L0n9w4y

如切如磋，如琢如磨...

0x01 Red Team

1. Blog

• https://www.mandiant.com/resources/blog
• https://bluescreenofjeff.com/
• https://www.hackingarticles.in/
• https://adsecurity.org/
• https://pentestlab.blog/
• http://www.fuzzysecurity.com/
• https://blog.nviso.eu/
• http://www.vxjump.net
• https://3gstudent.github.io/
• https://evi1cg.me/
• https://payloads.online/

2. Series

• https://www.ired.team/
• https://dmcxblue.gitbook.io/red-team-notes/
• https://www.redteam101.tech/
• https://cheatsheet.haax.fr/
• https://www.thehacker.recipes/
• https://notes.vulndev.io/notes/
• https://book.hacktricks.xyz/
• https://websec.ca/kb/sql_injection
• https://websec.ca/kb/sql_injection
• https://cheatsheet.haax.fr/resources/
• https://wooyun.kieran.top/#!/
• https://micro8.gitbook.io/micro8/
• https://github.com/neargle/my-re0-k8s-security
• https://www.heresecurity.wiki/about/readme

3. Weapon

• https://blog.cobaltstrike.com/
• https://wbglil.gitbook.io/cobalt-strike/
• https://www.offensive-security.com/metasploit-unleashed/
• https://github.com/zer0yu/Awesome-CobaltStrike
• https://github.com/infosecn1nja/Red-Teaming-Toolkit
• https://osint-labs.org/apt/
• https://gitee.com/l0n9/sec-tools
• https://attack.mitre.org/software/

4. Framework

• https://attack.mitre.org/
• https://capec.mitre.org/
• https://github.com/mitre/caldera/
• https://github.com/mitre/cti
• https://github.com/mitre/advmlthreatmatrix
• https://github.com/redcanaryco/atomic-red-team

5. Navi

• https://infocon.org/
• https://osint-labs.org/apt/
• https://github.com/yeyintminthuhtut/Awesome-Red-Teaming/

6. Magazine

• http://www.phrack.org/

0x02 Threat Detection

1. Labs

• https://blog.talosintelligence.com/
• https://unit42.paloaltonetworks.com/
• https://www.fireeye.com/blog/threat-research.html
• https://blog.trendmicro.com/
• https://securelist.com/
• https://fortiguard.com/
• https://securityintelligence.com/category/x-force/
• https://research.checkpoint.com/
• https://www.mcafee.com/blogs/other-blogs/mcafee-labs/
• https://blog.netlab.360.com/

2. Blog

• https://www.aquasec.com/
• https://falco.org/
• https://thedfirreport.com/
• https://labs.f-secure.com/blog/
• https://newtonpaul.com/posts-archive/
• https://blogs.cisco.com/tag/threat-detection
• https://research.checkpoint.com/category/threat-research/
• https://blogs.juniper.net/threat-research
• https://www.paloaltonetworks.com/blog/category/threat-research/
• https://www.securonix.com/blog/
• https://www.mcafee.com/blogs/tag/advanced-threat-research/
• https://www.darkreading.com/threat-intelligence
• https://www.kaspersky.co.in/blog/tag/threat-intelligence/
• https://securityintelligence.com/category/x-force/
• https://www.recordedfuture.com/blog/
• https://www.fortinet.com/blog/threat-research
• https://www.cnxct.com/
• https://www.cnblogs.com/LittleHann/
• https://elkeid.bytedance.com/

3. Open Source

a. HIDS

• https://github.com/osquery/osquery
• https://github.com/bytedance/Elkeid
• https://github.com/splunk/security_content
• https://github.com/ehids/ecapture
• https://github.com/wazuh/wazuh
• https://github.com/ossec/ossec-hids
• https://github.com/mandiant/capa
• https://github.com/Velocidex/velociraptor
• https://github.com/draios/sysdig
• https://github.com/slackhq/go-audit
• https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
• https://github.com/MHaggis/sysmon-dfir
• https://github.com/SwiftOnSecurity/sysmon-config
• https://github.com/olafhartong/sysmon-modular
• https://github.com/danielbohannon/Revoke-Obfuscation

b. NIDS

• https://github.com/OISF/suricata
• https://github.com/zeek/zeek
• https://github.com/arkime/arkime
• https://github.com/snort3/snort3
• https://github.com/ntop/ntopng
• https://github.com/cisco/joy
• https://github.com/dreadl0ck/netcap
• https://github.com/mitre-attack/bzar

c. WAF/RASP

• https://github.com/SpiderLabs/ModSecurity
• https://github.com/loveshell/ngx_lua_waf
• https://github.com/baidu/openrasp
• https://github.com/alibaba/jvm-sandbox
• https://github.com/jvm-rasp/jrasp-agent
• https://github.com/bytedance/Elkeid/tree/main/rasp

d. Honeypot

• https://ipot.sec-wiki.com/
• https://github.com/pwnlandia/mhn
• https://github.com/telekom-security/tpotce
• https://github.com/DinoTools/dionaea
• https://github.com/hacklcx/HFish
• https://github.com/cowrie/cowrie
• https://github.com/desaster/kippo

