This page contains links to couple of interesting training resources, tools and other material useful for Incident Response, Penetration Testing, Malware Analysis and other security-related areas. Although I’ve placed it here mainly for myself and students of my security courses, if you find it useful, it is also accessible through the easily remembered URL csirt.xyz. Bellow, you may find materials for the following areas: Security Monitoring and Incident Response Threat Hunting Threat Intelligence Threat Modeling Penetration Testing and Red Teaming Purple Teaming Malware Analysis Application Security OT Security Miscellaneous Security Monitoring and Incident Response Standards and Best Practices ENISA Good Practice Guide for Incident Management NIST Computer Security Incident Handling Guide (SP 800-61r2) NIST Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations (SP 800-137) NIST Assessing Information Security Continuous Monitoring (ISCM) Programs:Developing an ISCM Program Assessment (SP 800-137A) NIST ISCMA: An Information Security Continuous Monitoring Program Assessment (IR 8212) SIM3: Security Incident Management Maturity Model SOC-CMM Reference Security Incident Taxonomy (RSIT) (current version) FIRST CSIRT/PSIRT Services Framework MaGMa Use Case Framework Traffic Light Protocol (TLP) Incident Response Hierarchy of Needs INTERPOL Guidelines for Digital Forensics First Responders NIST Guide to Integrating Forensic Techniques into Incident Response (NIST SP 800-86) CISA Cybersecurity Incident & Vulnerability Response Playbooks ENISA CSIRT Maturity Framework RFC 2350 - Expectations for Computer Security Incident Response Training Resources CSIRT Training Resources from ENISA Tutorials for Network Miner and Other Netresec Tools PCAP Files for Training - Malware Traffic Analysis FIRST Courses TRANSITS Materials Encyclopedia of evasion techniques STOic TTX Facilitator Training BlueYard - Blue Team CTF Challenges Collections of Resources Awesome Incident Response Awesome Security APIs Awesome Detection Engineering Awesome SOAR List Tool Analysis Result Sheet TriOp - Tool for quickly gathering statistical information from Shodan.
I’ve added a new page to the site with links to miscelaneous tools and materials useful for Incident Response, Malware Analysis, Penetration Testing, etc. It may be accessed here or through the easily remembered URL http://csirt.xyz.