns.py

• Popular python libraries - https://libraries.io/search?languages=Python

• Create a chatbot in python - https://github.com/gunthercox/ChatterBot

• Malware analysis framework - https://github.com/KoreLogicSecurity/mastiff

Disable Macros in MS Word/EXCEL:

• https://social.technet.microsoft.com/Forums/office/en-US/03234330-9e23-4922-9cee-9359ff08302d/registry-setting-for-changing-macro-security-to-enable-all-macros?forum=officesetupdeployprevious

• https://ittechlog.wordpress.com/2013/02/21/disabling-the-office-2010-security-misery/

• https://blogs.technet.microsoft.com/diana_tudor/2014/12/02/microsoft-project-how-to-control-macro-settings-using-registry-keys/

• Linux malware detection - https://linux-audit.com/dealing-with-linux-malware-insights-by-the-author-of-rkhunter/

• Detect linux malware by change: AIDE Samhain

• Detect linux malware on the network: Increased HTTP traffic, SMTP traffic as compared to normal

• Detect linux malware locally Chkrootkit ClamAV Linux Malware Detect(LMD) Rootkit hunter

• Importance of logs- https://honeycomb.io/blog/2017/04/lies-my-parents-told-me-about-logs/?__s=7g7vn965qmsueugknmqq

• Automating Data Reduction via Whitelists (NSRL server) - https://sysforensics.org/2014/10/automating-data-reduction-via-whitelists/

• Do not fumble the lateral movement (RDP sessions) - https://sysforensics.org/2014/01/lateral-movement/

• Know your windows processes - https://sysforensics.org/2014/01/know-your-windows-processes/

• Python registry parser - https://sysforensics.org/2015/03/python-registry-parser/

• Using assessment tools in ICS - https://www.slideshare.net/dgpeters/6-assessment-peterson

• Browser automation - https://www.quora.com/Can-I-make-a-program-to-automatically-reply-to-WhatsApp-texts-using-Python

• Windows registry keys - https://github.com/libyal/winreg-kb/tree/master/documentation

• Audit host baseline - https://github.com/aboutsecurity/Audit_Host-Baseline

• Looking for unknown cyber anomaly conditions - http://problemsolverblog.czekaj.org/cybersecurity/looking-unknown-anomaly-hacktivism-7/

• Joyplots in python - http://sbebo.github.io/blog/blog/2017/08/01/joypy/

• Site traffic statistics - https://hypestat.com

• Threat intelligence

  • https://connectedtechnbiz.wordpress.com/tag/collective-intelligence-framework/
  • http://resources.infosecinstitute.com/open-source-threat-intelligence-tools-techniques/

• Sysmon

  • Sysmon viewer - https://www.fwhibbit.es/sysmon-the-big-brother-of-windows-and-the-super-sysmonview
  • Word document with Macro analysis using sysmon - http://syspanda.com/index.php/2017/10/10/threat-hunting-sysmon-word-document-macro/
  • Collecting Windows firewall logs using sysmon - http://syspanda.com/index.php/2017/10/04/collecting-sending-windows-firewall-event-logs-elk/

• FluentD vs Logstash - https://www.loomsystems.com/blog/single-post/2017/01/30/a-comparison-of-fluentd-vs-logstash-log-collector

• Cybersift cyber attack map - https://medium.com/@cybersiftIO/introducing-the-cybersift-attack-map-c9ebc0cc4518

• Cybershift documentation - https://github.com/CyberSift/CyberSift_Documentation

• Twitter threat info list - https://twitter.com/foospidy/lists/threat-info

• Using twitter for Indicators Of Compromise: https://medium.com/@cybersiftIO/using-twitter-as-a-source-of-indicators-of-compromise-bc6877fba629

• DFIR redefined - http://holisticinfosec.blogspot.in/2017/10/toolsmith-128-dfir-redefined-deeper.html

• Flask-Bokeh integration - http://biobits.org/bokeh-flask.html

• Security papers - http://www.thinkmind.org/

• Intrusion detection using IOC based on best practices and windows log - www.thinkmind.org/index.php?view=article&articleid=icimp_2016_2_20_30032

• Windows Forensic analysis - make analysis great again - https://github.com/threeplanetssoftware/maga/blob/master/maga.bat

• Similarity measures - https://github.com/saimadhu-polamuri/DataAspirant_codes/tree/master/Similarity_measures

• Checking domain availability - http://www.bogotobogo.com/python/python_Web_scraping_with_selenium_for_domain_availability.php

• Sentiment analysis of twitter feed - https://medium.com/@dmitryrastorguev/sentiment-analysis-of-twitter-timelines-61c73eeacedf

