# Defensive
{% tabs %}
{% tab title="General" %}
| [Atlant Security Windows Hardening Scripts](https://github.com/atlantsecurity/windows-hardening-scripts) ! | [Awesome Forensics](https://cugu.github.io/awesome-forensics/) | [Awesome Threat Intelligence Repo](https://github.com/hslatman/awesome-threat-intelligence) | [Random Powershell Tasks from @adbertram](https://github.com/adbertram/Random-PowerShell-Work) |
| ---------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| [EyeHateMalwares](https://eyehatemalwares.com/) ! | [Pylirt](https://github.com/anil-yelken/pylirt) - Python IR toolkit for linux | [Steven Black host file](https://github.com/StevenBlack/hosts) | |
| {% endtab %} | | | |
{% tab title="Training" %}
**KQL Training**
{% endtab %}
{% tab title="Intel" %}
### Feeds, Trends, and Intel
* [Cyber Threat Intelligence Dashboard by infosecn1nja](https://start.me/p/wMrA5z/cyber-threat-intelligence) !
* [CVE Trends Crowdsourced CVE Intel](https://cvetrends.com/)
* [Abuse.ch Malware URL Exchange](https://urlhaus.abuse.ch/)
* [Phishing Army: Phishing URL Blocklist](https://phishing.army/)
* [Unified Hosts Blacklist: Host file for malicious URL Blocking, updated daily](https://github.com/Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist)
* [APT Index (National Security Cyber War Map)](https://embed.kumu.io/0b023bf1a971ba32510e86e8f1a38c38#apt-index)
{% endtab %}
{% tab title="DFIR" %}
| General | | |
| ------------------------------------------------------------------------------------------- | --------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
| [ADHD](https://www.blackhillsinfosec.com/projects/adhd/) | [Awesome Event IDs Repo](https://github.com/stuhli/awesome-event-ids) | [BinaryAlert](https://github.com/airbnb/binaryalert) |
| [BZAR](https://github.com/mitre-attack/bzar) | [CimSweep](https://github.com/PowerShellMafia/CimSweep) | [Cybersecurity IR Repo](https://github.com/paulveillard/cybersecurity-incident-response) |
| [DeepBlueCLI](https://github.com/sans-blue-team/DeepBlueCLI) | [DeTTECT](https://github.com/rabobank-cdc/DeTTECT) | [DFIR Diva](https://dfirdiva.com/) ! |
| [EQL Analytics Library](https://github.com/endgameinc/eqllib) | [Fast Incident Response](https://github.com/certsocietegenerale/FIR) | [GMER Windows Rootkit Scanner](http://www.gmer.net/#files) |
| [Google Rapid Response (GRR)](https://github.com/google/grr) | [Hollows Hunter](https://github.com/hasherezade/hollows_hunter) | [Loki](https://github.com/grafana/loki) |
| [Meerkat](https://github.com/TonyPhipps/Meerkat) | [Memoryze](https://fireeye.market/apps/211368) | [Monitor](https://fireeye.market/apps/211360) |
| [Oriana](https://github.com/mvelazc0/Oriana/) | [OSSEM](https://github.com/OTRF/OSSEM) | [Persistence Sniper from @last-byte](https://github.com/last-byte/PersistenceSniper) |
| [PiRogue Tool Suite (Mobile Device Forensics)](https://github.com/PiRogueToolSuite) | [PowerGRR](https://github.com/swisscom/PowerGRR) | [rkhunter Linux RootKit Scanner](https://salsa.debian.org/pkg-security-team/rkhunter) |
| [SANS Sift Workstation Forensic Tool](https://www.sans.org/tools/sift-workstation/) | [FTK Imager](https://www.exterro.com/forensic-toolkit) ! | [IoT Digital Forensics course](https://github.com/RJC497/IoT-Digital-Forensics-Course) (free) |
| [C2-Hunter](https://github.com/ZeroMemoryEx/C2-Hunter) - Real-time extraction of C2 traffic | | |
**File/email analysis and sandboxes**
| | | |
| ----------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | ------------------------------------------- |
| [MxToolbox](https://mxtoolbox.com/EmailHeaders.aspx) - Online email headerr analysis | [VirusTotlal](https://www.virustotal.com/gui/home/search) | [AnyRun](https://any.run/) - Online Sandbox |
| [Hybrid-Analysis ](https://www.hybrid-analysis.com/)- Online Sandbox | [Joe Sandbox](https://www.joesandbox.com/#windows) | [VMRay Sandbox](https://www.vmray.com/) |
| [Browserling](https://app.gitbook.com/s/iTTNU6nxIY2fbSYQhK15/group-1/engagement-contacts) - Browser Sandbox | | |
**M365 and Azure AD Incident Response**
| | | |
