Infosec Game-Sense

Introduction

Developing a game-sense in cybersecurity is something you can't do on your own, specially if you're just starting in this field. Personally I think knowing how to think, predict and act when facing cybersecurity difficult situations is as important as having the technical requirements to resolve the issue.

In this blog post you will find a list of people who helped me personally during 2020 to build a mindset for cybersecurity whether with a blog post, a video tutorial, an open-source project, a conference talk or just by sharing their thoughts. These people are absolutely worth following and, whether they know it or not, helped me a lot just by reading/watching their stuff.

Agents of S.O.C

As a junior SOC analyst the following people shaped, in many different ways, my point of vue of a SOC/SIEM environment and how can I approach solving related issues.

Photo Credit HERE

• Follow @anton_chuvakin : Eye opening articles and SOC/SIEM/Detection critical thinking.

• Follow @CCrowMontance : SOC visionary thinking

• Carson Zimmerman : Couldn't find him on Twitter, His latest talk is just amazing.

• Follow @SecHubb : Went through it all, from Tier 1 SOC analyst to SOC lead, knows the good the bad and the ugly.

• Follow @SecurityMapper : His open-source projects and talks are a must to watch. (Great teaching skills btw)

• Follow @chrissanders88 : The amount of research dedicated to SOC analysts' way of thinking and their daily issues is tremendous.

• Follow @jhencinski : A Tweeter of a niche. Not so many people out there give detailed insights on how to measure your SOC's effectiveness.

• Follow @markaorlando : Looking for SOC automation? This is your guy!

• Follow @austinjmurphy : His talk What Does my SOC do? changed my mind about a lot of things.

• Follow @blueteamblog : They share some great insights about daily SecOps challenges.

DEATH Specialists

Detection Engineers And Threat Hunters is one of my favorite lists where you can find some low-level approaches to building detections and hunting for malicious behaviors.

Photo Credits HERE

• Follow @SBousseaden : Threat hunting encyclopedia. Everything he tweets should be documented!

• Follow @Cyb3rWard0g : The amount of contributions to the infosec community is just incredible.

• Follow @Cyb3rPandaH : Big add to the community with his data science approaches.

• Follow @cyb3rops : Author of SIGMA, RACCINE, LOKI, THOR and many other great projects.

• Follow @Hexacorn : Adam is an all rounder, putting him in a category is just not fair (sorry but I had to) definitely check his blog posts.

• Follow @JohnLaTwC : Thorough analysis and structural explanations. Check his blog posts on medium

• Follow @Antonlovesdnb : His blog posts are definitely a must read.

• Follow @jaredcatkinson : Reshaping detection engineering. The Funnel of Fidelity blog post among others are definitely illuminating.

• Follow @duff22b : His blog post is one of the best articles I read in 2020.

• Follow @olafhartong : Great contributor to the community. Definitely keep an eye on his medium posts

• Follow @DavidJBianco : Valuable insights on threat hunting approaches. The inventor of Pyramid of Pain

• Follow @jsecurity101 : The incarnation of "You Can Run, But You Can’t Hide"

• Follow @Lee_Holmes : His PowerShell detection talks are a must watch.

• Follow @BlackMatter23 : Great Threat Hunting and Detections engineering insight. His quizzes are awesome.

• Follow @nas_bench: Share great articles with deep blue team inspection & analysis. Keep an eye on his medium page.

• Follow @0gtweet: A Windows wizard with deep level of knowledge.

• Follow @jonasLyk: Another Windows wizard. Their insights are really a necessity for both Red & Blue Teamers.

• Follow @Cyb3rMonk: Shares great Threat Hunting tips and contributes to the community with his great articles on medium.

• Follow @blubbfiction: Great infosec contributor, known for his work on SIGMA project.

• Follow @M_haggis: Shares great insights and tips specially related to Splunk.

• Follow @ionstorm: Provides great contributions to the infosec community by their insights and GitHub projects.

The RevEngers

Reverse Engineers and Malware Analysts are definitely always on my watchlist.

Photo Credits HERE

• Follow @hasherezade : If you're a SOC/Malware analyst you've probably used one of her tools.

• Follow @binitamshah : Expect nothing but exclusif infosec content.

• Follow @James_inthe_box : Daily malware analysis and IoCs

• Follow @0verfl0w_ : His 0ffset.net website and courses are definitely a great place to get into malware analysis and reverse engineering.

• Follow @cybercdh: Great content creator on YouTube with many tutorials on malware analysis

• Follow @VK_Intel : Daily analysis and insights.

• Follow @malwrhunterteam: Daily malware analysis and IoCs

• Follow @bl4ckh0l3z : Daily malware analysis and IoCs

• Follow @malware_traffic : You've definitely analyzed one of their PCAPs before on malware-traffic-analysis

• Follow @vxunderground : Their website vx-underground.org is a gold mine for malware samples and papers.

• Follow @sh1shk0va : An android malware specialist.

• Follow @jstrosch : His tutorial videos and malware analysis challenges are a must to go through.

• Follow @JAMESWT_MHT : Daily malware analysis and IOCs.

• Follow @Arkbird_SOLG : Daily malware samples submissions and analysis.

• Follow @ochsenmeier: Great tool maker and book writer about malware analysis.