• Google collaboratory - https://towardsdatascience.com/google-colaboratory-simplifying-data-science-workflow-c70059386323

• FAME - malware analysis platform - https://github.com/certsocietegenerale/fame

• Windows event2timeline - https://github.com/certsocietegenerale/event2timeline

• Incident response methodologies - https://github.com/certsocietegenerale/IRM/tree/master/EN

• Analyzing windows malware by API calls - https://blog.malwarebytes.com/threat-analysis/2017/10/analyzing-malware-by-api-calls/

• Cheat sheet for Windows intrusion detection - https://techincidents.com/penetration-testing-cheat-sheet/

• Virus detection with machine learning - http://www.lancaster.ac.uk/pg/richarc2/dissertation.pdf

• Univ of Munich Research topics in machine learning for cyber security - https://www.sec.in.tum.de/i20/research

• Machine learning for detection of malware - https://insights.sei.cmu.edu/sei_blog/2011/09/using-machine-learning-to-detect-malware-similarity.html

• Use of machine learning techniques for malware analysis - http://cyberforensicator.com/2017/10/26/survey-on-the-usage-of-machine-learning-techniques-for-malware-analysis/

• Antivirus using machine learning - https://github.com/llSourcell/antivirus_demo

• SANS paper - Creating logging infrastructure - https://www.sans.org/reading-room/whitepapers/logging/creating-logging-infrastructure-38130

• User activities profiling on Linux system - https://ruxcon.org.au/assets/2017/slides/Session%20Recording%20Ruxcon%202017.pdf

• Using Facebook osquery for incident response - https://github.com/palantir/osquery-configuration

• E-mail analytics - https://www.promodag.com/office-365-mailbox-traffic-and-size-reports

• Scipython book - https://scipython.com/book

• Webhoneypot using python simplehttpserver - https://community.saas.hpe.com/t5/Protect-Your-Assets/Leveraging-SimpleHTTPServer-as-a-Simple-Web-Honeypot/ba-p/279164#.WgvYy3BLfIM

• Comparison of streaming applications - https://dzone.com/articles/spark-streaming-vs-kafka-stream-1

• Building complex pipelines similar to Luigi, airflow - https://github.com/csurfer/pypette

• Python for data science researcher - https://github.com/stefanv/

• Learn Pandas - https://towardsdatascience.com/how-to-learn-pandas-108905ab4955

• Essential algorithms every ML engineer should know - https://towardsdatascience.com/essential-algorithms-every-ml-engineer-needs-to-know-3167b1e940f

• Cognitive insights of Logz.io - https://logz.io/blog/announcing-logz-io-cognitive-insights/

• Mozilla operations security team - https://github.com/jeffbryner/opsec_wikimo

• Twitter analytics - http://adilmoujahid.com/posts/2014/07/twitter-analytics/

• Standford data mining course - http://web.stanford.edu/class/cs345a/

• Find similar documents - https://github.com/streety/Full-text-visualisation

• E-mail behaviour analysis - http://beneathdata.com/how-to/email-behavior-analysis/

• Stock market analysis using python - https://www.quantinsti.com/blog/build-technical-indicators-in-python/

• Dynamic DNS to identify threats - https://sites.google.com/site/nttrungmtwiki/home/it/data-mining/cyber-security/list-of-public-datasets

• Detecting malicious certificates using Bro - https://www.slideshare.net/AndrewBeard1/detecting-malicious-ssl-certificates-using-bro

Web log analysis

• Pandas web log analysis - https://github.com/streety/pandas-web-log-analysis/blob/master/Log%20analysis%20presentation.ipynb

• Visualizing apache access logs - http://graphistry.github.io/pygraphistry/html/Tutorial%20Part%202%20(Apache%20Logs).html

• Time series analysis for network security - https://www.slideshare.net/mrphilroth/scipy2014

• Building security threats models - https://www.endgame.com/blog/technical-blog/building-security-threat-models-time-series-analysis

• Security data analysis - https://github.com/sooshie/Security-Data-Analysis

• List of public security datasets - https://sites.google.com/site/nttrungmtwiki/home/it/data-mining/cyber-security/list-of-public-datasets

• Finding periodic signal in time series data - http://qingkaikong.blogspot.in/2017/01/signal-processing-finding-periodic.html

• Undetectable backdoored PE files - https://haiderm.com/fully-undetectable-backdooring-pe-files/

• SSL security landscape - https://depthsecurity.com/blog/pins-and-staples-enhanced-ssl-security

• Security controls - https://www.sans.org/security-resources/posters/20-critical-security-controls/55/download

