Security Links

This repository should contain links related to information security resources.

Tags	Link
[Attack][AD]	improsec.com Attack Trusted Domain
[Attack][AD]	Orange-Cyberdefense/arsenal Orange-Cyberdefense/arsenal Pentest AD Mindmap Orange-Cyberdefense/arsenal Pentest Exchange Mindmap
[Attack][AD]	ShutdownRepo/The-Hacker-Recipes
[Attack][AD]	pentestlab.blog Introduction Golden Certificate
[Attack][AD]	zer1t0.gitlab.io Attack AD
[Attack][AD]	gtworek/Priv2Admin PE scmanager
[Attack][AD]	Tweet @4ndr3w6S NetSync Domain Controllers
[Attack][AD] [Attack][AD][Tool]	www.wietzebeukema.nl Windows Command Line Obfuscation wietze/windows-command-line-obfuscation
[Attack][AD][Tool]	lkarlslund/ldapnomnom
[Attack][Azure]	NetSPI/MicroBurst
[Attack][Azure]	mandiant/Azure_Workshop mandiant/Azure_Workshop Setup Video
[Attack][Azure]	rootsecdev/Azure-Red-Team
[Attack][Azure]	posts.specterops.io Abuse Azure Container Registry Tasks
[Attack][Azure]	cloudbrothers.info Azure Dominance Paths
[Attack][Azure]	misconfig.io Attack Azure Storage
[Attack][Entra ID]	o365blog.com Faking Device Compliance
[Attack][Kubernetes][Tool]	KubeHound
[Attack][Microsoft 365][Tool]	nheiniger/SnaffPoint
[Attack][Tool]	optiv/Freeze
[Attack][Tool]	D1rkMtr/VirusTotalC2
[Attack][Collection]	swisskyrepo.github.io PayloadsAllTheThingsWeb
[Attack][Collection]	Flangvik/SharpCollection
[Attack][Collection][Simulation]	gtworek/psbits
[Attack][Collection]	0x4143/malware-gems
[Attack][Defense][Collection]	https://start.me/p/OmOrJb/threat-hunting
[Defense][AD]	www.jpcert.or.jp Detecting Lateral Movement
[Defense][AD]	@PyroTek3 Tweet AD Defense
[Defense][AD]	@_wald0 Tweet AD Defense Kerberoasting
[Defense][AD]	trimarcsecurity.com AD Security Review
[Defense][AD]	@NathanMcNulty Tweet Code Integrity Guard
[Defense][AD]	learn.microsoft.com Monitoring Active Directory for Signs of Compromise
[Defense][AD][RDP][Defender for Identity]	Defend against RDP attempts
[Defense][Azure]	microsoft.github.io/Azure-Threat-Research-Matrix
[Defense][Azure]	inversecos.com Attack Matrix Microsoft 365
[Defense][Azure]	misconfig.io Azure Misconfiguration Risks
[Defense][Collection]	mthcht/awesome-lists
[Defense][Detection]	mitre-attack/car
[Defense][Detection]	www.lares.com Lateral Movement
[Defense][Detection]	OTRF/ThreatHunter-Playbook
[Defense][Detection]	OTRF/Security-Datasets
[Defense][Detection]	Azure/Cloud-Katana
[Defense][Detection]	lots-project.com Legitimate domains used by attackers
[Defense][Detection]	filesec.io File extensions used by attackers
[Defense][Detection][Collection]	elastic/protections-artifacts
[Defense][DF][Entra ID][MFA]	Tweet @malmoeb
[Defense][DF][Azure][Tool]	darkquasar/AzureHunter
[Defense][DF][Defender for Endpoint]	Tweet @SecurityAura
[Defense][DF][Email]	digitalinvestigator.blogspot.com Email Forensic Analysis
[Defense][DF][File]	zeltser.com Cheat Sheet Analysis malicious documents zeltser.com Cheat Sheet Analysis malicious software
[Defense][DF][File][Tool]	app.threat.zone/scan
[Defense][DF]	misconfig.io Azure DFIR VM
[Defense][Entra ID]	Cloud-Architekt/AzureAD-Attack-Defense
[Defense][Entra ID]	jeffreyappel.nl Azure AD attacks
[Defense][Entra ID][Simulation]	Azure/SimuLand
[Defense][Entra ID]	AzureAD/AzureADAssessment
[Defense][Entra ID]	mandiant/Mandiant-Azure-AD-Investigator
[Defense][Entra ID]	@_wald0 Tweet Azure Tiered Administration
[Defense][IR][AD]	www.pwndefend.com Post Compromise AD Checklist
[Defense][IR][AD]	@Purp1eW0lf Tweet Incident Responde Cobalt Strike
[Defense][IR][Azure]	misconfig.io Azure AD Incident Response life cycle
