Merge 4d2784ea74 into f8ee8314b7

Add Stratus Red Team.
Add some interesting tools developed by CISA: RedEye, UGT, Crossfeed.
2023-08-30 09:38:50 -03:00 · 2023-08-17 19:21:11 -04:00 · 2023-07-18 00:58:13 -04:00 · 2021-10-16 02:23:46 +02:00
1 changed files with 10 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -44,6 +44,7 @@ Many cybersecurity professionals enable racist state violence, wittingly or unwi
 - [Operating System distributions](#operating-system-distributions)
 - [Phishing awareness and reporting](#phishing-awareness-and-reporting)
 - [Preparedness training and wargaming](#preparedness-training-and-wargaming)
+  - [Post-engagement analysis and reporting](#post-engagement-analysis-and-reporting)
 - [Security configurations](#security-configurations)
 - [Security monitoring](#security-monitoring)
  - [Endpoint Detection and Response (EDR)](#endpoint-detection-and-response-edr)
@ -269,6 +270,7 @@ See also [Security Orchestration, Automation, and Response (SOAR)](#security-orc
 - [OSXCollector](https://github.com/Yelp/osxcollector) - Forensic evidence collection & analysis toolkit for macOS.
 - [ir-rescue](https://github.com/diogo-fernan/ir-rescue) - Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
 - [Margarita Shotgun](https://github.com/ThreatResponse/margaritashotgun) - Command line utility (that works with or without Amazon EC2 instances) to parallelize remote memory acquisition.
+- [Untitled Goose Tool](https://github.com/cisagov/untitledgoosetool) - Assists incident response teams by exporting cloud artifacts from Azure/AzureAD/M365 environments in order to run a full investigation despite lacking in logs ingested by a SIEM.

 ## Network perimeter defenses

@ -302,6 +304,7 @@ See also [awesome-pentest § Social Engineering Tools](https://github.com/fabaca
 - [Swordphish](https://github.com/certsocietegenerale/swordphish-awareness) - Platform allowing to create and manage (fake) phishing campaigns intended to train people in identifying suspicious mails. 
 - [mailspoof](https://github.com/serain/mailspoof) - Scans SPF and DMARC records for issues that could allow email spoofing.
 - [phishing_catcher](https://github.com/x0rz/phishing_catcher) - Configurable script to watch for issuances of suspicious TLS certificates by domain name in the Certificate Transparency Log (CTL) using the [CertStream](https://certstream.calidog.io/) service.
+- [ThePhish](https://github.com/emalderson/ThePhish) - An automated phishing email analysis tool based on TheHive, Cortex and MISP.

 ## Preparedness training and wargaming

@ -317,8 +320,13 @@ See also [awesome-pentest § Social Engineering Tools](https://github.com/fabaca
 - [Metta](https://github.com/uber-common/metta) - Automated information security preparedness tool to do adversarial simulation.
 - [Network Flight Simulator (`flightsim`)](https://github.com/alphasoc/flightsim) - Utility to generate malicious network traffic and help security teams evaluate security controls and audit their network visibility.
 - [RedHunt OS](https://github.com/redhuntlabs/RedHunt-OS) - Ubuntu-based Open Virtual Appliance (`.ova`) preconfigured with several threat emulation tools as well as a defender's toolkit.
+- [Stratus Red Team](https://stratus-red-team.cloud/) - Emulate offensive attack techniques in a granular and self-contained manner against a cloud environment; think "Atomic Red Team™ for the cloud."
 - [tcpreplay](https://tcpreplay.appneta.com/) - Suite of free Open Source utilities for editing and replaying previously captured network traffic originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems.

+### Post-engagement analysis and reporting
+
+- [RedEye](https://cisagov.github.io/RedEye/) - Analytic tool to assist both Red and Blue teams with visualizing and reporting command and control activities, replay and demonstrate attack paths, and more clearly communicate remediation recommendations to stakeholders.
+
 ## Security configurations

 (Also known as *secure-by-default baselines* and *implemented best practices*.)
@ -327,7 +335,8 @@ See also [awesome-pentest § Social Engineering Tools](https://github.com/fabaca

 ## Security monitoring

-* [Starbase](https://github.com/JupiterOne/starbase) - Collects assets and relationships from services and systems into an intuitive graph view to offer graph-based security analysis for everyone.
+- [Crossfeed](https://docs.crossfeed.cyber.dhs.gov/) - Continuously enumerates and monitors an organization’s public-facing attack surface in order to discover assets and flag potential security flaws.
+- [Starbase](https://github.com/JupiterOne/starbase) - Collects assets and relationships from services and systems into an intuitive graph view to offer graph-based security analysis for everyone.

 ### Endpoint Detection and Response (EDR)
Author	SHA1	Message	Date
Emanuele Galdi	241dab0136	Merge `4d2784ea74` into `f8ee8314b7`	2023-08-30 09:38:50 -03:00
0xACAB	f8ee8314b7	Add Stratus Red Team.	2023-08-17 19:21:11 -04:00
fabacab	52614c3dc1	Add some interesting tools developed by CISA: RedEye, UGT, Crossfeed.	2023-07-18 00:58:13 -04:00
emalderson	4d2784ea74	Update README.md	2021-10-16 02:23:46 +02:00