Cyb3rSn0rlax
Social MediaGitHub
  • About Cyb3rSn0rlax
  • 🛡️ SOC Engineering
  • 🧞Building an Open SIEM From Scratch
    • 1. Introduction to Elastic Stack
      • a. Installing and configuring Elasticsearch
      • b. Installing and configuring Kibana
      • c. Installing and configuring Logstash
    • 2. Installing OpenDistro for Elasticsearch Plugins
    • 3. Installing ElastAlert
    • 4. ELK Stack: "L" is for Lord of the Stack
      • a- Event Parsing: Pipelines
      • b - Event Parsing : From Beats to Logstash
      • c- Event Normalization with ECS
    • 5. Alerting in ELK
    • 6. Building Detection Rules
    • 7. Metrics Reports & Dashboards
  • 🛡️A Primer to Detection Engineering Dimensions in a SOC Universe
    • Operationalization
    • Execution
    • Analytics
  • 😺GitHub Projects
    • ELK4QRadar
    • Automating ELK Health Check
  • 💾DFIR
    • DFIR-01 : $MFT
    • DFIR-02 : Journal Forensics
    • DFIR-03: RDP Authentication Artifacts
  • ☢️ DEATH : Detection Engineering And Threat Hunting
    • 🔑TA0006 : Credential Access
      • Detecting Remote Credentials Dumping via comsvcs.dll
    • 🦘TA0008 : Lateral Movement
      • Detecting Lateral Movement via Service Configuration Manager
      • Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 1
      • Detecting CONTI CobaltStrike Lateral Movement Techniques - Part 2
  • 🔎Misc
    • Infosec Game-Sense
Powered by GitBook
On this page
  • Introduction
  • Agents of S.O.C
  • DEATH Specialists
  • The RevEngers
  • The Forensicators
  • Clairvoyants
  • Red Angels
  • Cybersecurity Blogs
  1. Misc

Infosec Game-Sense

You can learn a lot just by following these people (my personal opinion)

PreviousDetecting CONTI CobaltStrike Lateral Movement Techniques - Part 2

Last updated 3 years ago

Introduction

Developing a game-sense in cybersecurity is something you can't do on your own, specially if you're just starting in this field. Personally I think knowing how to think, predict and act when facing cybersecurity difficult situations is as important as having the technical requirements to resolve the issue.

In this blog post you will find a list of people who helped me personally during 2020 to build a mindset for cybersecurity whether with a blog post, a video tutorial, an open-source project, a conference talk or just by sharing their thoughts. These people are absolutely worth following and, whether they know it or not, helped me a lot just by reading/watching their stuff.

Agents of S.O.C

As a junior SOC analyst the following people shaped, in many different ways, my point of vue of a SOC/SIEM environment and how can I approach solving related issues.

DEATH Specialists

Detection Engineers And Threat Hunters is one of my favorite lists where you can find some low-level approaches to building detections and hunting for malicious behaviors.

The RevEngers

Reverse Engineers and Malware Analysts are definitely always on my watchlist.

The Forensicators

The DFIR community, the mother of all, where nothing is really deleted or hidden and when everything is on fire, they're the ones sent in.

Clairvoyants

Cybersecurity Threat Intelligence analysts, they have seen it coming from miles away.

Red Angels

You can't protect it if you don't know where & how it can be attacked. These people helped me in many ways to grasp many aspects of attack techniques in order to provide and build better detections.

Cybersecurity Blogs

In this section I tried to put a list of one of the best blogs out there (IMO) for researching and studying for both offensive and defensive purposes:

Photo Credit

: Eye opening articles and SOC/SIEM/Detection critical thinking.

: SOC visionary thinking

: Couldn't find him on Twitter, His latest is just amazing.

: Went through it all, from Tier 1 SOC analyst to SOC lead, knows the good the bad and the ugly.

: His open-source projects and talks are a must to watch. (Great teaching skills btw)

: The amount of research dedicated to SOC analysts' way of thinking and their daily issues is tremendous.

: A Tweeter of a niche. Not so many people out there give detailed insights on how to measure your SOC's effectiveness.

: Looking for SOC automation? This is your guy!

: His talk changed my mind about a lot of things.

: They share some great insights about daily SecOps challenges.

