Security Links Repository

This is a repository of links I've saved during my career that are all security or IT focused, or had potential to help. They are either to keep up with current events, tools or even repositories themselves. Feel free to share or share your links!

---

Table of Contents

• Active Directory
  • GPO App Locker Protection
  • Set Local Admin Passwords Using A Random String
• Internal Auditing
  • Lepide Auditor
  • Netwrix Free Tools
• Groups
  • BSides
  • Military Cyber Professionals Association
• Honey Pots
  • Canary Tokens
  • Cryptolocker Canary
  • Honeypot Resources
  • Modern Honey Network
  • Ransomware Protection Using FSRM and PowerShell
• Miscellaneous
  • Better Network Diagrams
  • Draw.IO
  • Infogram
  • Electronics Recycling
  • Recycle Old Tech
  • VMUG Controller
• News
  • BleepingComputer
  • InfoSec Industry
  • Krebs on Security
  • Risky Business
  • SANS Internet Storm Center
  • Simply Cyber
  • The Daily Swig
  • The Hacker News
  • Threatpost
• Repos
  • Digital Forensic Tools
  • GRR Rapid Response
  • HackerTalkyTalk
  • OSINT
  • Privacy Tools
  • PwnWiki.io
  • RITA
• Reporting
  • ADRecon
  • Infection Monkey
  • Malware Archaeology
  • Open Source SIEM
  • OpenVAS
  • Third-Wall
  • Wazuh
  • Zeek
• Resources
  • Does Your Organization Have a Security.txt File?
  • Implementing Least-Privilege Admin
  • Exercise in a Box
  • MITRE ATT&CK
  • PowerShell ♥ the Blue Team
  • Quad 9
  • Security Config Framework
  • Unified Hosts
• Services
  • CISA Cyber Resource Hub
  • HackerMaps.org
• Software
  • GlassWire
  • Log-MD
  • Security Monitor on RPi
  • SwordPhish
• Training
  • Go Phish
  • Phishing Derby
• Windows
  • Crack and Detect Weak AD Passwords
  • Domain Hardening
  • Harden Windows Settings
  • Pen Testing Active Directory

---

Active Directory

^ Back to Top ^

• GPO App Locker Protection - A Spiceworks how-to on setting up App Locker using GPO, created by JeffatLSU.
• Set Local Admin Passwords Using A Random String - A post by SANS.org on using PowerShell for securely managing the passwords of local admin accounts on Windows.

Internal Auditing

^ Back to Top ^

• Lepide Auditor - A tool I came across but haven't used. I saved as an option in case it was needed.
• Netwrix Free Tools - I've implemented Netwrix at a previous employer that had all these tools, but these are great stand-alone tools for those needing a free solution.

Honey Pots

^ Back to Top ^

• Canary Tokens - A free tool to create various tokens that when triggered, will send a notice to the owner. I implemented Canary at a previous employer and used these tokens for specific items to track intrusion.
• Cryptolocker Canary - A Spiceworks how-to by JustinCredible on how to setup a canary for ransomware.
• Honeypot Resources - A repo of various honeypot software and resources.
• Modern Honey Network - An open-source honeypot software package.
• Ransomware Protection Using FSRM and PowerShell - A blog post by Netwrix on how to use FSRM and Powershell to add a layer of protection against ransomware. Lots of great blog posts by Netwrix!

Miscellaneous

^ Back to Top ^

• Amazon Recycling - You can recycle your consumer electronics free of charge through an Amazon-approved Recycler. You can receive a shipping label at no cost which you can use to ship your electronics through any UPS pick-up point.
• Better Network Diagrams - A site that was shared to me in my current job as creating diagrams happens often. I found some great tips here and wanted to share.
• Draw.IO - A free tool to create diagrams and on par with Visio. If you need a quick and free way to make a diagram, give this a try.
• Infogram - Infogram is an intuitive visualization tool that empowers people and teams to create beautiful content.
• Electronics Recycling - Computer recycling easy, environmentally safe and secure!
• Recycle Old Tech - An article by ZDnet on options for recycling old tech.

News

^ Back to Top ^

• Bleeping Computer - Bleeping Computer® is an information security and technology news publication created in 2004 by Lawrence Abrams.
• InfoSec Industry - InfoSec Industry is your one stop for access to the latest breaking news and resources on the topic of information security.
• Krebs on Security - Security news by Brian Krebs.
• Naked Security - Naked Security is Sophos’s award-winning threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats.
• Risky Business - The Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals.
• SANS Internet Storm Center - Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute.
• Simply Cyber - This is a YouTube channel shared with me by a peer who has their CCNA and has used this channel to near continuing education credits to maintain. Receive Practical Cybersecurity Knowledge Daily to Get a Cybersecurity Job or Level Up Your Career!
• The Daily Swig - Keeping you up to date with the latest cybersecurity news from around the world.
• The Hacker News - The Hacker News (THN) is a leading, trusted, and widely recognized cybersecurity news platform that attracts over 8 million readers monthly, including IT professionals, researchers, hackers, technologists, and enthusiasts.
• Threatpost - Threatpost is a long-running, independent source of news and analysis about the cybersecurity landscape, covering breaking news and threat research, malware and vulnerability analysis, long-term trends and everything in-between.

