CSIRT
Resources and Tools
· ☕ 3 min read
This page contains links to couple of interesting training resources, tools and other material useful for Incident Response, Penetration Testing, Malware Analysis and other more or less CSIRT-related activities. Although I’ve placed it here mainly for myself and students of my security courses, if you find it useful, it is also accessible through the easily remembered URL csirt.xyz. Incident Response Standards and Best Practices ENISA Good Practice Guide for Incident Management NIST Computer Security Incident Handling Guide (SP 800-61r2) SIM3: Security Incident Management Maturity Model SOC-CMM Handbook for Computer Security Incident Response Teams (CSIRTs) Reference Security Incident Taxonomy (RSIT) (current version) FIRST CSIRT/PSIRT Services Framework MaGMa Use Case Framework Traffic Light Protocol (TLP) Incident Response Hierarchy of Needs Training Resources CSIRT Training Resources from ENISA Tutorials for Network Miner and Other Netresec Tools PCAP Files for Training - Netresec PCAP Files for Training - SANS PCAP Files for Training - Malware Traffic Analysis FIRST Courses TRANSITS Materials Encyclopedia of evasion techniques Collections of resources List of resources for SOC/CSIRT Collection - How To Build And Run A SOC for Incident Response SANS Information Security Resources List of Security APIs from Alexander Jäger List of tools for PDF Analysis Tool Analysis Result Sheet Tools Network Miner Flare VM SIFT - SANS Forensic VM Didier Stevens Suite CyberChef YARA Sigma - Generic Signature Format for SIEM Systems KAPE - Kroll Artifact Parser and Extractor Misc Incident Response: Protecting Individual Rights Under the General Data Protection Regulation Processing Data to Protect Data: Resolving the Breach Detection Paradox Threat Hunting Standards and Best Practices Sqrrl Cyber Hunting Maturity Model Penetration Testing Methodologies and Best Practices OWASP Web Security Testing Guide (WSTG) v4.