• Rapid7 CIS security controls - https://blog.rapid7.com/2017/03/02/the-cis-critical-controls-explained-control-1-inventory-of-authorized-and-unauthorized-devices/

• Detecting spoofed packets - https://security.stackexchange.com/questions/31999/how-are-spoofed-packets-detected

• Monitoring of Windows logs with ELK - http://www.ubersec.com/2017/12/03/monitoring-for-windows-event-logs-and-the-untold-story-of-proper-elk-integration/

• Sign PDF document -

  • https://www.kryptokoder.com/download.html
  • https://github.com/zejn/signedpdf

• Security log analysis training - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21529/2017%20GPN%20AHM%20Security%20Log%20Analysis%20training.pdf

• Setting up malware analysis lab at home - https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide

• Process monitor log analysis - https://github.com/MotiBa/ProcessMonitorAnalyzeMalware

• Sysmon configuration - https://github.com/MotiBa/Sysmon/blob/master/config_v8.xml

• Citizen Lab Security Planner - https://securityplanner.org

• IPython notebook on Keras, Perceptron etc - https://github.com/julienr/ipynb_playground

• Axeman is a utility to retrieve certificates from Certificate Transparency Lists (CTLs) - https://github.com/CaliDog/Axeman

• Tweets metadata analyzer - https://github.com/x0rz/tweets_analyzer

• Text mining resources - https://github.com/stepthom/text_mining_resources

• Applied Data Science with Python by University of Michigan - https://github.com/Qian-Han/coursera-Applied-Data-Science-with-Python

• Anomaly detector for RIPE DNS measurements - https://github.com/ripe-dns-anomaly/anomalyDetector

• Automatic DDos detection and botnet classifier - https://github.com/equalitie/BotHound

• Apache bad bot blocker - https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker

• Infosec reference - https://github.com/rmusser01/Infosec_Reference

• How to index and query using haystack and elastic - https://code.tutsplus.com/articles/how-to-index-and-query-data-with-haystack-and-elasticsearch-in-python--cms-29492

• Powershell suite - https://github.com/FuzzySecurity/PowerShell-Suite

• Detect Powershell attacks - http://securityaffairs.co/wordpress/65570/hacking/powershell-attacks.html

• Memory forensics investigation using volatility - http://www.hackingarticles.in/memory-forensics-investigation-using-volatility-part-1/

• Track file system changes - https://github.com/sandovsky/auditor

• Tracking ssllabs-api report using OSSEC - https://blog.rootshell.be/2015/05/18/tracking-ssl-issues-with-the-ssl-labs-api/

• Tracking reputation of GOV sites - https://www.digitalgov.gov/2015/06/03/taking-the-pulse-of-the-federal-governments-web-presence/

• Tracking attack indicators in logs - https://www.sans.org/reading-room/whitepapers/logging/detecting-attacks-web-applications-log-files-2074

• CISCO interesting presentations - https://www.talosintelligence.com/resources#presentations

• GLPI - Free IT and assest management software - http://glpi-project.org

• Regular expressions for detection of phishing mails - https://github.com/SwiftOnSecurity/PhishingRegex

• Why elasticsearch is so popular - http://qr.ae/TU8Sn6

• Building Windows malware discovery lab - https://www.imfsecurity.com/blog/2017/1/30/building-a-windows-malware-discovery-lab-or-highly-monitored-system

• Windows 10 - Top events to monitor - http://hackerhurricane.blogspot.in/2016/05/windows-top-10-events-to-monitor-from.html

• Windows logging cheatsheets - https://www.malwarearchaeology.com/cheat-sheets/

• Registry analysis with crowdresponse - https://www.crowdstrike.com/blog/registry-analysis-with-crowdresponse/

• Twitter sentiment analysis - https://datahack.analyticsvidhya.com/contest/practice-problem-twitter-sentiment-analysis

• DNS traffic analysis using facebook prophet - http://blog.nzrs.net.nz/nz-dns-traffic-trend-and-anomalies/

• Docker container monitoring for vulnerabilities,anomalous activities - https://github.com/eliasgranderubio/dagda

• Automated large scale memory forensics - https://medium.com/@henrikjohansen/automating-large-scale-memory-forensics-fdc302dc3383

• Automated memory analysis - https://www.blackhat.com/docs/us-14/materials/arsenal/us-14-Teller-Automated-Memory-Analysis-Slides.pdf

• BRO with RITA - https://isc.sans.edu/diary.html

• PCI-DSS compliance with ELK - https://logz.io/blog/how-to-build-a-pci-dss-dashboard-with-elk-and-wazuh/

• Automatic APT scanning using LOKI - http://www.redblue.team/2017/04/automating-apt-scanning-with-loki.html