Photo Credits

: Threat hunting encyclopedia. Everything he tweets should be documented!

: The amount of contributions to the infosec community is just incredible.

: Big add to the community with his data science approaches.

: Author of SIGMA, RACCINE, LOKI, THOR and many other great projects.

: Adam is an all rounder, putting him in a category is just not fair (sorry but I had to) definitely check his .

: Thorough analysis and structural explanations. Check his blog posts on

: His blog posts are definitely a must read.

: Reshaping detection engineering. blog post among others are definitely illuminating.

: His is one of the best articles I read in 2020.

: Great contributor to the community. Definitely keep an eye on his

: Valuable insights on threat hunting approaches. The inventor of Pyramid of Pain

: The incarnation of "You Can Run, But You Can’t Hide"

: His PowerShell detection talks are a must watch.

: Great Threat Hunting and Detections engineering insight. His quizzes are awesome.

: Share great articles with deep blue team inspection & analysis. Keep an eye on his medium page.

: A Windows wizard with deep level of knowledge.

: Another Windows wizard. Their insights are really a necessity for both Red & Blue Teamers.

: Shares great Threat Hunting tips and contributes to the community with his great articles on medium.

: Great infosec contributor, known for his work on SIGMA project.

: Shares great insights and tips specially related to Splunk.

: Provides great contributions to the infosec community by their insights and GitHub projects.

Photo Credits

: If you're a SOC/Malware analyst you've probably used one of her tools.

: Expect nothing but exclusif infosec content.

: Daily malware analysis and IoCs

: His website and courses are definitely a great place to get into malware analysis and reverse engineering.

: Great content creator on YouTube with many tutorials on malware analysis

: Daily analysis and insights.

: Daily malware analysis and IoCs

: Daily malware analysis and IoCs

: You've definitely analyzed one of their PCAPs before on

: Their website is a gold mine for malware samples and papers.

: An android malware specialist.

: His tutorial videos and malware analysis challenges are a must to go through.

: Daily malware analysis and IOCs.

: Daily malware samples submissions and analysis.

: Great tool maker and book writer about malware analysis.

: Great Malware research and reverse engineering content, definitely check their blog.

Photo Credits

: One of the greatest contributors to the DFIR community with his amazing set of tools .

: Makes great tools for Maldoc analysis and many more.

: Writes great books and makes great tools for DFIR community.

: Great forensics tool maker and her blog posts are very informative, helped me a lot

: His blogs at the e-forensicsmag.com are gold.

: The best YouTube DFIR content maker (IMHO)

: Known for various topics but his DFIR blog post is a reference to any forensics analyst.

: Knew her from her and on AmCache. Definitely eye opener

: Great tool maker and definitely check their blog.

: If you want to know about the "Thrill of the Hunt" from a defense perspective, blogs are a great place to learn.

: Maintains a great website for weekly DFIR news ().

: Her is loaded with great deal of information for anyone trying to get into infosec and DFIR.

: Maintains a great channel and tweets great insights about DFIR.

: Shares a lot of great tips for DFIR, definitely check her .

: Great tool maker and the man behind #DailyDFIR where he shared daily insights about DFIR

: Shares great tips about Digital Forensics. Definitely check their website

Photo Credits

: Personally, my top-of-mind when i hear the word CTI

: Her keynote talk at ATT&CKcon2.0 was amazing.

: Great CTI feeds source.

: I tried to only include people not organizations otherwise the list would be too long but this is an exception that needs no introductions.

: Cybersecurity latest news.

: Great reports documenting Tactics, Techniques, and Procedures used by APT.

: Dark Web threat intel insights

: Daily tweets and follow ups of the most recent attacks.

