From 7a9a818fcdae96dfa8ab6a42aab3c0f1a366874f Mon Sep 17 00:00:00 2001 From: pe3zx Date: Mon, 20 Nov 2017 00:34:42 +0700 Subject: [PATCH] Update README.md --- README.md | 133 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 96 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index fd19f93..5eeabc9 100644 --- a/README.md +++ b/README.md @@ -77,45 +77,104 @@ My curated list of awesome links, resources and tools + + BloodHound + + + + + + Elasticsearch + + + + + + IDA Pro + + + + + + Masscan + + + + + + osquery + + + + + + Splunk + + + + + + Sysmon + + + + + + Radare2 + + + + + + Volatility + + + + + + WinDBG + + + + -- BloodHound - - [Lay of the Land with BloodHound](http://threat.tevora.com/lay-of-the-land-with-bloodhound/) -- Elasticsearch - - [A Practical Introduction to Elasticsearch](https://www.elastic.co/blog/a-practical-introduction-to-elasticsearch) -- IDA Pro - - [IDA series, part 1: the Hex-Rays decompiler](https://qmemcpy.github.io/post/ida-series-1-hex-rays) - - [IDA series, part 2: debugging a .NET executable](https://qmemcpy.github.io/post/ida-series-2-debugging-net) -- Masscan - - [A Masscan Tutorial and Primer](https://danielmiessler.com/study/masscan/#gs.zhlnvjE) -- OSQuery - - [Tracking a stolen code-signing certificate with osquery](https://blog.trailofbits.com/2017/10/10/tracking-a-stolen-code-signing-certificate-with-osquery/) -- Splunk - - [The Windows Splunk Logging Cheat Sheet](https://www.malwarearchaeology.com/s/Windows-Splunk-Logging-Cheat-Sheet-v20-spjb.pdf) -- Sysmon - - [Sysmon doing lines](http://www.hexacorn.com/blog/2017/10/02/sysmon-doing-lines/) - - [Mhaggis/sysmon-dfir](https://github.com/MHaggis/sysmon-dfir) -- Radare2 - - [A journey into Radare 2 – Part 1: Simple crackme](https://www.megabeets.net/a-journey-into-radare-2-part-1/) - - [A journey into Radare 2 – Part 2: Exploitation](https://www.megabeets.net/a-journey-into-radare-2-part-2/) - - [Emulating Assembly in Radare2](http://blog.superponible.com/2017/04/15/emulating-assembly-in-radare2/) - - [Pwnable.kr - Passcode](https://github.com/chrysh/ctf_writeups/tree/master/pwnable.kr) - - [radare2 as an alternative to gdb-peda](https://monosource.github.io/2016/10/radare2-peda) -- Volatility - - [Volatility, my own cheatsheet (Part 1): Image Identification](https://andreafortuna.org/volatility-my-own-cheatsheet-part-1-image-identification-9343c077f8da) - - [Volatility, my own cheatsheet (Part 2): Processes and DLLs](https://andreafortuna.org/volatility-my-own-cheatsheet-part-2-processes-and-dlls-ba22050ba25a) - - [Volatility, my own cheatsheet (Part 3): Process Memory](https://andreafortuna.org/volatility-my-own-cheatsheet-part-3-process-memory-a0470f378ad2) - - [Volatility, my own cheatsheet (Part 4): Kernel Memory and Objects](https://andreafortuna.org/volatility-my-own-cheatsheet-part-4-kernel-memory-and-objects-af9c022bf32c) - - [Volatility, my own cheatsheet (Part 5): Networking](https://andreafortuna.org/volatility-my-own-cheatsheet-part-5-networking-ae92834e2214) - - [Volatility, my own cheatsheet (Part 6): Windows Registry](https://andreafortuna.org/volatility-my-own-cheatsheet-part-6-windows-registry-ddbea0e15ff5) - - [Volatility, my own cheatsheet (Part 7): Analyze and convert crash dumps and hibernation files](https://andreafortuna.org/volatility-my-own-cheatsheet-part-7-analyze-and-convert-crash-dumps-and-hibernation-files-5d4b5b9c5194) - - [Volatility, my own cheatsheet (Part 8): Filesystem](https://andreafortuna.org/volatility-my-own-cheatsheet-part-8-filesystem-5c1b710b091f) - - [Using Yara rules with Volatility](https://isc.sans.edu/forums/diary/Using+Yara+rules+with+Volatility/22950/) -- WinDBG - - [Anti-Antidebugging WinDbg Scripts](https://vallejo.cc/2017/07/16/anti-antidebugging-windbg-scripts/) - - [bulentrahimkazanci/Windbg-Cheat-Sheet](https://github.com/bulentrahimkazanci/Windbg-Cheat-Sheet) - - [WinDBG and JavaScript Analysis](http://blog.talosintelligence.com/2017/08/windbg-and-javascript-analysis.html) - ## Tools ### AWS Security