# Defensive
{% tabs %}
{% tab title="General" %}
| [Atlant Security Windows Hardening Scripts](https://github.com/atlantsecurity/windows-hardening-scripts) ! | [Awesome Forensics](https://cugu.github.io/awesome-forensics/) | [Awesome Threat Intelligence Repo](https://github.com/hslatman/awesome-threat-intelligence) | [Random Powershell Tasks from @adbertram](https://github.com/adbertram/Random-PowerShell-Work) |
| ---------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| [EyeHateMalwares](https://eyehatemalwares.com/) ! | [Pylirt](https://github.com/anil-yelken/pylirt) - Python IR toolkit for linux | [Steven Black host file](https://github.com/StevenBlack/hosts) | |
| {% endtab %} | | | |
{% tab title="Training" %}
**KQL Training**
{% endtab %}
{% tab title="Intel" %}
### Feeds, Trends, and Intel
* [Cyber Threat Intelligence Dashboard by infosecn1nja](https://start.me/p/wMrA5z/cyber-threat-intelligence) !
* [CVE Trends Crowdsourced CVE Intel](https://cvetrends.com/)
* [Abuse.ch Malware URL Exchange](https://urlhaus.abuse.ch/)
* [Phishing Army: Phishing URL Blocklist](https://phishing.army/)
* [Unified Hosts Blacklist: Host file for malicious URL Blocking, updated daily](https://github.com/Ultimate-Hosts-Blacklist/Ultimate.Hosts.Blacklist)
* [APT Index (National Security Cyber War Map)](https://embed.kumu.io/0b023bf1a971ba32510e86e8f1a38c38#apt-index)
{% endtab %}
{% tab title="DFIR" %}
| General | | |
| ------------------------------------------------------------------------------------------- | --------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- |
| [ADHD](https://www.blackhillsinfosec.com/projects/adhd/) | [Awesome Event IDs Repo](https://github.com/stuhli/awesome-event-ids) | [BinaryAlert](https://github.com/airbnb/binaryalert) |
| [BZAR](https://github.com/mitre-attack/bzar) | [CimSweep](https://github.com/PowerShellMafia/CimSweep) | [Cybersecurity IR Repo](https://github.com/paulveillard/cybersecurity-incident-response) |
| [DeepBlueCLI](https://github.com/sans-blue-team/DeepBlueCLI) | [DeTTECT](https://github.com/rabobank-cdc/DeTTECT) | [DFIR Diva](https://dfirdiva.com/) ! |
| [EQL Analytics Library](https://github.com/endgameinc/eqllib) | [Fast Incident Response](https://github.com/certsocietegenerale/FIR) | [GMER Windows Rootkit Scanner](http://www.gmer.net/#files) |
| [Google Rapid Response (GRR)](https://github.com/google/grr) | [Hollows Hunter](https://github.com/hasherezade/hollows_hunter) | [Loki](https://github.com/grafana/loki) |
| [Meerkat](https://github.com/TonyPhipps/Meerkat) | [Memoryze](https://fireeye.market/apps/211368) | [Monitor](https://fireeye.market/apps/211360) |
| [Oriana](https://github.com/mvelazc0/Oriana/) | [OSSEM](https://github.com/OTRF/OSSEM) | [Persistence Sniper from @last-byte](https://github.com/last-byte/PersistenceSniper) |
| [PiRogue Tool Suite (Mobile Device Forensics)](https://github.com/PiRogueToolSuite) | [PowerGRR](https://github.com/swisscom/PowerGRR) | [rkhunter Linux RootKit Scanner](https://salsa.debian.org/pkg-security-team/rkhunter) |
| [SANS Sift Workstation Forensic Tool](https://www.sans.org/tools/sift-workstation/) | [FTK Imager](https://www.exterro.com/forensic-toolkit) ! | [IoT Digital Forensics course](https://github.com/RJC497/IoT-Digital-Forensics-Course) (free) |
| [C2-Hunter](https://github.com/ZeroMemoryEx/C2-Hunter) - Real-time extraction of C2 traffic | | |
**File/email analysis and sandboxes**
| | | |
| ----------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | ------------------------------------------- |
| [MxToolbox](https://mxtoolbox.com/EmailHeaders.aspx) - Online email headerr analysis | [VirusTotlal](https://www.virustotal.com/gui/home/search) | [AnyRun](https://any.run/) - Online Sandbox |
| [Hybrid-Analysis ](https://www.hybrid-analysis.com/)- Online Sandbox | [Joe Sandbox](https://www.joesandbox.com/#windows) | [VMRay Sandbox](https://www.vmray.com/) |
| [Browserling](https://app.gitbook.com/s/iTTNU6nxIY2fbSYQhK15/group-1/engagement-contacts) - Browser Sandbox | | |
**M365 and Azure AD Incident Response**
| | | |
| ------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- |
| [Azure AD Investigator PowerShell module](https://github.com/AzureAD/Azure-AD-Incident-Response-PowerShell-Module) | [AzureAD Security Assessment](https://github.com/AzureAD/AzureADAssessment) | [Mandiant Azure AD Investigator](https://github.com/mandiant/Mandiant-Azure-AD-Investigator) |
