macostag · March 21, 2024 21:12
diff --git a/TH-AS.txt b/TH-AS.txt
 MITRE ATT&CK
 ------------
 MITRE ATT&CK® :
 https://attack.mitre.org

 Getting Started with ATT&CK: Detection and Analytics :
 https://medium.com/mitre-attack/getting-started-with-attack-detection-a8e49e4960d0

 Getting Started with ATT&CK: Adversary Emulation and Red Teaming :
 https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3

 Getting Started with ATT&CK: Threat Intelligence
 https://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f


 Adversary Simulation
 ----------------------
 Adversary Simulation Becomes a Thing… :
 https://blog.cobaltstrike.com/2014/11/12/adversary-simulation-becomes-a-thing/

 Comparing open source adversary emulation platforms for red teams:
 https://redcanary.com/blog/comparing-red-team-platforms/

 Atomic Red Team:
 https://github.com/redcanaryco/atomic-red-team
 https://atomicredteam.io/use-cases


 Cyber Analytics Repository
 ----------------------------
 MITRE Cyber Analytics Repository
 https://car.mitre.org/analytics/

 EQL Analytics Library
 https://eqllib.readthedocs.io/en/latest/index.html

 The Threat Hunter Playbook
 https://threathunterplaybook.com/introduction.html


 Datasets
 ---------
 BRAWL
 https://github.com/mitre/brawl-public-game-001

 Boss of the SOC (BOTS) Dataset Version 2
 https://github.com/splunk/botsv2


 Methodology
 -----------
 TaHiTI Threat Hunting Methodology
 https://www.betaalvereniging.nl/en/safety/tahiti/


 Windows Audit Policy
 ---------------------
 Windows Audit Policy Recommendations :
 https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations

 Command line process auditing :
 https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing

 Greater Visibility Through PowerShell Logging :
 https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

 Windows Event Logging and Forwarding :
 https://www.cyber.gov.au/sites/default/files/2019-10/PROTECT%20-%20Windows%20Event%20Logging%20and%20Forwarding%20%28April%202019%29.pdf

 Using AutorunsToWinEventLog :
 https://isc.sans.edu/forums/diary/Using+AutorunsToWinEventLog/23840/

 sysmon-modular | A Sysmon configuration repository for everybody to customise :
 https://github.com/olafhartong/sysmon-modular

 sysmon-config | A Sysmon configuration file for everybody to fork :
 https://github.com/SwiftOnSecurity/sysmon-config


 ELK Setup
 ----------
 Installing Elastic Stack :
 https://documentation.wazuh.com/3.13/installation-guide/installing-elastic-stack/index.html

 Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 5 :
 https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html

 Windows Event Logs and WinLogBeat :
 https://www.youtube.com/watch?v=dRV4MshJCNw

 ELK stack: Installation and shipping data :
 https://medium.com/@ibrahim.ayadhi/elk-stack-installation-and-shipping-data-2b7c903d5a71


 Tools & Analytics 
 -------------------
 Detection Lab :
 https://github.com/clong/DetectionLab

 Directory of ATT&CK Open Source Tools :
 https://www.attack-community.org/directory/

 Sigma:
 https://github.com/Neo23x0/sigma

 invoke-atomicredteam:
 https://github.com/redcanaryco/invoke-atomicredteam

 Sysmon:
 https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
	MITRE ATT&CK
	------------
	MITRE ATT&CK® :
	https://attack.mitre.org

	Getting Started with ATT&CK: Detection and Analytics :
	https://medium.com/mitre-attack/getting-started-with-attack-detection-a8e49e4960d0

	Getting Started with ATT&CK: Adversary Emulation and Red Teaming :
	https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3

	Getting Started with ATT&CK: Threat Intelligence
	https://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f


	Adversary Simulation
	----------------------
	Adversary Simulation Becomes a Thing… :
	https://blog.cobaltstrike.com/2014/11/12/adversary-simulation-becomes-a-thing/

	Comparing open source adversary emulation platforms for red teams:
	https://redcanary.com/blog/comparing-red-team-platforms/

	Atomic Red Team:
	https://github.com/redcanaryco/atomic-red-team
	https://atomicredteam.io/use-cases


	Cyber Analytics Repository
	----------------------------
	MITRE Cyber Analytics Repository
	https://car.mitre.org/analytics/

	EQL Analytics Library
	https://eqllib.readthedocs.io/en/latest/index.html

	The Threat Hunter Playbook
	https://threathunterplaybook.com/introduction.html


	Datasets
	---------
	BRAWL
	https://github.com/mitre/brawl-public-game-001

	Boss of the SOC (BOTS) Dataset Version 2
	https://github.com/splunk/botsv2


	Methodology
	-----------
	TaHiTI Threat Hunting Methodology
	https://www.betaalvereniging.nl/en/safety/tahiti/


	Windows Audit Policy
	---------------------
	Windows Audit Policy Recommendations :
	https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations

	Command line process auditing :
	https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing

	Greater Visibility Through PowerShell Logging :
	https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

	Windows Event Logging and Forwarding :
	https://www.cyber.gov.au/sites/default/files/2019-10/PROTECT%20-%20Windows%20Event%20Logging%20and%20Forwarding%20%28April%202019%29.pdf

	Using AutorunsToWinEventLog :
	https://isc.sans.edu/forums/diary/Using+AutorunsToWinEventLog/23840/

	sysmon-modular \| A Sysmon configuration repository for everybody to customise :
	https://github.com/olafhartong/sysmon-modular

	sysmon-config \| A Sysmon configuration file for everybody to fork :
	https://github.com/SwiftOnSecurity/sysmon-config


	ELK Setup
	----------
	Installing Elastic Stack :
	https://documentation.wazuh.com/3.13/installation-guide/installing-elastic-stack/index.html

	Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 5 :
	https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html

	Windows Event Logs and WinLogBeat :
	https://www.youtube.com/watch?v=dRV4MshJCNw

	ELK stack: Installation and shipping data :
	https://medium.com/@ibrahim.ayadhi/elk-stack-installation-and-shipping-data-2b7c903d5a71


	Tools & Analytics
	-------------------
	Detection Lab :
	https://github.com/clong/DetectionLab

	Directory of ATT&CK Open Source Tools :
	https://www.attack-community.org/directory/

	Sigma:
	https://github.com/Neo23x0/sigma

	invoke-atomicredteam:
	https://github.com/redcanaryco/invoke-atomicredteam

	Sysmon:
	https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon