Skip to content

Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.

Notifications You must be signed in to change notification settings

TheCyberArcher/SOC-Ressources

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 

Repository files navigation

SOC-RESSOURCES

Are you starting a career as a SOC analyst? Or do you simply want to get a list of the most used tools in the cyber world? This repository is made for you, whether you are a level 1 or in a more advanced branch, you will find all the resources to make your work easier. Remember, the priority is to properly detect and identify the threat, so use everything you have at hand and avoid the crisis !


text2photo-aa5ac538f855cc43ff01802f7ea3e1b4.png

In this repository, several parts, one for monitoring, the list of tools to qualify malicious activity and finally, a list of queries to carry out your threat hunting properly. I've also added news sites and courses to train you between cyber attacks, when you have time.


👮 Cybercrime Monitoring

Website Description
APT_CyberCriminal This is a repository for various publicly-available documents and notes related to APT, sorted by year.
Mitre Attack APT group and campaign list
Ransomwatch Track Ransomware and leak activity over the web
FBI Internet Crime Report As the cyber threat continues to evolve, the FBI remains appreciative of those who report cyber incidents to IC3. Information reported to the FBI helps advance our investigations.
FBI Fraud Report The Internet Crime Complaint Center, or IC3, is the Nation's central hub for reporting cyber crime. It is run by the FBI, the lead federal agency for investigating cyber crime.
CISA Top Vulnerabilites For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities
Sophos Ransomware report report on ransomware attacks, payments, and recovery costs from Sophos
SpyCloud Exposure report Annual Identity Exposure Report unveils the latest cybercrime research, including data breach, malware & identity threat trends
NIST Cybersecurity NIST collaborated with software developers, service providers, and users to develop secure software development guidance that is now mandatory for federal agency softwar e acquisition and use
Malware Traffic Analysis This blog focuses on network traffic related to malware infections, mostly from Windows-based malware.
ANSSI Cyber Threat the Agency reports a steadily rising cyber threat level, against a backdrop of new geopolitical tensions and international events being held in France
Fortinet Top 20 Most Common Types of Cybersecurity Attacks
CrowdStrike 10 Most Common Types of Cyber Attacks
MalwareByteLabs Ransomware review 2024

🔎 SOC Intelligence Online Tools

Website Description
AbuseIP Check IP reputation online and through public feeds
CriminalIP First IP Malware Activity Checker Site
Shodan Analyse hostname and IP and find mode
Netcraft Historical analyzer, find infos about websites and dns
UrlScan Scan a site's URL to find out if it is linked to suspicious activities
PaloAltosURL URL scanner from the world's leading security company
JoeSandbow Analyze your malware samples to observe their behavior
Yomi A performance sandbox to analyze your malware
VirusTotal Analyze a hash, file or URL and see if it has been reported by cyber companies
Hybrid Analysis Another sandbox, analyze the files and see if they pose a risk
DocGuard A document analyzer, malicious VB macros, hidden scripts...
MxToolBox Check the reputation of an email domain and its records
TreatMining Take informations about IOC
CyberChief CyberChef is a web app that allows you to create and run recipes of data manipulation operations. You can use it to encrypt, decode, compress, analyze and transform data in various ways
PcapTotal The platform is a successor to PacketTotal with over 100,000 PCAP files in its repository. Check if a malicious behavior is present in a network pcap
MD5Center Reverse MD5 Hash (with no salt, for other use john or hashcat)
SHA1Center Similar website, but for Sha1 reverse
PhishTank Phishing website analysis
PulseDive Ultimate centralized CTI tool, take informations about malware, IP, hash, Mitre tags
Censys Censys helps you identify exposures that attackers are likely to exploit
DNSDumpster Ultra powerfull DNS domain recon tool

👾 Malware Sample

Website Description
MalwareDatabase Malware Sample repository
VXunderground Virus source code, online, free
Malware-Feed Repository and list of the most active malware
Malware-Bazard Collect samples for your tests from the most famous database in the world
Malware-Sample Another repository, offering up-to-date samples
TheZoo New repo, active, offering malwares samples

