I will use this post to save my bookmarks and a couple of handy cheat-sheets, as well as to showcase 3rd party plugins I love to use throughout my daily work.
I will come back to this post and refresh and enrich some of the materials as I learn more and more:
Volatility wiki:
https://github.com/volatilityfoundation/volatility/wiki
https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
Volatility cheatsheets:
I will come back to this post and refresh and enrich some of the materials as I learn more and more:
Volatility wiki:
https://github.com/volatilityfoundation/volatility/wiki
https://github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
Volatility cheatsheets:
https://downloads.volatilityfoundation.org/releases/2.4/CheatSheet_v2.4.pdf
https://digital-forensics.sans.org/media/memory-forensics-cheat-sheet.pdf
Vol.py plugins:
https://github.com/volatilityfoundation/community/tree/master/DimaPshoul
https://github.com/superponible/volatility-plugins
https://github.com/csababarta/volatility_plugins
https://github.com/fireeye/Volatility-Plugins
https://github.com/monnappa22/HollowFind
https://github.com/fdivrp/findevil
YARA signatures:
https://github.com/Neo23x0/signature-base
https://github.com/Yara-Rules/rules
YARA cheatsheet:
https://gist.github.com/fdivrp/eeabc765e9befad9b80a
Meterpreter killAV list:
https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/killav.rb
Meterpreter checkVM list:
https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/checkvm.rb
Upgrading simple shell to tty:
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys
Awesome lists:
https://github.com/rshipp/awesome-malware-analysis
https://github.com/caesar0301/awesome-pcaptools
https://github.com/jivoi/awesome-osint
https://github.com/hslatman/awesome-threat-intelligence
https://github.com/sroberts/awesome-iocs
https://github.com/InQuest/awesome-yara
LOLBAS:
https://github.com/api0cradle/LOLBAS
APTNotes:
https://github.com/aptnotes/tools
https://github.com/aptnotes/data
RegEx:
https://regexr.com
https://regex101.com
https://regexcrossword.com
File magic bytes:
http://www.garykessler.net/library/file_sigs.html
CVE:
https://cve.mitre.org/cve
https://www.cvedetails.com
https://nvd.nist.gov/vuln/search
Online encoders/decoders/validators:
https://ostermiller.org/calc/encode.html
https://www.danstools.com
http://ddecode.com/phpdecoder
https://jsfiddle.net
https://meyerweb.com/eric/tools/dencoder
http://jsbeautifier.org
https://codebeautify.org
https://jsonlint.com
https://gchq.github.io/CyberChef
https://digital-forensics.sans.org/media/memory-forensics-cheat-sheet.pdf
Vol.py plugins:
https://github.com/volatilityfoundation/community/tree/master/DimaPshoul
https://github.com/superponible/volatility-plugins
https://github.com/csababarta/volatility_plugins
https://github.com/fireeye/Volatility-Plugins
https://github.com/monnappa22/HollowFind
https://github.com/fdivrp/findevil
YARA signatures:
https://github.com/Neo23x0/signature-base
https://github.com/Yara-Rules/rules
YARA cheatsheet:
https://gist.github.com/fdivrp/eeabc765e9befad9b80a
Meterpreter killAV list:
https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/killav.rb
Meterpreter checkVM list:
https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/checkvm.rb
Upgrading simple shell to tty:
https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys
Awesome lists:
https://github.com/rshipp/awesome-malware-analysis
https://github.com/caesar0301/awesome-pcaptools
https://github.com/jivoi/awesome-osint
https://github.com/hslatman/awesome-threat-intelligence
https://github.com/sroberts/awesome-iocs
https://github.com/InQuest/awesome-yara
LOLBAS:
https://github.com/api0cradle/LOLBAS
APTNotes:
https://github.com/aptnotes/tools
https://github.com/aptnotes/data
RegEx:
https://regexr.com
https://regex101.com
https://regexcrossword.com
File magic bytes:
http://www.garykessler.net/library/file_sigs.html
CVE:
https://cve.mitre.org/cve
https://www.cvedetails.com
https://nvd.nist.gov/vuln/search
Online encoders/decoders/validators:
https://ostermiller.org/calc/encode.html
https://www.danstools.com
http://ddecode.com/phpdecoder
https://jsfiddle.net
https://meyerweb.com/eric/tools/dencoder
http://jsbeautifier.org
https://codebeautify.org
https://jsonlint.com
https://gchq.github.io/CyberChef
Comments
Post a Comment