| ------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| [Azure AD Investigator PowerShell module](https://github.com/AzureAD/Azure-AD-Incident-Response-PowerShell-Module) | [AzureAD Security Assessment](https://github.com/AzureAD/AzureADAssessment) | [Mandiant Azure AD Investigator](https://github.com/mandiant/Mandiant-Azure-AD-Investigator) |
| [CISA Sparrow](https://github.com/cisagov/Sparrow) | [CrowdStrike Reporting Tool for Azure (CRT)](https://github.com/CrowdStrike/CRT) | [Hawk](https://github.com/T0pCyber/hawk) |
| [AzureHound](https://github.com/BloodHoundAD/AzureHound) | [Office 365 Extractor](https://github.com/PwC-IR/Office-365-Extractor) | [Azure Sentinel Detections](https://github.com/Azure/Azure-Sentinel/tree/master/Detections) |
| {% endtab %} | | |
{% tab title="Malware" %}
**Malware Analysis Tools**
| [Qu1cksc0pe](https://github.com/CYB3RMX/Qu1cksc0pe) - All-in-one MA | | |
| ------------------------------------------------------------------- | - | - |
**Malware Analysis Sites**
| | | |
| ------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | --------------------------------------------------- |
| | [VirusTotal](https://www.virustotal.com/) | [Kasperky](https://opentip.kaspersky.com/) |
| [Intezer](https://analyze.intezer.com/) | [Cuckoo Sandbox](https://cuckoo.cert.ee/) | [Hybrid Analysis](https://www.hybrid-analysis.com/) |
| [Triage](https://tria.ge/) - Online VM | [Any.Run](https://app.any.run/) - Online VM | [Opswat](https://metadefender.opswat.com/) |
| [Filescan.io](https://www.filescan.io/) | [Unpac.me](https://www.unpac.me/) - Automated Unpacking Service | [Malware Bazaar](https://bazaar.abuse.ch/) |
**Malware Resources for Analysis/Reverse Engineering**
| USE | SANDBOXED | ENVIRONMENT | !!! |
| --------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Aoyama\_](https://github.com/Leeon123/Aoyama) | [Arbitrium-RAT\_](https://github.com/im-hanzou/Arbitrium-RAT) | [blackvision](https://github.com/quantumcore/blackvision) | [botnets](https://github.com/maestron/botnets) |
| [Deus x64 reverse engineering/binary exploitation wargames](https://deusx64.ai/) ! | [DDOS-RootSec](https://github.com/R00tS3c/DDOS-RootSec) | [Fsociety-ransomware-MrRobot](https://github.com/graniet/fsociety-ransomware-MrRobot) | [ghost](https://github.com/AHXR/ghost) |
| [HBot](https://github.com/Its-Vichy/HBot) | [Malware Collection Repo](https://github.com/Red-Laboratory/Malware-collection) ! | [Malware Repo from @gbrindisi](https://github.com/gbrindisi/malware) | [Malware Repo from @kaiserfarrell](https://github.com/kaiserfarrell/malware) |
| [MalwareDatabase](https://github.com/Endermanch/MalwareDatabase) | [Ransomware](https://github.com/im-hanzou/Ransomware) | [MalwareSourceCode](https://github.com/vxunderground/MalwareSourceCode) ! | [web-malware-collection\_](https://github.com/nikicat/web-malware-collection) |
| [javascript-malware-collection](https://github.com/HynekPetrak/javascript-malware-collection) | [Malware-samples Repo from @InQuest](https://github.com/InQuest/malware-samples) | [MalWAReX](https://github.com/0x48piraj/MalWAReX) | [Joas (@CybersecurityUP) Malware and Reverse Engineering Collection](https://github.com/CyberSecurityUP/Awesome-Malware-Analysis-Reverse-Engineering) ! |
| [paradoxiaRAT](https://github.com/quantumcore/paradoxiaRAT) | [malware-samples\_](https://github.com/fabrimagic72/malware-samples) | [BlackHAck](https://github.com/AngelSecurityTeam/BackHAck) | [Recreator-Backdoor\_](https://github.com/AngelSecurityTeam/Recreator-Backdoor) |
| [malware](https://github.com/RamadhanAmizudin/malware) | [TinyNuke](https://github.com/RamadhanAmizudin/TinyNuke) | [supercharge](https://github.com/quantumcore/supercharge) | [maalik](https://github.com/quantumcore/maalik) |
| [claw](https://github.com/quantumcore/claw) | [Crypter](https://github.com/sithis993/Crypter) | [Reverse Engineering 101](https://malwareunicorn.org/workshops/re101.html#0) | [Cuckoo online Sandbox](https://cuckoosandbox.org/) ! |
| {% endtab %} | | | |
{% tab title="Vulnerability Scans" %}
| [Nessus](https://www.tenable.com/products/nessus) | [Scan4all from @hktalent](https://github.com/hktalent/scan4all) | [Androbugs Android Vulnerability Scanner](https://github.com/androbugs2/androbugs2) |
| ------------------------------------------------- | --------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| {% endtab %} | | |
| {% endtabs %} | | |