🕵️ SOC Analyst - Hunting ressources

Website Description
Sentinel & Defender KQL KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft Security products
Awesome KQL Awesome repository of detection R&D created exclusively by the Cylaris Threat Research Group
Sentinel Queries Some tips, tricks and examples for using KQL for Microsoft Sentinel.
Threat-Hunting-KQL Repository for threat hunting and detection queries, tools, etc.
Splunk Queries SOC Most Useful SPLUNK Queries for SOC Analysts
Splunk queries Compilation of Splunk queries collected and used over time
sserrato Splunk Queries These are example so of queries I've run on Apache and Window Servers Logs as part of a 2022 course on cybersecurity where I was using Splunk for SOC monitoring
threathuntingspl This is a repository to store Splunk code (SPL) and prototypes useful for building rules (correlation searches) and queries to find and hunt for malicious activity.
ThreatHuntingWithSplunk Awesome Splunk SPL queries that can be used to detect the latest vulnerability exploitation attempts
IBM AQL IBM Documentation for AQL queries
Explain Shell Don't understand a command? Type it here
zzzcodeai Don't understand code ? Specify the language and paste the code here
KQL for network OPS If you query data that contains IP addresses this blog is something for you!
KQL for Sec OPS In recent years Kusto Query Language (KQL) has gotten a more and ever increasing place in the cyber security world
FalconFriday MDE hunting queries to detect offensive techniques
AzSentinelQueries Sentinel hunting queries and Analytics rules
KQL Therefore, in this repository on KQL-XDR-Hunting, I will be sharing 'out-of-the-box' KQL queries based on feedback, security blogs, and new cyber attacks to assist you in your threat hunting
Advanced Hunting KQL Collection of Microsoft 365 Advanced Hunting Queries written in Kusto Query Language (KQL)
Sekoia-io ressources This repository contains IOCs, cyber threat intelligence materials, hunting queries, detection rules, playbooks and much more to help you make the most of the capabilities of SEKOIA.IO XDR
CrowdStrike community This hunting guide teaches you how to hunt for adversaries, suspicious activities, suspicious processes, and vulnerabilities using Falcon telemetry in Falcon Long-Term Repository (FLTR)
FortiSIEM Documentation for FortiSOAR and FortiSIEM investigations
SigmaDoc Documentation for Sigma detections rules

🌐 Threat Maps

Website Description
Checkpoint See LIVE cyber attacks now with threat map
Kaspersky Find out if you're under cyber-attack here
Radware Radware's Live Threat Map presents near real-time information about cyberattacks as they occur, based on our global threat deception network and cloud systems event information
Fortinet Is your network security keeping up with the latest threats?
Bitdefender Bitdefender Advanced Threat Defense Cyber Map

📝 Course / documentation

Website Description
RootMe Train your hacking skills on various exercises and virtual environments
HackTheBox This path covers core security monitoring and security analysis concepts and provides a deep understanding of the specialized tools, attack tactics, and methodology used by adversaries
TryHackMe In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts.
Coursera Coursera offers SOC analyst courses from IBM, Microsoft, PaloAlto and many other major players in the Cyber world
Let's defends Develop the skills and experience to land a better job in cybersecurity
ICSI SOC Analyst courses, Network Defense, Penstesting, Crest Approved.
ECC SOC-A Engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations
Offsec-soc200 Learn the foundations of cybersecurity defense with Foundational Security Operations and Defensive Analysis (SOC-200)
SecurityBlueTeam BTL1 has been trusted around the world to train thousands of technical defenders in governments, CERTs, law enforcement, military units, MSSPs, financial institutions, critical national infrastructure, and more.
PluralSight A cyber defense analyst uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats.
Microsoft SC200 Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.
Splunk CCDA Validate your skills to start as a SOC analyst using Splunk analytics, threat-hunting, risk-based alerting and industry best practices.
IBM SOCA This intermediate level certification targets analysts that have knowledge and technical skills in CompTIA Cybersecurity and IBM Security QRadar SIEM
Cisco SOC Free Course Junior SOC Analyst from Skill4All
CompTIA CySA+ CompTIA Cybersecurity Analyst (CySA+) is a certification for cyber professionals tasked with incident detection, prevention and response through continuous security monitoring.
CompTIA Security+ CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.