Repos

^ Back to Top ^

• Digital Forensic Tools - A post by GFI showcasing 20 free tools to help with forensics.
• GRR Rapid Response - GRR is a python client (agent) that is installed on target systems, and python server infrastructure that can manage and talk to clients.
• HackerTalkyTalk - A listing of recordings from different security conferences.
• OSINT - A curated list of amazingly awesome open source intelligence tools and resources.
• Privacy Tools - PrivacyTools.io provides services, tools and privacy guides to counter global mass surveillance. Established way back in 2015 after Edward Snowden's revelations and quickly became the most popular guide for Privacy Tools.
• Pwnwiki.io - PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained.
• RITA - RITA is an open source framework for network traffic analysis. The framework ingests Zeek Logs in TSV format.

Reporting

^ Back to Top ^

• ADRecon - ADRecon is a tool which extracts and combines various artefacts (as highlighted below) out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis and provide a holistic picture of the current state of the target AD environment.
• Infection Monkey - Infection Monkey is an open-source breach and attack simulation (BAS) platform that helps you validate existing controls and identify how attackers might exploit your current network security gaps.
• Malware Archaeology - A site with free cheat sheets and log settings that can be used to make sure you're catching everything that is essential.
• Open Source SIEM - AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation.
• OpenVAS - OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
• Third-Wall - Automation and reports software, I haven't used.
• Wazuh - This was a tool that was shared by a customer for what they're using for their SIEM. Unified XDR and SIEM protection for endpoints and cloud workloads.
• Zeek - Zeek is not an active security device, like a firewall or intrusion prevention system. Rather, Zeek sits on a “sensor,” a hardware, software, virtual, or cloud platform that quietly and unobtrusively observes network traffic. Zeek interprets what it sees and creates compact, high-fidelity transaction logs, file content, and fully customized output, suitable for manual review on disk or in a more analyst-friendly tool like a security and information event management (SIEM) system.

Resources

^ Back to Top ^

• Does Your Organization Have a Security.txt File? - The idea behind Security.txt is straightforward: The organization places a file called security.txt in a predictable place — such as example.com/security.txt, or example.com/.well-known/security.txt. What’s in the security.txt file varies somewhat, but most include links to information about the entity’s vulnerability disclosure policies and a contact email address.
• Exercise in a Box - An online tool which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment.
• MITRE ATT&CK - MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
• PowerShell ♥ the Blue Team - When you take an assume-breach mindset, you have to assume that an attacker is already on your system. But then you’re left with questions: What did they do? What systems did they connect to? Was any dynamic code invoked, and what was it? PowerShell version 5 (included in Windows 10, and also available for earlier operating systems through the Windows Management Framework) has made significant strides in making sure that the Blue Team has the information it needs to answer these questions.
• Quad 9 - Quad9 is a free service that replaces your default ISP or enterprise Domain Name Server (DNS) configuration and blocks lookups of malicious host names from an up-to-the-minute list of threats.
• Security Config Framework - To help you prioritize your endpoint hardening work, Microsoft is introducing a new taxonomy for security configurations for Windows 10. In this initial preview, we are simply listing recommended hardware, policies, controls, and behaviors in order to gather feedback from more customers and security experts in order to refine the framework and prioritize opportunities to automate.
• Unified Hosts - This repository consolidates several reputable hosts files, and merges them into a unified hosts file with duplicates removed. A variety of tailored hosts files are provided.

Services

^ Back to Top ^

• CISA Cyber Resource Hub - The Cybersecurity and Infrastructure Security Agency offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework. These professional, no-cost assessments are provided upon request on a voluntary basis and can help any organization with managing risk and strengthening the cybersecurity of our Nation's critical infrastructure.
• HackerMaps.org - A Google Map of hacker conferences, B-Sides and 2600/DC meetups. A great resource to find security cons near you.

Software

^ Back to Top ^

• GlassWire - Detect hidden threats with GlassWire's Firewall. Instantly see your current & past network activity. Detect malware, & block badly behaving apps.
• Log-MD - LOG-MD was designed for Windows based systems to audit log and advanced audit policy settings and guide users to enable and configure the audit settings to help push and encourage moving security and detection forward.
• Security Monitor on RPi - Scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.
• SwordPhish - SwordPhish is a very simple but effective button that sits within the users Outlook toolbar. One click and the suspicious e-mail is instantly reported to your designated recipient (i.e your internal security team, or SoC) and contains all metadata required for investigation.

Training

^ Back to Top ^

• Go Phish - Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.
• Phishing Derby - This is an idea posted by Torbsie on Spiceworks on how to make phishing training more interesting.

Windows

^ Back to Top ^

• Awesome Windows Domain Hardening - This document summarizes the information related to Pyrotek and Harmj0y's DerbyCon talk called "111 Attacking EvilCorp Anatomy of a Corporate Hack". Video and slides are available below. It also incorporates hardening techniques necessary to prevent other attacks, including techniques discussed by gepeto42 and joeynoname during their THOTCON 0x7 talk.
• SysHardener - Free Windows OS security application that allows you to harden Windows settings to mitigate cybersecurity threats. With this tool you can restrict functionalities of Windows and secure vulnerable applications (i.e Office and Adobe Reader).
• Pen Testing Active Directory - Kim from Varonis shares blog posts on how to pen test AD.