Photo Credits

🔎
HERE
Follow @anton_chuvakin
Follow @CCrowMontance
Carson Zimmerman
talk
Follow @SecHubb
Follow @SecurityMapper
Follow @chrissanders88
Follow @jhencinski
Follow @markaorlando
Follow @austinjmurphy
What Does my SOC do?
Follow @blueteamblog
HERE
Follow @SBousseaden
Follow @Cyb3rWard0g
Follow @Cyb3rPandaH
Follow @cyb3rops
Follow @Hexacorn
blog posts
Follow @JohnLaTwC
medium
Follow @Antonlovesdnb
Follow @jaredcatkinson
The Funnel of Fidelity
Follow @duff22b
blog post
Follow @olafhartong
medium posts
Follow @DavidJBianco
Follow @jsecurity101
Follow @Lee_Holmes
Follow @BlackMatter23
Follow @nas_bench
Follow @0gtweet
Follow @jonasLyk
Follow @Cyb3rMonk
Follow @blubbfiction
Follow @M_haggis
Follow @ionstorm
HERE
Follow @hasherezade
Follow @binitamshah
Follow @James_inthe_box
Follow @0verfl0w_
0ffset.net
Follow @cybercdh
Follow @VK_Intel
Follow @malwrhunterteam
Follow @bl4ckh0l3z
Follow @malware_traffic
malware-traffic-analysis
Follow @vxunderground
vx-underground.org
Follow @sh1shk0va
Follow @jstrosch
Follow @JAMESWT_MHT
Follow @Arkbird_SOLG
Follow @ochsenmeier
Follow @krabsonsecurity
HERE
Follow @EricRZimmerman
EZTools
Follow @DidierStevens
Follow @keydet89
Follow @maridegrazia
Follow @Kirtar_Oza
Follow @13CubedDFIR
Follow @CyberRaiju
Follow @moustik01
talk
research
Follow @OMENScan
Follow @DFIRmadness
DFIRMadness.com
Follow @phillmoore
thisweekin4n6.com
Follow @DfirDiva
dfirdiva.com
Follow @vinopaljiri
YouTube
Follow @inversecos
website
Follow @_RyanBenson
Follow @4n6ist
kazamiya.net
HERE
Follow @likethecoins
Follow @t_gidwani
Follow @InfoSec_Pom
Follow @MITREattack
Follow @campuscodi
Follow @TheDFIRReport
Follow @darktracer_int
Follow @kyleehmke
HERE
Follow @Oddvarmoe
Follow @FuzzySec
Follow @xpn
Follow @byt3bl33d3r
Follow @its_a_feature
Follow @cobbr_io
Follow @domchell
Follow @netbiosX
Follow @HackAndDo
Follow @EthicalChaos
Follow @subTee
Follow @_RastaMouse
Follow @batsec
Follow @mohammadaskar2
Follow @SkelSec
Follow @xorrior
Follow @spotheplanet
Follow @matterpreter
Follow @mattifestation
Follow @_wald0
Follow @0x00dtm
Follow @ajpc500
Follow @PythonResponder
Follow @itm4n
Follow @decoder_it
Follow @harmj0y
Follow @gentilkiwi
Follow @theluemmel
Follow @Jean_Maes_1994
Follow @mvelazco
Follow @spotheplanet
https://threathunterplaybook.com/
https://zero2auto.com/
https://nasbench.medium.com/
https://mergene.medium.com/
https://www.hexacorn.com/
https://blueteamblog.com/
https://teamhydra.blog/
https://thedfirreport.com/
https://threatintel.blog/
https://guyinatuxedo.github.io/
https://jhalon.github.io/
https://modexp.wordpress.com/
https://dtm.uk/
https://evids.dfir.tips/
https://winprocs.dfir.tips/
https://krabsonsecurity.com/
https://offnotes.notso.pro/
https://shogunlab.gitbook.io/
https://wadcoms.github.io/
https://luemmelsec.github.io/
https://www.c2.lol/
https://csandker.io/
https://dmcxblue.gitbook.io/
https://blueteamegy.blogspot.com/
https://rmusser.net/docs/Active_Directory.html
https://class.malware.re/
https://marcusedmondson.com/
https://blog.redbluepurple.io/
https://arnaugamez.com/
https://book.hacktricks.xyz/
https://blog.sevagas.com/
https://ijustwannared.team/
https://casvancooten.com/posts/
https://decoder.cloud/
https://labs.sentinelone.com/
https://eforensicsmag.com/blog/
https://www.andreafortuna.org/
https://www.kazamiya.net/en
https://blog.xpnsec.com/
https://beta.hackndo.com/
https://www.ired.team/
Agents of S.H.I.E.L.D
Death specialist trooper from Star Wars
Revengers (Marvel)
JASON BARD from Detective Comics (DC)
Professor X (X-MEN)
The Red Angel (Star Trek Discovery)