BPF+ is a generalized packet filter framework that achieves both high-level expressiveness and good performance for network monitoring and intrusion detection applications.
Detecting the Elusive Active Directory Threat Hunting is a comprehensive resource presented by Sean Metcalf (@Pyrotek3) that provides guidance on threat hunting in Active Directory environments. The resource covers various topics including tracking command-line/PowerShell activity, Kerberoasting detection, auditing attacker activity, and monitoring enterprise command-line activity. Additionally, it discusses the importance of logging the correct type of data and correlating Event IDs to anomalous activity. The resource also introduces Microsoft Sysinternals System Monitor (Sysmon) as a tool for monitoring process activity, image loads, and network connections. Furthermore, it highlights interesting Microsoft binaries to monitor for potential security threats. The resource is an in-depth guide for security professionals and researchers to identify and mitigate Active Directory threats.
BPF+ is a generalized packet filter framework that achieves both high-level expressiveness and good performance for network monitoring and intrusion detection applications.
A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.
A comprehensive Windows command-line reference guide for security professionals, system administrators, and incident responders.
A collection of mobile security resources and tools
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
A comprehensive cheat sheet for using JtR (John the Ripper), a password cracking tool.