Defensive security resources for analysts, defenders & SOC teams

Detection & Hunting

Framework

MITRE ATT&CK

Globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

attack.mitre.org
Rules

Sigma HQ

Generic and open signature format that allows you to describe relevant log events in a straightforward manner.

sigmahq.io
Reference

LOLBAS

Living Off The Land Binaries, Scripts, and Libraries – document every binary, script, and library that can be used for LOLBin techniques.

lolbas-project.github.io
Tool

YARA

The pattern matching swiss knife for malware researchers. Create descriptions of malware families based on textual or binary patterns.

virustotal.github.io/yara

Threat Intelligence

Analysis

VirusTotal

Analyze suspicious files, domains, IPs, and URLs to detect malware and other threats using 70+ antivirus engines.

virustotal.com
Reputation

AbuseIPDB

Check if an IP address has been reported for abusive behaviour such as spamming, hacking attempts, or DDoS attacks.

abuseipdb.com
Scanner

URLScan

A sandbox for the web – submit and scan URLs to identify malicious content, phishing sites, and suspicious behaviour.

urlscan.io
Platform

AlienVault OTX

Open Threat Exchange – the world's largest open threat intelligence community enabling collaborative defenses.

otx.alienvault.com

Incident Response

Government

CISA

Cybersecurity and Infrastructure Security Agency – incident response guidance, advisories, and playbooks from the US government.

cisa.gov
Standard

NIST SP 800-61

Computer Security Incident Handling Guide – the definitive NIST framework for handling security incidents effectively.

nvlpubs.nist.gov
Platform

TheHive

A scalable, open-source Security Incident Response Platform designed to make life easier for SOC, CSIRT, and CERT teams.

thehive-project.org
Framework

Cyber Kill Chain

Lockheed Martin's Cyber Kill Chain framework identifies what adversaries must complete to achieve their objective.

lockheedmartin.com

Utilities

Tool

CyberChef

The Cyber Swiss Army Knife – a web app for encryption, encoding, compression, and data analysis by GCHQ.

gchq.github.io/CyberChef
Tool

Regex101

Build, test, and debug regular expressions with real-time explanation. Essential for crafting detection patterns.

regex101.com
Lookup

IPinfo

Accurate IP address data including geolocation, ASN, carrier, and abuse contact information for any IP address.

ipinfo.io
Breach

Have I Been Pwned

Check if email addresses or passwords have been exposed in known data breaches. Essential for credential hygiene checks.

haveibeenpwned.com