Interesting links - PSJoshi/Notes GitHub Wiki
-
Threat analysis:
-
Possibly with own sandbox based on cuckoo - http://www.threatexpert.com/
-
Good presentation from logrhythm - https://www.slideshare.net/LogRhythm/5-obstacles-to-faster-cyber-threat-detection-and-response-slideshare
-
Tripwire article - Creating anti-honeypots - https://www.tripwire.com/state-of-security/security-data-protection/anti-honeypot-repelling-attackers-using-fake-indicators/
-
Detect sandbox by cursor movement speed - https://github.com/G4lB1t/SmoothCriminal
-
Databricks spark reference applications - https://github.com/databricks/reference-apps
-
Whois REST API - https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API List windows hotfixes - https://support.industry.siemens.com/cs/document/48844294/how-can-you-find-out-which-microsoft-patches-are-installed-on-the-pc?dti=0&lc=en-WW
-
Determine Windows patching level - http://searchmidmarketsecurity.techtarget.com/tip/Determine-your-Microsoft-Windows-patch-level
-
Hardware info about machine - https://github.com/rdobson/python-hwinfo
-
Nmon output parser - https://pypi.python.org/pypi/pyNmonAnalyzer/1.0.3
-
Microsoft Systeminfo Security Bulletin Parser - https://github.com/Meatballs1/kb2mssb
-
Screenshot of webpage- https://github.com/Meatballs1/PyWebShot
-
Noriben - portable,simple malware analysis sandbox -https://github.com/Rurik/Norib
-
Memory forensics using Volatility - http://volatility-labs.blogspot.in/2016/08/automating-detection-of-known-malware.html
-
Digit classifier - https://github.com/karandesai-96/digit-classifier
-
Motion controlled smart mirror - https://github.com/Shinao/SmartMirror
-
Bluetooth enabled door and security camera - https://github.com/Shinao/Home
-
Check vulnerabilities on hosts using python/open source tools - https://github.com/PeterMosmans/security-scripts
-
Interesting data science article - https://www.analyticsvidhya.com/blog/2016/08/tutorial-data-science-command-line-scikit-learn/
-
CyMon Host enricher - https://github.com/cudeso/host-enrich
-
OPML security feeds - https://github.com/cudeso/OPML-Security-Feeds
-
Data analytics on vulnerability data - https://www.sans.org/reading-room/whitepapers/riskmanagement/applying-data-analytics-vulnerability-data-3 6532
-
Practical guide to anomaly detection - https://bigpanda.io/blog/a-practical-guide-to-anomaly-detection
-
Steelscript framework - https://support.riverbed.com/apis/steelscript/SharkFest2014.slides.html
-
Cohort analysis using python - http://www.gregreda.com/2015/08/23/cohort-analysis-with-python/
-
Redsketch - https://medium.com/@mbromileyDFIR/scripting-saturday-redsketch-1eff44baa09c#.a07bmhlfe
-
Watch for ip/url strings in process - https://github.com/adamkramer/film_reel/blob/master/film_reel.py
-
CVE bot - https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/
-
scripts - https://github.com/xme/toolbox
-
Scan the systems with NMAP and find potential vulnerabilities - https://github.com/NorthernSec/CVE-Scan
-
Establish baseline using WMI scripts - https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-37482
-
Flask based system information - https://github.com/ThomasTJdev/flask_system_information/tree/master
-
Detect firewall,anti-virus,anti-spyware on Windows using WMI - http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-changes-course-triple-checks-security-software/
-
Tracking HTTP Post requests using mod_security and ELK - https://isc.sans.edu/forums/diary/Tracking+HTTP+POST+data+with+ELK/20345/
-
Detect website changes - http://codereview.stackexchange.com/questions/119951/email-a-notification-when-detecting-changes-on-a-website
-
proxy list- https://github.com/Chan9390/Proxy-List/blob/master/Proxy-List.py
-
IP address tracker
-
Detect address change and send tweet to your account - https://github.com/iiSeymour/tweetdns/blob/master/tweetdns.py
-
Popular python libraries - https://libraries.io/search?languages=Python
-
Create a chatbot in python - https://github.com/gunthercox/ChatterBot
-
Malware analysis framework - https://github.com/KoreLogicSecurity/mastiff
