Resources

These resources have been invaluable throughout my career, and I hope you find them helpful as well.

Environment Hardening / Configuration

• Windows Server Security Guidelines: Official Microsoft documentation for system services security in Windows Server.
• Controlled Folder Access: Guidance on protecting system folders in Microsoft 365.

Detection

• The Pyramid of Pain: A blog post about the difficulties adversaries face when their tactics, techniques, and procedures are identified and countered.
• Malware Archaeology Cheat Sheets: A collection of cheat sheets for incident response and log management.
• Sigma: A generic signature format for SIEM systems.
• Auditd Rules: A repository containing audit rules for Linux systems.
• DNIF Content: Security content for the DNIF platform.
• OTRF: Open Threat Research Foundation's GitHub repository.
• Panther Analysis: A collection of detections for the Panther platform.
• Microsoft 365 Defender Hunting Queries: Hunting queries for Microsoft 365 Defender.
• SophosLabs IoCs: Indicators of compromise from SophosLabs.
• FalconFriday: Weekly threat hunting exercises from Falcon Force.
• Splunk Detections: A collection of detections from Splunk.
• Chronicle Detection Rules: A repository of detection rules from Chronicle.
• Elastic Detection Rules: A repository of detection rules for Elastic Security.

Tools

• Canary Tokens: A free service for generating honeypot tokens.
• Threat Hunter Playbook: A playbook for threat hunting and security analytics.
• CrowdStrike DFIR Tracker: A digital forensics and incident response tracker from CrowdStrike.
• CyberChef: A web app for encryption, encoding, compression, and data analysis.
• CyberChef Recipes: A collection of recipes for CyberChef.

Education

• Network Defense Library: A collection of cybersecurity courses.
• Sandfly Security Blog: A blog covering various cybersecurity topics.
• MITRE ATT&CK: A globally accessible knowledge base of adversary tactics and techniques.
• MITRE D3FEND: A complementary framework to MITRE ATT&CK, focused on defensive countermeasures.
• The C2 Matrix: A comprehensive matrix of command and control frameworks, techniques, and evaluation criteria.
• The DFIR Report: A website that shares digital forensics and incident response case studies.

Other

• Security Identifiers in Windows: Microsoft documentation on security identifiers in Windows Server.
• Big-Ass Data Broker Opt-Out List: A comprehensive list of data brokers and instructions on how to opt-out from their services.