macostag/TH-AS.txt

## TH-AS.txt
MITRE ATT&CK
------------
MITRE ATT&CK® :
https://attack.mitre.org

Getting Started with ATT&CK: Detection and Analytics :
https://medium.com/mitre-attack/getting-started-with-attack-detection-a8e49e4960d0

Getting Started with ATT&CK: Adversary Emulation and Red Teaming :
https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3

Getting Started with ATT&CK: Threat Intelligence
https://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f


Adversary Simulation
----------------------
Adversary Simulation Becomes a Thing… :
https://blog.cobaltstrike.com/2014/11/12/adversary-simulation-becomes-a-thing/

Comparing open source adversary emulation platforms for red teams:
https://redcanary.com/blog/comparing-red-team-platforms/

Atomic Red Team:
https://github.com/redcanaryco/atomic-red-team
https://atomicredteam.io/use-cases


Cyber Analytics Repository
----------------------------
MITRE Cyber Analytics Repository
https://car.mitre.org/analytics/

EQL Analytics Library
https://eqllib.readthedocs.io/en/latest/index.html

The Threat Hunter Playbook
https://threathunterplaybook.com/introduction.html


Datasets
---------
BRAWL
https://github.com/mitre/brawl-public-game-001

Boss of the SOC (BOTS) Dataset Version 2
https://github.com/splunk/botsv2


Methodology
-----------
TaHiTI Threat Hunting Methodology
https://www.betaalvereniging.nl/en/safety/tahiti/


Windows Audit Policy
---------------------
Windows Audit Policy Recommendations :
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations

Command line process auditing :
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing

Greater Visibility Through PowerShell Logging :
https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

Windows Event Logging and Forwarding :
https://www.cyber.gov.au/sites/default/files/2019-10/PROTECT%20-%20Windows%20Event%20Logging%20and%20Forwarding%20%28April%202019%29.pdf

Using AutorunsToWinEventLog :
https://isc.sans.edu/forums/diary/Using+AutorunsToWinEventLog/23840/

sysmon-modular | A Sysmon configuration repository for everybody to customise :
https://github.com/olafhartong/sysmon-modular

sysmon-config | A Sysmon configuration file for everybody to fork :
https://github.com/SwiftOnSecurity/sysmon-config


ELK Setup
----------
Installing Elastic Stack :
https://documentation.wazuh.com/3.13/installation-guide/installing-elastic-stack/index.html

Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 5 :
https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html

Windows Event Logs and WinLogBeat :
https://www.youtube.com/watch?v=dRV4MshJCNw

ELK stack: Installation and shipping data :
https://medium.com/@ibrahim.ayadhi/elk-stack-installation-and-shipping-data-2b7c903d5a71


Tools & Analytics
-------------------
Detection Lab :
https://github.com/clong/DetectionLab

Directory of ATT&CK Open Source Tools :
https://www.attack-community.org/directory/

Sigma:
https://github.com/Neo23x0/sigma

invoke-atomicredteam:
https://github.com/redcanaryco/invoke-atomicredteam

Sysmon:
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
	MITRE ATT&CK
	------------
	MITRE ATT&CK® :
	https://attack.mitre.org

	Getting Started with ATT&CK: Detection and Analytics :
	https://medium.com/mitre-attack/getting-started-with-attack-detection-a8e49e4960d0

	Getting Started with ATT&CK: Adversary Emulation and Red Teaming :
	https://medium.com/mitre-attack/getting-started-with-attack-red-29f074ccf7e3

	Getting Started with ATT&CK: Threat Intelligence
	https://medium.com/mitre-attack/getting-started-with-attack-cti-4eb205be4b2f


	Adversary Simulation
	----------------------
	Adversary Simulation Becomes a Thing… :
	https://blog.cobaltstrike.com/2014/11/12/adversary-simulation-becomes-a-thing/

	Comparing open source adversary emulation platforms for red teams:
	https://redcanary.com/blog/comparing-red-team-platforms/

	Atomic Red Team:
	https://github.com/redcanaryco/atomic-red-team
	https://atomicredteam.io/use-cases


	Cyber Analytics Repository
	----------------------------
	MITRE Cyber Analytics Repository
	https://car.mitre.org/analytics/

	EQL Analytics Library
	https://eqllib.readthedocs.io/en/latest/index.html

	The Threat Hunter Playbook
	https://threathunterplaybook.com/introduction.html


	Datasets
	---------
	BRAWL
	https://github.com/mitre/brawl-public-game-001

	Boss of the SOC (BOTS) Dataset Version 2
	https://github.com/splunk/botsv2


	Methodology
	-----------
	TaHiTI Threat Hunting Methodology
	https://www.betaalvereniging.nl/en/safety/tahiti/


	Windows Audit Policy
	---------------------
	Windows Audit Policy Recommendations :
	https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations

	Command line process auditing :
	https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/command-line-process-auditing

	Greater Visibility Through PowerShell Logging :
	https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html

	Windows Event Logging and Forwarding :
	https://www.cyber.gov.au/sites/default/files/2019-10/PROTECT%20-%20Windows%20Event%20Logging%20and%20Forwarding%20%28April%202019%29.pdf

	Using AutorunsToWinEventLog :
	https://isc.sans.edu/forums/diary/Using+AutorunsToWinEventLog/23840/

	sysmon-modular \| A Sysmon configuration repository for everybody to customise :
	https://github.com/olafhartong/sysmon-modular

	sysmon-config \| A Sysmon configuration file for everybody to fork :
	https://github.com/SwiftOnSecurity/sysmon-config


	ELK Setup
	----------
	Installing Elastic Stack :
	https://documentation.wazuh.com/3.13/installation-guide/installing-elastic-stack/index.html

	Setting up a Pentesting... I mean, a Threat Hunting Lab - Part 5 :
	https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat_98.html

	Windows Event Logs and WinLogBeat :
	https://www.youtube.com/watch?v=dRV4MshJCNw

	ELK stack: Installation and shipping data :
	https://medium.com/@ibrahim.ayadhi/elk-stack-installation-and-shipping-data-2b7c903d5a71


	Tools & Analytics
	-------------------
	Detection Lab :
	https://github.com/clong/DetectionLab

	Directory of ATT&CK Open Source Tools :
	https://www.attack-community.org/directory/

	Sigma:
	https://github.com/Neo23x0/sigma

	invoke-atomicredteam:
	https://github.com/redcanaryco/invoke-atomicredteam

	Sysmon:
	https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon