Threat Hunter's Knowledge Base

Description

Useful Threat Hunting resources: blogs, books, trainings, people to follow, research articles, talks etc.

Windows Internals & Security

Books

• Windows Security Monitoring, Scenarios and Patterns (Andrei Miroshnikov)
• Windows Internals (Part 1,2)
• Windows System Programming Part 1,2 (Pavel Yosifovich)
• Windows Kernel Programming (Pavel Yosifovich)

Trainings

• Windows Internals (Pavel Yosifovich)
• Windows Process Injection for Red-Blue Teams (PentesterAcademy, Pavel Yosifovich)
• WinDbg Fundamentals: User Mode (PentesterAcademy, Pavel Yosifovich)
• WinDbg Fundamentals: Kernel Mode (PentesterAcademy, Pavel Yosifovich)
• Windows API Exploitation Recipes: Processes, Tokens and Memory RW (PentesterAcademy)
• WMI Attacks and Defense (PentesterAcademy, Nikhil Mittal)
• Windows System Programming: Fundamentals (PentesterAcademy, Pavel Yosifovich)
• https://www.udemy.com/course/windows-kernel-defense-and-attack-for-beginners-to-expert/

Links

Active Directory

Books

Trainings

• Attacking and Defending Active Directory (PentesterAcademy, Nikhil Mittal)
• Advanced Windows Tradecraft (Nikhil Mittal)

Labs

• Attacking and Defending Active Directory (PentesterAcademy)
• Advanced Red Team Lab (PentesterAcademy, Nikhil Mittal)
• Global Central Bank: An Enterprise Cyber Range (PentesterAcademy, Nikhil Mittal)
• Attacking Active Directory with Linux (PentesterAcademy, Nikhil Mittal)

Blogs

• https://adsecurity.org/
• http://www.harmj0y.net/blog/blog/
• https://www.netspi.com/blog/technical/
• https://posts.specterops.io/archive

Threat Hunting/Research/Detection Engineering

Books

Trainings

• https://specterops.io/how-we-help/training-offerings/adversary-tactics-detection
• https://specterops.io/how-we-help/training-offerings/adversary-tactics-tradecraft-analysis
• https://www.falconforce.nl/en/training/

Blogs

• https://www.mdsec.co.uk/knowledge-centre/insights/
• https://blog.f-secure.com/tag/f-secure-countercept/
• https://posts.specterops.io/archive
• https://expel.io/blog/
• https://www.fireeye.com/blog/threat-research.html

Labs

CTF

Links

• https://cyberpolygon.com/materials/threat-hunting-why-might-you-need-it/
• https://cyberpolygon.com/materials/threat-hunting-in-action/
• https://cyberpolygon.com/materials/hunting-for-advanced-tactics-techniques-and-procedures-ttps/

TTPs

Offensive Security/RedTeam

Books

Trainings

• https://www.mdsec.co.uk/training/adversary-simulation-red-team-tactics/
• https://specterops.io/how-we-help/training-offerings/adversary-tactics-red-team-operations
• https://specterops.io/how-we-help/training-offerings/adversary-tactics-vulnerability-research-for-operators
• https://0xdarkvortex.dev/trainings/
• https://www.netspi.com/training/

Blogs

• https://posts.specterops.io/archive
• https://itm4n.github.io/
• https://www.mdsec.co.uk/knowledge-centre/insights/
• https://www.netspi.com/blog/technical/
• https://blog.dylan.codes/
• https://blog.xpnsec.com/
• https://www.hexacorn.com/blog/

People

• Chetan Nayak (@NinjaParanoid)
• Dominic Chell (@domchell)
• @batsec
• Adam Chester (@xpn)
• Adam (@Hexacorn)

Linux Internals & Security

Books

• The Linux Programming Interface: A Linux and UNIX System Programming Handbook (Michael Kerrisk)

macOS Internals & Security

Books

• MacOS and iOS Internals, Volume I: User Mode
• MacOS and iOS Internals, Volume II: Kernel Mode
• MacOS and iOS Internals, Volume III: Security & Insecurity

Trainings

• https://specterops.io/how-we-help/training-offerings/adversary-tactics-mac-tradecraft

Containers Security

Cloud - Microsoft Azure

Blogs

• https://www.netspi.com/blog/technical/
• https://posts.specterops.io/search?q=azure
• https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html#
• https://o365blog.com/
• https://m365internals.com/

Books

• Exam Ref AZ-900 Microsoft Azure Fundamentals
• Exam Ref AZ-500 Microsoft Azure Security Technologies

Trainings

• https://www.netspi.com/training/dark-side-ops-azure-cloud-pentesting (NetSPI)
• Breaching the Cloud (Beau Bullock @dafthack)
• Azure Pentesting (INE)
• Attacking and Defending Azure AD Cloud: Beginner's Edition (Nikhil Mittal, Pentester Academy)
• Microsoft Azure - Beginner's Guide + AZ-900 (Alan Rodrigues, Udemy)
• AZ-500 Microsoft Azure Security Exam Certification (Alan Rodrigues, Udemy)

Cloud - AWS

Blogs/Articles

Expel

• https://expel.io/blog/find-amazon-s3-bucket-misconfigurations-fix-them/
• https://expel.io/blog/how-to-build-useful-threat-emulation-exercise-aws/
• https://expel.io/blog/following-cloudtrail-generating-aws-security-signals-sumo-logic/
• https://expel.io/blog/making-sense-amazon-guardduty-alerts/
• https://expel.io/blog/amazon-detective-fit-in-aws-security-landscape/
• https://expel.io/blog/finding-evil-in-aws/
• https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/
• https://expel.io/blog/power-of-orchestration-how-we-automated-enrichments-aws-alerts/
• https://expel.io/blog/mind-map-for-aws-investigations/
• https://expel.io/blog/evilginx-into-cloud-detected-red-team-attack-in-aws/

AWS

• https://aws.amazon.com/security/security-learning/?nc=sn&loc=5&cards-top.sort-by=item.additionalFields.sortDate&cards-top.sort-order=desc&awsf.Types=*all
• https://aws.amazon.com/blogs/security/?nc=sn&loc=7

Books

• AWS Certified Security Study Guide: Specialty (SCS-C01) Exam
• AWS Certified SysOps Administrator Study Guide: Associate (SOA-C01) Exam 2nd Edition

Trainings

• Breaching the Cloud (Beau Bullock @dafthack)
• AWS Security Bootcamp + Attack Defense AWS Labs (Pentester Academy)