Google Cloud Platform Forensics provides a comprehensive overview of incident response in GCP, including logs for threat hunting and incident response, log analysis, and admin console cloud logging. It involves understanding existing infrastructure and investigating malicious activity derived from control plane activity. The tool provides five categories of forensic data, including alerts, logs, configurations, reports, and service data, and utilizes GCP native tooling such as Security Command Center, Logs Explorer, BigQuery, Metrics Explorer, Policy Analyzer, and Asset Inventory. The tool tracks various logs, including Admin, User, OAuth, SAML, Groups, and Security logs, which can be used for threat hunting and incident response. These logs provide valuable insights into API calls, user events, and configuration changes, enabling effective incident response and threat hunting in GCP environments.
FEATURES
ALTERNATIVES
A comprehensive guide to Python 3 syntax, features, and resources in a single image.
A comprehensive guide to reverse engineering by Dennis Yurichev, available for free download in multiple languages and formats, with praise from cybersecurity experts.
A comprehensive SQL injection cheat sheet covering various database management systems and techniques.
ENISA Training Resources offers online training material for cybersecurity specialists, covering technical areas such as artefact handling and analysis.
A comprehensive guide to using Metasploit, including searching for modules, specifying exploits and payloads, and using auxiliary modules.
A live archive of DEF CON CTF challenges, vulnerable by design, for hackers to play safely.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.