Are you starting a career as a SOC analyst? Or do you simply want to get a list of the most used tools in the cyber world? This repository is made for you, whether you are a level 1 or in a more advanced branch, you will find all the resources to make your work easier. Remember, the priority is to properly detect and identify the threat, so use everything you have at hand and avoid the crisis !
In this repository, several parts, one for monitoring, the list of tools to qualify malicious activity and finally, a list of queries to carry out your threat hunting properly. I've also added news sites and courses to train you between cyber attacks, when you have time.
| Website | Description |
|---|---|
| APT_CyberCriminal | This is a repository for various publicly-available documents and notes related to APT, sorted by year. |
| Mitre Attack | APT group and campaign list |
| Ransomwatch | Track Ransomware and leak activity over the web |
| FBI Internet Crime Report | As the cyber threat continues to evolve, the FBI remains appreciative of those who report cyber incidents to IC3. Information reported to the FBI helps advance our investigations. |
| FBI Fraud Report | The Internet Crime Complaint Center, or IC3, is the Nation's central hub for reporting cyber crime. It is run by the FBI, the lead federal agency for investigating cyber crime. |
| CISA Top Vulnerabilites | For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities |
| Sophos Ransomware report | report on ransomware attacks, payments, and recovery costs from Sophos |
| SpyCloud Exposure report | Annual Identity Exposure Report unveils the latest cybercrime research, including data breach, malware & identity threat trends |
| NIST Cybersecurity | NIST collaborated with software developers, service providers, and users to develop secure software development guidance that is now mandatory for federal agency softwar e acquisition and use |
| Malware Traffic Analysis | This blog focuses on network traffic related to malware infections, mostly from Windows-based malware. |
| ANSSI Cyber Threat | the Agency reports a steadily rising cyber threat level, against a backdrop of new geopolitical tensions and international events being held in France |
| Fortinet | Top 20 Most Common Types of Cybersecurity Attacks |
| CrowdStrike | 10 Most Common Types of Cyber Attacks |
| MalwareByteLabs | Ransomware review 2024 |
| Website | Description |
|---|---|
| AbuseIP | Check IP reputation online and through public feeds |
| CriminalIP | First IP Malware Activity Checker Site |
| Shodan | Analyse hostname and IP and find mode |
| Netcraft | Historical analyzer, find infos about websites and dns |
| UrlScan | Scan a site's URL to find out if it is linked to suspicious activities |
| PaloAltosURL | URL scanner from the world's leading security company |
| JoeSandbow | Analyze your malware samples to observe their behavior |
| Yomi | A performance sandbox to analyze your malware |
| VirusTotal | Analyze a hash, file or URL and see if it has been reported by cyber companies |
| Hybrid Analysis | Another sandbox, analyze the files and see if they pose a risk |
| DocGuard | A document analyzer, malicious VB macros, hidden scripts... |
| MxToolBox | Check the reputation of an email domain and its records |
| TreatMining | Take informations about IOC |
| CyberChief | CyberChef is a web app that allows you to create and run recipes of data manipulation operations. You can use it to encrypt, decode, compress, analyze and transform data in various ways |
| PcapTotal | The platform is a successor to PacketTotal with over 100,000 PCAP files in its repository. Check if a malicious behavior is present in a network pcap |
| MD5Center | Reverse MD5 Hash (with no salt, for other use john or hashcat) |
| SHA1Center | Similar website, but for Sha1 reverse |
| Website | Description |
|---|---|
| MalwareDatabase | Malware Sample repository |
| VXunderground | Virus source code, online, free |
| Malware-Feed | Repository and list of the most active malware |
| Malware-Bazard | Collect samples for your tests from the most famous database in the world |
| Malware-Sample | Another repository, offering up-to-date samples |
| TheZoo | New repo, active, offering malwares samples |
| Website | Description |
|---|---|
| Sentinel & Defender KQL | KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft Security products |