Disable Macros in MS Word/EXCEL:
-
https://ittechlog.wordpress.com/2013/02/21/disabling-the-office-2010-security-misery/
-
Linux malware detection - https://linux-audit.com/dealing-with-linux-malware-insights-by-the-author-of-rkhunter/
-
Detect linux malware by change: AIDE Samhain
-
Detect linux malware on the network: Increased HTTP traffic, SMTP traffic as compared to normal
-
Detect linux malware locally Chkrootkit ClamAV Linux Malware Detect(LMD) Rootkit hunter
-
Importance of logs- https://honeycomb.io/blog/2017/04/lies-my-parents-told-me-about-logs/?__s=7g7vn965qmsueugknmqq
-
Automating Data Reduction via Whitelists (NSRL server) - https://sysforensics.org/2014/10/automating-data-reduction-via-whitelists/
-
Do not fumble the lateral movement (RDP sessions) - https://sysforensics.org/2014/01/lateral-movement/
-
Know your windows processes - https://sysforensics.org/2014/01/know-your-windows-processes/
-
Python registry parser - https://sysforensics.org/2015/03/python-registry-parser/
-
Using assessment tools in ICS - https://www.slideshare.net/dgpeters/6-assessment-peterson
-
Browser automation - https://www.quora.com/Can-I-make-a-program-to-automatically-reply-to-WhatsApp-texts-using-Python
-
Windows registry keys - https://github.com/libyal/winreg-kb/tree/master/documentation
-
Audit host baseline - https://github.com/aboutsecurity/Audit_Host-Baseline
-
Looking for unknown cyber anomaly conditions - http://problemsolverblog.czekaj.org/cybersecurity/looking-unknown-anomaly-hacktivism-7/
-
Joyplots in python - http://sbebo.github.io/blog/blog/2017/08/01/joypy/
-
Site traffic statistics - https://hypestat.com
-
Threat intelligence
-
Sysmon
- Sysmon viewer - https://www.fwhibbit.es/sysmon-the-big-brother-of-windows-and-the-super-sysmonview
- Word document with Macro analysis using sysmon - http://syspanda.com/index.php/2017/10/10/threat-hunting-sysmon-word-document-macro/
- Collecting Windows firewall logs using sysmon - http://syspanda.com/index.php/2017/10/04/collecting-sending-windows-firewall-event-logs-elk/
-
FluentD vs Logstash - https://www.loomsystems.com/blog/single-post/2017/01/30/a-comparison-of-fluentd-vs-logstash-log-collector
-
Cybersift cyber attack map - https://medium.com/@cybersiftIO/introducing-the-cybersift-attack-map-c9ebc0cc4518
-
Cybershift documentation - https://github.com/CyberSift/CyberSift_Documentation
-
Twitter threat info list - https://twitter.com/foospidy/lists/threat-info
-
Using twitter for Indicators Of Compromise: https://medium.com/@cybersiftIO/using-twitter-as-a-source-of-indicators-of-compromise-bc6877fba629
-
DFIR redefined - http://holisticinfosec.blogspot.in/2017/10/toolsmith-128-dfir-redefined-deeper.html
-
Flask-Bokeh integration - http://biobits.org/bokeh-flask.html
-
Security papers - http://www.thinkmind.org/
-
Intrusion detection using IOC based on best practices and windows log - www.thinkmind.org/index.php?view=article&articleid=icimp_2016_2_20_30032
-
Windows Forensic analysis - make analysis great again - https://github.com/threeplanetssoftware/maga/blob/master/maga.bat
-
Similarity measures - https://github.com/saimadhu-polamuri/DataAspirant_codes/tree/master/Similarity_measures
-
Checking domain availability - http://www.bogotobogo.com/python/python_Web_scraping_with_selenium_for_domain_availability.php
-
Sentiment analysis of twitter feed - https://medium.com/@dmitryrastorguev/sentiment-analysis-of-twitter-timelines-61c73eeacedf
-
Google collaboratory - https://towardsdatascience.com/google-colaboratory-simplifying-data-science-workflow-c70059386323
-
FAME - malware analysis platform - https://github.com/certsocietegenerale/fame
-
Windows event2timeline - https://github.com/certsocietegenerale/event2timeline
-
Incident response methodologies - https://github.com/certsocietegenerale/IRM/tree/master/EN
-
Analyzing windows malware by API calls - https://blog.malwarebytes.com/threat-analysis/2017/10/analyzing-malware-by-api-calls/
-
Cheat sheet for Windows intrusion detection - https://techincidents.com/penetration-testing-cheat-sheet/
-