| [CISA Sparrow](https://github.com/cisagov/Sparrow) | [CrowdStrike Reporting Tool for Azure (CRT)](https://github.com/CrowdStrike/CRT) | [Hawk](https://github.com/T0pCyber/hawk) |
| [AzureHound](https://github.com/BloodHoundAD/AzureHound) | [Office 365 Extractor](https://github.com/PwC-IR/Office-365-Extractor) | [Azure Sentinel Detections](https://github.com/Azure/Azure-Sentinel/tree/master/Detections) |
| {% endtab %} | | |
{% tab title="Malware" %}
**Malware Analysis Tools**
| [Qu1cksc0pe](https://github.com/CYB3RMX/Qu1cksc0pe) - All-in-one MA | | |
| ------------------------------------------------------------------- | - | - |
**Malware Analysis Sites**
| | | |
| ------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | --------------------------------------------------- |
| | [VirusTotal](https://www.virustotal.com/) | [Kasperky](https://opentip.kaspersky.com/) |
| [Intezer](https://analyze.intezer.com/) | [Cuckoo Sandbox](https://cuckoo.cert.ee/) | [Hybrid Analysis](https://www.hybrid-analysis.com/) |
| [Triage](https://tria.ge/) - Online VM | [Any.Run](https://app.any.run/) - Online VM | [Opswat](https://metadefender.opswat.com/) |
| [Filescan.io](https://www.filescan.io/) | [Unpac.me](https://www.unpac.me/) - Automated Unpacking Service | [Malware Bazaar](https://bazaar.abuse.ch/) |
**Malware Resources for Analysis/Reverse Engineering**
| USE | SANDBOXED | ENVIRONMENT | !!! |
| --------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Aoyama\_](https://github.com/Leeon123/Aoyama) | [Arbitrium-RAT\_](https://github.com/im-hanzou/Arbitrium-RAT) | [blackvision](https://github.com/quantumcore/blackvision) | [botnets](https://github.com/maestron/botnets) |
| [Deus x64 reverse engineering/binary exploitation wargames](https://deusx64.ai/) ! | [DDOS-RootSec](https://github.com/R00tS3c/DDOS-RootSec) | [Fsociety-ransomware-MrRobot](https://github.com/graniet/fsociety-ransomware-MrRobot) | [ghost](https://github.com/AHXR/ghost) |
| [HBot](https://github.com/Its-Vichy/HBot) | [Malware Collection Repo](https://github.com/Red-Laboratory/Malware-collection) ! | [Malware Repo from @gbrindisi](https://github.com/gbrindisi/malware) | [Malware Repo from @kaiserfarrell](https://github.com/kaiserfarrell/malware) |
| [MalwareDatabase](https://github.com/Endermanch/MalwareDatabase) | [Ransomware](https://github.com/im-hanzou/Ransomware) | [MalwareSourceCode](https://github.com/vxunderground/MalwareSourceCode) ! | [web-malware-collection\_](https://github.com/nikicat/web-malware-collection) |
| [javascript-malware-collection](https://github.com/HynekPetrak/javascript-malware-collection) | [Malware-samples Repo from @InQuest](https://github.com/InQuest/malware-samples) | [MalWAReX](https://github.com/0x48piraj/MalWAReX) | [Joas (@CybersecurityUP) Malware and Reverse Engineering Collection](https://github.com/CyberSecurityUP/Awesome-Malware-Analysis-Reverse-Engineering) ! |
| [paradoxiaRAT](https://github.com/quantumcore/paradoxiaRAT) | [malware-samples\_](https://github.com/fabrimagic72/malware-samples) | [BlackHAck](https://github.com/AngelSecurityTeam/BackHAck) | [Recreator-Backdoor\_](https://github.com/AngelSecurityTeam/Recreator-Backdoor) |
| [malware](https://github.com/RamadhanAmizudin/malware) | [TinyNuke](https://github.com/RamadhanAmizudin/TinyNuke) | [supercharge](https://github.com/quantumcore/supercharge) | [maalik](https://github.com/quantumcore/maalik) |
| [claw](https://github.com/quantumcore/claw) | [Crypter](https://github.com/sithis993/Crypter) | [Reverse Engineering 101](https://malwareunicorn.org/workshops/re101.html#0) | [Cuckoo online Sandbox](https://cuckoosandbox.org/) ! |
| {% endtab %} | | | |
{% tab title="Vulnerability Scans" %}
| [Nessus](https://www.tenable.com/products/nessus) | [Scan4all from @hktalent](https://github.com/hktalent/scan4all) | [Androbugs Android Vulnerability Scanner](https://github.com/androbugs2/androbugs2) |
| ------------------------------------------------- | --------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| {% endtab %} | | |
| {% endtabs %} | | |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://martian1337.gitbook.io/notes/resources/defensive-cybersecurity.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.