| Awesome KQL | Awesome repository of detection R&D created exclusively by the Cylaris Threat Research Group |
| Sentinel Queries | Some tips, tricks and examples for using KQL for Microsoft Sentinel. |
| Threat-Hunting-KQL | Repository for threat hunting and detection queries, tools, etc. |
| Splunk Queries SOC | Most Useful SPLUNK Queries for SOC Analysts |
| Splunk queries | Compilation of Splunk queries collected and used over time |
| sserrato Splunk Queries | These are example so of queries I've run on Apache and Window Servers Logs as part of a 2022 course on cybersecurity where I was using Splunk for SOC monitoring |
| threathuntingspl | This is a repository to store Splunk code (SPL) and prototypes useful for building rules (correlation searches) and queries to find and hunt for malicious activity. |
| ThreatHuntingWithSplunk | Awesome Splunk SPL queries that can be used to detect the latest vulnerability exploitation attempts |
| IBM AQL | IBM Documentation for AQL queries |
| Explain Shell | Don't understand a command? Type it here |
| zzzcodeai | Don't understand code ? Specify the language and paste the code here |
| KQL for network OPS | If you query data that contains IP addresses this blog is something for you! |
| KQL for Sec OPS | In recent years Kusto Query Language (KQL) has gotten a more and ever increasing place in the cyber security world |
| FalconFriday | MDE hunting queries to detect offensive techniques |
| AzSentinelQueries | Sentinel hunting queries and Analytics rules |
| KQL | Therefore, in this repository on KQL-XDR-Hunting, I will be sharing 'out-of-the-box' KQL queries based on feedback, security blogs, and new cyber attacks to assist you in your threat hunting |
| Advanced Hunting KQL | Collection of Microsoft 365 Advanced Hunting Queries written in Kusto Query Language (KQL) |
| Website | Description |
|---|---|
| Checkpoint | See LIVE cyber attacks now with threat map |
| Kaspersky | Find out if you're under cyber-attack here |
| Radware | Radware's Live Threat Map presents near real-time information about cyberattacks as they occur, based on our global threat deception network and cloud systems event information |
| Fortinet | Is your network security keeping up with the latest threats? |
| Bitdefender | Bitdefender Advanced Threat Defense Cyber Map |
| Website | Description |
|---|---|
| RootMe | Train your hacking skills on various exercises and virtual environments |
| HackTheBox | This path covers core security monitoring and security analysis concepts and provides a deep understanding of the specialized tools, attack tactics, and methodology used by adversaries |
| TryHackMe | In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts. |
| Coursera | Coursera offers SOC analyst courses from IBM, Microsoft, PaloAlto and many other major players in the Cyber world |
| Let's defends | Develop the skills and experience to land a better job in cybersecurity |
| ICSI | SOC Analyst courses, Network Defense, Penstesting, Crest Approved. |
| ECC SOC-A | Engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations |
| Offsec-soc200 | Learn the foundations of cybersecurity defense with Foundational Security Operations and Defensive Analysis (SOC-200) |
| SecurityBlueTeam | BTL1 has been trusted around the world to train thousands of technical defenders in governments, CERTs, law enforcement, military units, MSSPs, financial institutions, critical national infrastructure, and more. |
| PluralSight | A cyber defense analyst uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats. |
| Microsoft SC200 | Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. |
| Splunk CCDA | Validate your skills to start as a SOC analyst using Splunk analytics, threat-hunting, risk-based alerting and industry best practices. |
| IBM SOCA | This intermediate level certification targets analysts that have knowledge and technical skills in CompTIA Cybersecurity and IBM Security QRadar SIEM |
| Cisco SOC | Free Course Junior SOC Analyst from Skill4All |
| CompTIA CySA+ | CompTIA Cybersecurity Analyst (CySA+) is a certification for cyber professionals tasked with incident detection, prevention and response through continuous security monitoring. |
| CompTIA Security+ | CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. |