The following is an overview of links/articles commonly referenced during the SEC599 course
- Wired - The untold story of NotPetya
- Cyberbit blog - COM Hijacking
- MITRE ATT&CK
- Swift on Security - Sysmon config
- APT Groups and Operations Google sheet
- APT Index - Kumu.io
- ThaiCERT - Threat actor encyclopedia
- Malware Archeology - Cheat Sheets
- NSA Cyber - Windows Secure Host Baseline
- Openstack - Ansible Hardening
- NIST Checklists
- MITRE ENGENUITY - ATT&CK Evaluations
- x0rz - Phishing Catcher
- Fenrir - NAC bypass - Valérien Legrand
- Hackers use BadUSB to target defense firms with ransomware
- YARA Rules Github
- InsecurePowerShell - PowerShell without System.Management.Automation.dll
- Ultimate Applocker bypass list
- USBHarpoon a Charging Cable That Hacks Your Computer
- LOLBAS - Living Off The Land Binaries and Scripts
- GTFOBins
- Malware-Traffic-Analysis.net
- Domain-Level Prevention of LLMNR/NBT-NS Poisoning and WPAD Spoofing
- Changing default file associations in Windows 10 via GPO
- Win32K.SYS System call table
- Zerodium Exploit Acquisition program
- Overview of Windows as a Service
- Bill Gates - Trustworthy Computing memo
- Salesforce JA3
- Hexacorn - Beyond good ol' Run key
- Microsoft - Control Flow Guard
- Microsoft - Exploit protection reference
- Palentir - Exploit guard base configuration script