Virus detection with machine learning - http://www.lancaster.ac.uk/pg/richarc2/dissertation.pdf
-
Univ of Munich Research topics in machine learning for cyber security - https://www.sec.in.tum.de/i20/research
-
Machine learning for detection of malware - https://insights.sei.cmu.edu/sei_blog/2011/09/using-machine-learning-to-detect-malware-similarity.html
-
Use of machine learning techniques for malware analysis - http://cyberforensicator.com/2017/10/26/survey-on-the-usage-of-machine-learning-techniques-for-malware-analysis/
-
Antivirus using machine learning - https://github.com/llSourcell/antivirus_demo
-
SANS paper - Creating logging infrastructure - https://www.sans.org/reading-room/whitepapers/logging/creating-logging-infrastructure-38130
-
User activities profiling on Linux system - https://ruxcon.org.au/assets/2017/slides/Session%20Recording%20Ruxcon%202017.pdf
-
Using Facebook osquery for incident response - https://github.com/palantir/osquery-configuration
-
E-mail analytics - https://www.promodag.com/office-365-mailbox-traffic-and-size-reports
-
Scipython book - https://scipython.com/book
-
Webhoneypot using python simplehttpserver - https://community.saas.hpe.com/t5/Protect-Your-Assets/Leveraging-SimpleHTTPServer-as-a-Simple-Web-Honeypot/ba-p/279164#.WgvYy3BLfIM
-
Comparison of streaming applications - https://dzone.com/articles/spark-streaming-vs-kafka-stream-1
-
Building complex pipelines similar to Luigi, airflow - https://github.com/csurfer/pypette
-
Python for data science researcher - https://github.com/stefanv/
-
Learn Pandas - https://towardsdatascience.com/how-to-learn-pandas-108905ab4955
-
Essential algorithms every ML engineer should know - https://towardsdatascience.com/essential-algorithms-every-ml-engineer-needs-to-know-3167b1e940f
-
Cognitive insights of Logz.io - https://logz.io/blog/announcing-logz-io-cognitive-insights/
-
Mozilla operations security team - https://github.com/jeffbryner/opsec_wikimo
-
Twitter analytics - http://adilmoujahid.com/posts/2014/07/twitter-analytics/
-
Standford data mining course - http://web.stanford.edu/class/cs345a/
-
Find similar documents - https://github.com/streety/Full-text-visualisation
-
E-mail behaviour analysis - http://beneathdata.com/how-to/email-behavior-analysis/
-
Stock market analysis using python - https://www.quantinsti.com/blog/build-technical-indicators-in-python/
-
Dynamic DNS to identify threats - https://sites.google.com/site/nttrungmtwiki/home/it/data-mining/cyber-security/list-of-public-datasets
-
Detecting malicious certificates using Bro - https://www.slideshare.net/AndrewBeard1/detecting-malicious-ssl-certificates-using-bro
Web log analysis
-
Pandas web log analysis - https://github.com/streety/pandas-web-log-analysis/blob/master/Log%20analysis%20presentation.ipynb
-
Visualizing apache access logs - http://graphistry.github.io/pygraphistry/html/Tutorial%20Part%202%20(Apache%20Logs).html
-
Time series analysis for network security - https://www.slideshare.net/mrphilroth/scipy2014
-
Building security threats models - https://www.endgame.com/blog/technical-blog/building-security-threat-models-time-series-analysis
-
Security data analysis - https://github.com/sooshie/Security-Data-Analysis
-
List of public security datasets - https://sites.google.com/site/nttrungmtwiki/home/it/data-mining/cyber-security/list-of-public-datasets
-
Finding periodic signal in time series data - http://qingkaikong.blogspot.in/2017/01/signal-processing-finding-periodic.html
-
Undetectable backdoored PE files - https://haiderm.com/fully-undetectable-backdooring-pe-files/
-
SSL security landscape - https://depthsecurity.com/blog/pins-and-staples-enhanced-ssl-security
-
Security controls - https://www.sans.org/security-resources/posters/20-critical-security-controls/55/download
-
Rapid7 CIS security controls - https://blog.rapid7.com/2017/03/02/the-cis-critical-controls-explained-control-1-inventory-of-authorized-and-unauthorized-devices/
-
Detecting spoofed packets - https://security.stackexchange.com/questions/31999/how-are-spoofed-packets-detected
-