📰 News Websites

Website Description
TheHackerNews The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news...
DarkReading Dark Reading is a website that covers cybersecurity news, trends, and analysis. Find out the latest threats, vulnerabilities, breaches, and solutions for your organization.
Cybersecurity Hub As a pioneer in the space, Cyber Security Hub is the definitive resource for the Cyber Security community. We gather global leaders around critical information in multiple formats, including daily commentary, interactive webinars, monthly events, and market reports...
Cybersecurity News Cyber Security News is an Independent news platform which covers all the happenings in the Cyber World. Here We cover Ongoing threats, Research papers, Vulnerability, Data breaches and more.
Cyware Cyware's cybersecurity automation platform automates security alert aggregation and advisory sharing into one platform designed to drive real-time situational awareness, expedite potential threat information exchange, and foster collaboration between security teams
/r/Cybersecurity Join the discussion on cybersecurity topics, such as news, breaches, ransoms, tools, education, career, and more. Browse the latest posts, ask questions, share insights, and connect with other members of the r/cybersecurity subreddit
InfoSecurity Infosecurity Magazine covers the latest news, opinions, webinars and white papers on information security and IT security topics. Find out about the US ban on Kaspersky, the LockBit ransomware, the NHS data breach and more
CyberdefenseMag Do you like to write about Cyber Security? Looking for a exciting platform for your cyber security content to be seen? Well you have come to the right place! Cyber Defense Magazine is the hottest, cyber security news outlet and magazine in the industry
SecurityLedger The Security Ledger is an independent security news website that explores the intersection of cyber security with business, commerce, politics and everyday life
GBHackers GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis
HackRead Gateway to the world of the Internet that centers on Technology, Security, Privacy, Surveillance, Cyberwarfare, Cybercrime, and first-hand Hacking News, with full-scale reviews on Social Media Platforms.
Talos Itelligence Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. Comprised of world-class cyber security researchers, analysts and engineers and supported by unrivaled telemetry, Talos defends Cisco customers against known and emerging threats...
TheGuardian/Cyber Get the latest news, sport and opinion from the Guardian's US edition, the world's leading liberal voice on politics, culture and society
ProofPointBlog The Proofpoint cybersecurity blog provides you with advanced cybersecurity intelligence and insights, threat research, and breaking cyber attack news. Get the latest news about advanced threats
r/SecurityCareerAdvice/ This is a place to connect those seeking to learn with those who have walked the path before. Ask your questions about cybersecurity careers here, and mentors can choose to answer as they have time
/r/netsec/ Join r/netsec, a community of technical information security enthusiasts, to share, discuss, and learn from the latest security content and news

👁️ Other Awesome Githubs !!!

Website Description
9QIX/HTB-SOCAnalystPrerequisites This comprehensive learning journey spans 173 sections over 12 days, comprising 350 required cubes. The path delves into fundamental IT and Information Security subjects, covering networking, Linux and Windows operating systems, basic programming and scripting, and Assembly...
SOC-Community/Awesome-SOC A collection of sources of documentation, and field best practices, to build and run a SOC (including CSIRT)
LetsDefend/awesome-soc-analyst We just collected useful resources for SOC analysts and SOC analyst candidates. This repository is maintained by LetsDefend
awesome-list Security lists for SOC/DFIR detections
hslatman/awesome-threat-intelligence A curated list of awesome Threat Intelligence resources
Certification-Training/CEHv12 Study notes for the EC-Council Certified Ethical Hacker CEH v12 exam by a3cipher
FreeCybersecurityEbooks Collection of free cybersecurity-related e-books available on KnowledgeHub
awesome-list Collection of detection lists, feeds and ioc - SIEM and Firewalls

About

Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published