4. Techniques

• https://ebpf.io/
• https://docs.cilium.io/en/latest/bpf/
• https://www.kernel.org/doc/html/latest/bpf/index.html
• https://www.cnxct.com/archives/
• https://github.com/iovisor/bpftrace
• https://github.com/iovisor/bcc
• https://linux-audit.com/
• https://github.com/elastic/go-libaudit
• https://github.com/shirou/gopsutil/
• https://filippo.io/linux-syscall-table/
• http://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/
• https://github.com/bfuzzy/auditd-attack

5. Misc

• https://github.com/0x4D31/awesome-threat-detection/tree/master/docs
• https://threathunterplaybook.com/introduction.html
• https://github.com/0x4D31/deception-as-detection
• https://github.com/rabobank-cdc/DeTTECT
• https://github.com/OTRF/Security-Datasets
• https://car.mitre.org/

0x03 Vulnerability Research

1. Database

• https://cn.0day.today/
• https://packetstormsecurity.com/files/tags/exploit/
• https://www.openwall.com/lists/
• https://www.securityfocus.com/
• https://www.greyhathacker.net/
• https://msrc-blog.microsoft.com/
• https://sploitus.com/

2. Wiki

• https://github.com/phith0n/JavaThings

3. Exploits

• https://github.com/swisskyrepo/PayloadsAllTheThings
• https://www.exploit-db.com/

4. POCs

• https://github.com/jweny/pocassist/tree/master/poc/scripts
• https://github.com/chaitin/xray/tree/master/pocs
• https://github.com/luck-ying/Library-POC

5. Weapon

• https://portswigger.net/burp
• https://builtwith.com/
• https://github.com/RetireJS/retire.js/
• https://github.com/OJ/gobuster
• https://xsshunter.com/
• https://github.com/Varbaek/xsser
• http://sqlmap.org/
• https://github.com/youngyangyang04/NoSQLAttack
• https://github.com/codingo/NoSQLMap
• https://github.com/frohoff/ysoserial
• https://github.com/NickstaDB/SerializationDumper
• https://github.com/mbechler/marshalsec
• https://github.com/JackOfMostTrades/gadgetinspector
• https://github.com/epinna/tplmap
• https://github.com/swisskyrepo/SSRFmap
• https://github.com/luisfontes19/xxexploiter
• https://github.com/enjoiz/XXEinjector
• https://github.com/D35m0nd142/LFISuite
• https://github.com/commixproject/commix
• https://github.com/Lucifer1993/struts-scan
• https://github.com/sv3nbeast/ShiroScan
• https://github.com/wyzxxz/fastjson_rce_tool
• https://github.com/veracode-research/rogue-jndi
• https://github.com/brendan-rius/c-jwt-cracker
• https://github.com/mitmproxy/mitmproxy
• https://github.com/bettercap/bettercap
• https://github.com/OffensivePython/Saddam

6. Detection

a. Web

• https://github.com/chaitin/xray
• https://www.acunetix.com/
• https://github.com/Arachni/arachni

b. Server

• https://github.com/zhzyker/vulmap
• https://github.com/w-digital-scanner/w9scan
• https://github.com/ysrc/xunfeng
• https://github.com/WyAtu/Perun
• https://github.com/knownsec/pocsuite3
• https://github.com/lz520520/railgun
• https://github.com/opensec-cn/kunpeng
• https://github.com/DSO-Lab/pocscan
• https://github.com/k8gege/Ladon
• https://github.com/shadow1ng/fscan
• https://github.com/Xyntax/POC-T

c. Asset

• https://github.com/TophantTechnology/ARL

d. SCA

• https://github.com/github/codeql
• https://github.com/archerysec/archerysec
• https://security.snyk.io/
• https://github.com/murphysecurity/murphysec

e. finger

• https://github.com/Adminisme/ServerScan
• https://github.com/zhzyker/dismap#-rulelab
• https://github.com/TideSec/TideFinger
• https://github.com/lcvvvv/kscan
• https://github.com/EdgeSecurityTeam/EHole

f. Misc

• https://github.com/We5ter/Scanners-Box
• https://chaos.projectdiscovery.io/#/

0x04 DFIR

1. Blog

• https://blog.malwarebytes.com/
• https://www.malwaretech.com
• http://www.rootkitanalytics.com/
• https://www.kernelmode.info/forum/
• https://labs.bitdefender.com/
• https://malshare.com/
• http://www.vxjump.net/index.htm
• https://www.hex-rays.com/blog/
• https://reverse.put.as/
• http://www.fuzzysecurity.com/index.html
• https://blog.quarkslab.com/index.html
• https://www.pediy.com/kssd/index.html
• https://beginners.re/RE4B-CN-partial/html/RE4B-CN-partial.html
• http://blog.k3170makan.com/

2. Projects

• https://github.com/ytisf/theZoo/
• https://cuckoosandbox.org/
• https://github.com/Tencent/HaboMalHunter/
• https://github.com/volatilityfoundation/volatility/

3. Misc

• https://www.jaiminton.com/cheatsheet/DFIR/#
• https://github.com/decalage2/awesome-security-hardening/
• https://github.com/meirwah/awesome-incident-response/blob/master/README_ch.md
• https://github.com/fabacab/awesome-cybersecurity-blueteam/
• https://github.com/alphaSeclab/awesome-forensics/

0x05 AISec

• OWASP TOP 10 - LLM

• Awesome GPTs (Agents) for Cybersecurity

• Awesome LLM-Safety

0x06 CloudSec

• https://github.com/teamssix/awesome-cloud-security

• https://github.com/YDCloudSecurity/cloud-security-guides