Collect

PT

• BishopFox - SilverC2 Open Source
• BAAS
  • infection monkey
• Vulnerabillity check
  • OpenVAS
  • nmap with customize report
• Find how to create malicius browser extansion
• evasioning tehnics
• obfuscating technics
• BloouHound for AD and AAD AzureHound
• PurpleCloud
  • https://www.sans.org/blog/build-hack-defend-azure-identity/
• PowerVIew
  • https://www.varonis.com/blog/powerview-for-penetration-testing
  • https://book.hacktricks.xyz/windows-hardening/basic-powershell-for-pentesters/powerview
• PowerSpolit
  • https://powersploit.readthedocs.io/en/latest/
• OpenVAS
  • https://www.reddit.com/r/openvas/
  • https://www.youtube.com/watch?v=ZJcEWx9mlng&feature=youtu.be
  • https://www.youtube.com/watch?v=LGh2SetiKaY
  • https://greenbone.github.io/docs/latest/22.4/container/index.html
  • Mageni https://www.mageni.net/
• Azure Active Directory pentest enumartion to global admin
• OWASP ZAP
• Mageni https://www.mageni.net/
• Vuls https://vuls.io/

SOC

• SOAR
  • Shuffle / Shufller
  • IRIS DFIR
  • Catalyst - https://github.com/SecurityBrewery/catalyst
  • Siemplify / Chronicle Google
  • Awesome-SOAR List - A curated Cyber "Security Orchestration, Automation and Response (SOAR) Including framwerwork - https://github.com/correlatedsecurity/Awesome-SOAR#SOAR-Solutions
• SIEM
  • Wazuh
    • https://infosecwriteups.com/building-a-siem-combining-elk-wazuh-hids-and-elastalert-for-optimal-performance-f1706c2b73c6?gi=e9f4aa33e3f9
• https://github.com/archanchoudhury/SOC-OpenSource
• https://docs.logz.io/shipping/log-sources/azure-graph.html
• CTI
  • MISP
  • IntelOwl - https://intelowlproject.github.io/
• Threat Hunting
  • https://github.com/archanchoudhury/Threat-Hunting
• DFIR
  • https://github.com/archanchoudhury/DFIR-Tools
  • FIR https://github.com/certsocietegenerale/FIR/tree/master#what-is-fir-who-is-it-for
• Sandbox
  • Cuckoo
    • https://github.com/archanchoudhury/Cuckoo-Script
  • VirusTotal
  • Hybrid Analsis
  • AnyRUn
• Mitre
  • https://github.com/archanchoudhury/Cloud-MITRE-Mapping
• Sigma Rules
  • for log files
• Yara Rules
  • for files
• HELK
• Find how to get only new incidents / alerts from SentinelOne and what is the differnce between them
  • create last_start_dates.txt then create varible
  • tell the api to get the lgos only from the last date succeded
  • example https://docs.logz.io/shipping/log-sources/azure-graph.html
• Find how to get only new alerts from Azure / Office365 and what lgos should i recive
• SOC Fortress Taylor Walton - https://www.youtube.com/@taylorwalton_socfortress/featured
• Playbooks
  • Awesome Incident Response - A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams- https://github.com/meirwah/awesome-incident-response#playbooks
• Purple Team
  • Vectr - https://vectr.io/features/

Scripts

• creates scripts that check list of ips agianst abuseipdb db with api
• create script the create full report from jumpcloud with endpoint and assosicate appliactions
• create script that check forknown cve / vulnerabillites against softwae versions
• create ransomware script
• Build script that do security assessment to endpoints - softwares/ patches / misconfiguration / best practices / users / CVE's / Open Ports. - get example from qualasys and nessus and RAPID7 / Cynomi / WAZUH / Tanable.io / InsightVM / Defendify agents.

Softwares

• Open Source DNS filtering
• Cloudflare ZTNA
• GoPhish
• Atomic Red Team - https://github.com/redcanaryco/atomic-red-team
• JupyterNoteBooks
• DLP Open source
• SCA
• OpenSCAP - https://www.open-scap.org/getting-started/
• PingCastle for AzureAD
• Defendify
• OWASP ZAP
• BitWarden-Self Hosted

Audit

• SharePoint Audit
• Google Workspace Audit
• Google Drive Audit
  • https://support.google.com/a/answer/7491656?hl=en
  • https://docs.google.com/spreadsheets/d/1bYkNSqgN-0LKUBySXlvRog-q-aOgApDQsR6vYwb6OEU/edit#gid=984268061
  • https://support.google.com/a/answer/9211704?hl=en
• FortiGate Audit
• AzureAD Office365
  • https://blog.admindroid.com/office-365-offboarding-best-practices/
  • https://blog.admindroid.com/sharepoint-and-onedrive-integration-with-azure-ad-b2b/
  • https://blog.admindroid.com/sharepoint-online-dlp-explained-what-it-is-and-how-it-works/
• What is the differnce between: IT security audit, security audit, security assessment, GAR ,GRC, risk asessment, SOA.
• CIS Benchmark
  • All
  • Cis V8 Controls
• CISA
  • SCuBA - https://www.cisa.gov/resources-tools/services/secure-cloud-business-applications-scuba-project
• NIST
  • CSF
  • ns 800 and others
• ISO27001
• nice framework - https://niccs.cisa.gov/workforce-development/nice-framework-mapping-tool?utm_source=CPF-Coaching&utm_campaign=7dd3f9fe70-EMAIL_CAMPAIGN_2022_11_11_08_35&utm_medium=email&utm_term=0_e9c8b8ed55-7dd3f9fe70-577349565

Self Development

Productivity

• Check Microsoft lists with automation and claneder
• check microft planner again
• check telegram to obisidan
• check telegram bot

Make Money

Courses & Learn

• TCM
• ISO27001
• PT israel
• Google Certificate
• NSE4
• Letsdefend
• QUalysys
• Get Rich - Project X - אימון יומי עם רוברט
• Social ensnaring
  • 001 israeli course
  • 001 israeli book
  • human hacing book that i have
• Try Hack Me
  • OpenVAS
    WAZUH
• Hack The Box
  • OpenVAS
  • WAZUH
• OSCP
• CISSP
• GRC
• General
  • Google CyberSecurity - https://www.youtube.com/watch?v=_DVVNOGYtmU&list=PLTZYG7bZ1u6ocTMdhDwwmfjaNv134KcWn

Linkedin Posts

• Hardening / security nuggets ( from CIS benchmark or something ) with pictures
  • AzureAD / AD / Office365 / Intune
  • FortiGate
  • Google Worksapce
  • OS - Windows Workstations and Servers / MacOS / Linux Workstations and Severs
• FortiGate NSE4
• Browser Hardening
• Good resource
  • Ayse Sezer - https://www.linkedin.com/in/ayse--sezer/recent-activity/all/

General

• https://infosecwriteups.com/
• https://www.houseofhackers.xyz/
• https://securityshenanigans.medium.com/

Reddit

• https://www.reddit.com/r/msp/
• https://www.reddit.com/r/sysadmin/