Monitoring of Windows logs with ELK - http://www.ubersec.com/2017/12/03/monitoring-for-windows-event-logs-and-the-untold-story-of-proper-elk-integration/
-
Sign PDF document -
-
Security log analysis training - https://scholarworks.iu.edu/dspace/bitstream/handle/2022/21529/2017%20GPN%20AHM%20Security%20Log%20Analysis%20training.pdf
-
Setting up malware analysis lab at home - https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide
-
Process monitor log analysis - https://github.com/MotiBa/ProcessMonitorAnalyzeMalware
-
Sysmon configuration - https://github.com/MotiBa/Sysmon/blob/master/config_v8.xml
-
Citizen Lab Security Planner - https://securityplanner.org
-
IPython notebook on Keras, Perceptron etc - https://github.com/julienr/ipynb_playground
-
Axeman is a utility to retrieve certificates from Certificate Transparency Lists (CTLs) - https://github.com/CaliDog/Axeman
-
Tweets metadata analyzer - https://github.com/x0rz/tweets_analyzer
-
Text mining resources - https://github.com/stepthom/text_mining_resources
-
Applied Data Science with Python by University of Michigan - https://github.com/Qian-Han/coursera-Applied-Data-Science-with-Python
-
Anomaly detector for RIPE DNS measurements - https://github.com/ripe-dns-anomaly/anomalyDetector
-
Automatic DDos detection and botnet classifier - https://github.com/equalitie/BotHound
-
Apache bad bot blocker - https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker
-
Infosec reference - https://github.com/rmusser01/Infosec_Reference
-
How to index and query using haystack and elastic - https://code.tutsplus.com/articles/how-to-index-and-query-data-with-haystack-and-elasticsearch-in-python--cms-29492
-
Powershell suite - https://github.com/FuzzySecurity/PowerShell-Suite
-
Detect Powershell attacks - http://securityaffairs.co/wordpress/65570/hacking/powershell-attacks.html
-
Memory forensics investigation using volatility - http://www.hackingarticles.in/memory-forensics-investigation-using-volatility-part-1/
-
Track file system changes - https://github.com/sandovsky/auditor
-
Tracking ssllabs-api report using OSSEC - https://blog.rootshell.be/2015/05/18/tracking-ssl-issues-with-the-ssl-labs-api/
-
Tracking reputation of GOV sites - https://www.digitalgov.gov/2015/06/03/taking-the-pulse-of-the-federal-governments-web-presence/
-
Tracking attack indicators in logs - https://www.sans.org/reading-room/whitepapers/logging/detecting-attacks-web-applications-log-files-2074
-
CISCO interesting presentations - https://www.talosintelligence.com/resources#presentations
-
GLPI - Free IT and assest management software - http://glpi-project.org
-
Regular expressions for detection of phishing mails - https://github.com/SwiftOnSecurity/PhishingRegex
-
Why elasticsearch is so popular - http://qr.ae/TU8Sn6
-
Building Windows malware discovery lab - https://www.imfsecurity.com/blog/2017/1/30/building-a-windows-malware-discovery-lab-or-highly-monitored-system
-
Windows 10 - Top events to monitor - http://hackerhurricane.blogspot.in/2016/05/windows-top-10-events-to-monitor-from.html
-
Windows logging cheatsheets - https://www.malwarearchaeology.com/cheat-sheets/
-
Registry analysis with crowdresponse - https://www.crowdstrike.com/blog/registry-analysis-with-crowdresponse/
-
Twitter sentiment analysis - https://datahack.analyticsvidhya.com/contest/practice-problem-twitter-sentiment-analysis
-
DNS traffic analysis using facebook prophet - http://blog.nzrs.net.nz/nz-dns-traffic-trend-and-anomalies/
-
Docker container monitoring for vulnerabilities,anomalous activities - https://github.com/eliasgranderubio/dagda
-
Automated large scale memory forensics - https://medium.com/@henrikjohansen/automating-large-scale-memory-forensics-fdc302dc3383
-
Automated memory analysis - https://www.blackhat.com/docs/us-14/materials/arsenal/us-14-Teller-Automated-Memory-Analysis-Slides.pdf
-
BRO with RITA - https://isc.sans.edu/diary.html
-
PCI-DSS compliance with ELK - https://logz.io/blog/how-to-build-a-pci-dss-dashboard-with-elk-and-wazuh/
-
Automatic APT scanning using LOKI - http://www.redblue.team/2017/04/automating-apt-scanning-with-loki.html