[Defense][IR][Entra ID]	AzureAD/Azure-AD-Incident-Response-PowerShell-Module reprise99/kql-for-dfir Guide
[Defense][Linux]	Tweet @CraigHRowland Linux Defense Tweet @CraigHRowland IP Address Obfuscation
[Defense][Phishing][Tool]	emptydc.com Pink Thumb for normal users
[Defense][Simulation][Tool]	clong/detectionlab
[Defense][Simulation][Tool]	redcanaryco/atomic-red-team
[Defense][Tool]	pwnedkeys.com Search Compromised Keys
[Defense][Tool]	danielbohannon/Revoke-Obfuscation
[Defense][Tool]	olafhartong/sysmon-modular
[Defense][Tool]	canarytokens.org Sensitive CMD token
[Defense][Tool]	log2timeline/plaso
[OSINT][Collection]	cipher387/osint_stuff_tool_collection
[OSINT][Collection]	Tweet @danielmakelley Links OSINT
[OSINT][Collection]	https://start.me/p/rxekAP/osint-research
[AD]	learn.microsoft.com AD Schema learn.microsoft.com AD Schema Extended Rights learn.microsoft.com Control Access Rights learn.microsoft.com Best Practices for Securing AD
[AD]	renenyffenegger.ch Brief notes about SID
[AD]	selfadsi.org selfadsi.org AD Security Descriptors
[AD]	system32.eventsentry.com Lookup Windows Event IDs
[AD]	ultimatewindowssecurity.com Lookup Windows Event IDs
[AD]	mdecrevoisier/Microsoft-eventlog-mindmap
[AD][Authentication]	www.tarlogic.com Introduction Kerberos Delegation
[AD][Authentication]	Collection of posts about Windows Authentication The Importance of Elevating Privilege learn.microsoft.com Azure AD Seamless Single Sign-On
[AD][LDAP]	Tweet @simondotsh LDAP Query nested groups
[AD][RDP]	frsecure.com RDP Event IDs
[Azure]	azurecharts.com Azure Availability
[Containers]	Tweet @iximiuz Containers explanation
[Entra ID]	cloudbrothers.info Conditional Access authentication strengh
[Entra ID]	microsoft/ConditionalAccessforZeroTrustResources
[Entra ID]	Password Reset Role Matrix
[Entra ID][Authentication]	LookUp Microsoft SignInLogs Error Codes (ResultType) acalarch/azure-signinlog-results
[Entra ID][Authentication]	Tweet @reprise_99 Entra ID Tokens
[Entra ID][Device]	@NathanMcNulty Tweet Azure Device Cleanup
[Entra ID][Permission]	graphpermissions.merill.net Microsoft Graph Permission Explorer (Old permissions may appear if written in the URI)
[Entra ID][Permission]	MicrosoftDocs/memdocs Intune Graph API
[Entra ID][Permission]	microsoftgraph/microsoft-graph-devx-content
[Entra ID][Permission]	easimon/azure-builtin-roles
[Entra ID][Permission]	Cloud-Architekt/AzurePrivilegedIAM
[Entra ID][Tool]	Gerenios/AADInternals
[Entra ID][Tool]	jsa2/caOptics Conditional Access analyzer
[Entra ID][Tool]	aadinternals.com/osint/ Azure AD tenant information
[Entra ID][Tool]	JulianHayward/AzADServicePrincipalInsights
[Entra ID][Tool]	dirkjanm/ROADtools
[Entra ID][Tool]	@merill idPowerToys
[Microsoft][Collection]	msportals.io Microsoft Portals
[Microsoft 365][Tool]	Microsoft 365 Configuration as Code
[Microsoft 365][Tool]	msshells.net Partial list of PowerShell modules for Microsoft 365 and Azure
[Microsoft Security]	learn.microsoft.com Microsoft Cybersecurity Reference Architectures
[Microsoft Security]	Microsoft Zero Trust Workshop
[Microsoft Security][Collection]	https://mattsoseman.wordpress.com Microsoft Security News
[Blog][Attack]	mrd0x.com
[Blog][Attack][AD]	hackndo.com
[Blog][Defense]	inversecos.com
[Blog][Defense]	misconfig.io
[Blog][AD]	adsecurity.org
[Blog][AD][Entra ID][Authentication]	Microsoft Developer Steve Syfuhs
[Blog][Microsoft 365]	office365itpros.com
[Blog][Microsoft Security]	o365blog.com aadinternals.com
[Blog][Microsoft Security]	azurecloudai.blog
[Blog][Microsoft Security]	m365internals.com
[Blog][Microsoft Security]	cloudbrothers.info
[Tool]	ciphey/ciphey
[Tool]	bee-san/pyWhat
[Tool]	HashPals/Search-That-Hash