• Follow @krabsonsecurity: Great Malware research and reverse engineering content, definitely check their blog.

The Forensicators

The DFIR community, the mother of all, where nothing is really deleted or hidden and when everything is on fire, they're the ones sent in.

Photo Credits HERE

• Follow @EricRZimmerman: One of the greatest contributors to the DFIR community with his amazing set of tools EZTools.

• Follow @DidierStevens : Makes great tools for Maldoc analysis and many more.

• Follow @keydet89: Writes great books and makes great tools for DFIR community.

• Follow @maridegrazia: Great forensics tool maker and her blog posts are very informative, helped me a lot

• Follow @Kirtar_Oza: His blogs at the e-forensicsmag.com are gold.

• Follow @13CubedDFIR: The best YouTube DFIR content maker (IMHO)

• Follow @CyberRaiju: Known for various topics but his DFIR blog post is a reference to any forensics analyst.

• Follow @moustik01: Knew her from her talk and research on AmCache. Definitely eye opener

• Follow @OMENScan : Great tool maker and definitely check their blog.

• Follow @DFIRmadness : If you want to know about the "Thrill of the Hunt" from a defense perspective, DFIRMadness.com blogs are a great place to learn.

• Follow @phillmoore: Maintains a great website for weekly DFIR news (thisweekin4n6.com).

• Follow @DfirDiva: Her dfirdiva.com is loaded with great deal of information for anyone trying to get into infosec and DFIR.

• Follow @vinopaljiri: Maintains a great YouTube channel and tweets great insights about DFIR.

• Follow @inversecos: Shares a lot of great tips for DFIR, definitely check her website.

• Follow @_RyanBenson: Great tool maker and the man behind #DailyDFIR where he shared daily insights about DFIR

• Follow @4n6ist: Shares great tips about Digital Forensics. Definitely check their website kazamiya.net

Clairvoyants

Cybersecurity Threat Intelligence analysts, they have seen it coming from miles away.

Photo Credits HERE

• Follow @likethecoins : Personally, my top-of-mind when i hear the word CTI

• Follow @t_gidwani : Her keynote talk at ATT&CKcon2.0 was amazing.

• Follow @InfoSec_Pom : Great CTI feeds source.

• Follow @MITREattack : I tried to only include people not organizations otherwise the list would be too long but this is an exception that needs no introductions.

• Follow @campuscodi : Cybersecurity latest news.

• Follow @TheDFIRReport: Great reports documenting Tactics, Techniques, and Procedures used by APT.

• Follow @darktracer_int: Dark Web threat intel insights

• Follow @kyleehmke: Daily tweets and follow ups of the most recent attacks.

Red Angels

You can't protect it if you don't know where & how it can be attacked. These people helped me in many ways to grasp many aspects of attack techniques in order to provide and build better detections.

Photo Credits HERE

• Follow @Oddvarmoe

• Follow @FuzzySec

• Follow @xpn

• Follow @byt3bl33d3r

• Follow @its_a_feature

• Follow @cobbr_io

• Follow @domchell

• Follow @netbiosX

• Follow @HackAndDo

• Follow @EthicalChaos

• Follow @subTee

• Follow @_RastaMouse

• Follow @batsec

• Follow @mohammadaskar2

• Follow @SkelSec

• Follow @xorrior

• Follow @spotheplanet

• Follow @matterpreter

• Follow @mattifestation

• Follow @_wald0

• Follow @0x00dtm

• Follow @ajpc500

• Follow @PythonResponder

• Follow @itm4n

• Follow @decoder_it

• Follow @harmj0y

• Follow @gentilkiwi

• Follow @theluemmel

• Follow @Jean_Maes_1994

• Follow @mvelazco

• Follow @spotheplanet

Cybersecurity Blogs

In this section I tried to put a list of one of the best blogs out there (IMO) for researching and studying for both offensive and defensive purposes:

• https://threathunterplaybook.com/

• https://zero2auto.com/

• https://nasbench.medium.com/

• https://mergene.medium.com/

• https://www.hexacorn.com/

• https://blueteamblog.com/

• https://teamhydra.blog/

• https://thedfirreport.com/

• https://threatintel.blog/

• https://guyinatuxedo.github.io/

• https://jhalon.github.io/

• https://modexp.wordpress.com/

• https://dtm.uk/

• https://evids.dfir.tips/

• https://winprocs.dfir.tips/

• https://krabsonsecurity.com/

• https://offnotes.notso.pro/

• https://shogunlab.gitbook.io/

• https://wadcoms.github.io/

• https://luemmelsec.github.io/

• https://www.c2.lol/

• https://csandker.io/

• https://dmcxblue.gitbook.io/

• https://blueteamegy.blogspot.com/

• https://rmusser.net/docs/Active_Directory.html

• https://class.malware.re/

• https://marcusedmondson.com/

• https://blog.redbluepurple.io/

• https://arnaugamez.com/

• https://book.hacktricks.xyz/

• https://blog.sevagas.com/

• https://ijustwannared.team/

• https://casvancooten.com/posts/

• https://decoder.cloud/

• https://labs.sentinelone.com/

• https://eforensicsmag.com/blog/

• https://www.andreafortuna.org/

• https://www.kazamiya.net/en

• https://blog.xpnsec.com/

• https://beta.hackndo.com/

• https://www.ired.team/