Narzędzia bezpieczeństwa
W trakcie analizy zdarzeń bezpieczeństwa warto korzystać z dobrodziejstwa Internetu. Wiele mądrych głów wymyśliło przed nami jak rozwiązać jakiś problem, staram się korzystać z dostępnych pomocy. Poniżej znajdziesz listę niektórych narzędzie jak i ciekawe stronę które może Ci pomogą w lepszym zrozumieniu Bezpieczeństwa IT.
Analiza incydentów – networek/endpoint
- www.virustotal.com
- http://www.o365atp.com/ – O365 safe link checker
- https://www.hybrid-analysis.com/ – file/url check
- https://mxtoolbox.com/ – mail header
- https://www.browserling.com/ – sandbox for url checks
- https://scanurl.io – skanowanie url
- https://metadefender.opswat.com/#!/ –
- https://userstack.com/– useragent check
- http://whois.domaintools.com/
- https://viewdns.info/
- https://app.any.run/
- https://cve.mitre.org/cve/search_cve_list.html
- https://nvd.nist.gov/search
- https://cryptii.com/ – encode/decode
- https://www.base64decode.org/
- http://veriscommunity.net/incident-track.html
- https://blog.thehive-project.org/category/analyzers/page/2/
Learning
- https://www.hackthebox.eu/ – typowy CTF
- https://overthewire.org/wargames/ – CTF od zera do bohatera
- https://www.cybrary.it/ – sporo materialow szkoleniowych
- https://www.udemy.com – platne ale i darmowe materialy szkoleniowe
- https://www.hackers-arise.com/
- https://www.vulnhub.com/
- https://n0where.net/
Nice to have / nice to know
- https://www.elastic.co/elastic-stack
- https://www.logpoint.com/en/download-logpoint/
- https://thehive-project.org/ – SECURITY INCIDENT RESPONSE FOR THE MASSES SCALABLE, OPEN SOURCE AND FREE SOLUTIONS
- https://www.misp-project.org/index.html – MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing
- https://github.com/Neo23x0/sigma – tworzenie regul korelacyjnych w SIEM
- https://attack.mitre.org/ – globally-accessible knowledge base of adversary tactics and techniques based on real-world observations
- https://developer.ibm.com/qradar/ce/ – darmowy qradar z ograniczeniami
- https://www.rapid7.com/info/nexpose-community/ – Limited Functionality of Nexpose for 1 year
- https://www.rapid7.com/info/nexpose-trial/ – Free Nexpose 30-Day Trial
- https://www.splunk.com/en_us/download.html# – free limited
- www.cisecurity.org/controls/cis-controls-list/
- https://www.alienvault.com/open-threat-exchange
- https://github.com/BloodHoundAD/BloodHound – https://www.youtube.com/watch?v=lxd2rerVsLo bardzo fajne narzedzie do wyciagania danych z domeny 🙂 – BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment. – https://www.youtube.com/watch?v=Pn7GWRXfgeI
- https://neo4j.com/ –
- https://www.incidentresponse.com/playbooks/ – The Incident Response Playbook Designer is here to help teams prepare for and handle incidents without worrying about missing a critical step.
- https://www.cyberbit.com/solutions/security-operations-automation-orchestration/
- https://github.com/BloodHoundAD/BloodHound – BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.