At the moment, this page is just a dump of information that is being worked on…

These links are to external sites – I cannot guarantee the accuracy of the information they provide as these are not controlled by me, I also cannot guarantee the uptime or the content – if these break or provide inappropriate content then I will remove links as soon as I become aware of them. They have been provided as I have found them useful in the past.

Tools:

Ultimate IT Security: Useful for looking up event ID’s to identify how to interpret the information provided. This link is looking at event ID 4719 “System audit policy was changed“.

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4719

Microsoft Websites:

Microsoft Update Catalogue

https://www.catalog.update.microsoft.com/

Microsoft recommended security audit policy settings

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn452420(v=ws.11)

https://sdmsoftware.com/powershell/find-group-policy-gpo-setting-conflicts-using-powershell/

Microsoft Security Guidance:

Security Documentation Main Site – https://aka.ms/securitydocs

Best Practice Documentation and Videos – https://docs.microsoft.com/en-us/security/compass/microsoft-security-compass-introduction

Microsoft Technet

CloudApp.net – Eventopedia – an encyclopedia of events.

http://eventopedia.cloudapp.net/EventDetails.aspx?id=75f352c9-e139-429a-9e3d-d99e1e5b38aa (Event ID Wikipedia)

IANA – the internet assigned numbers authority – DNS allocation on a global scale.

https://www.iana.org/domains/root/servers

An A-Z of commands that are used in the Windows Command Line. Really useful to explain commands.

https://ss64.com/nt/

A variety of online checks – lots of useful tools.

https://centralops.net/

Microsoft error code lookup tool (Not a Microsoft website though).

https://login.microsoftonline.com/error

Wikipedia list of country codes.

https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes

Founded in 1997, the Center for Applied Internet Data Analysis (CAIDA) conducts network research and builds research infrastructure to support large-scale data collection, curation, and data distribution to the scientific research community. CAIDA is based at the San Diego Supercomputer Center, located on the UC San Diego campus in La Jolla, CA.

https://www.caida.org/tools/taxonomy/anonymization.xml

Regex creation sites

https://www.rexegg.com/regex-quickstart.html

https://regex101.com/

Open Source Intelligence:

USA National Security Agency

https://www.nsa.gov/

Domain Lookup tools

http://whois.domaintools.com/

Google DIG

https://toolbox.googleapps.com/apps/dig/#A/

Open Threat Exchange from Alienvault

https://otx.alienvault.com/

Online sandbox for software analysis – do not submit information you don’t want to be public.

https://www.hybrid-analysis.com/

Online sandbox for checking websites

https://www.browserling.com/#

Online reputational website from Talos

https://talosintelligence.com/reputation_center/

Martin Rothe – Canary Tokens, O365 risky rules, Honeypot analysis, also Rachel Rothe’s mental health blog

https://rothe.uk/ip.html

Emerging threats Suricata / Snort rules

https://doc.emergingthreats.net/

Open source intel framework mind mapping – mainly aimed at USA

https://osintframework.com/

Spam email block list for domains

https://www.spamhaus.org/

Geo-IP lookup facility using database services

https://www.maxmind.com/en/home

Large collection of breached information, searchable

https://haveibeenpwned.com/PwnedWebsites

Twitter resources:

Incident Response Reference guide (Make your own assessment as to the legality and validity of the information)

https://aka.ms/IRRG

Guide for Cybersecurity Event Recovery – NIST 800-184 (Dec 2016)

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf

Cybersecurity Training (CISO Workshop)  

https://aka.ms/CISOWorkshop

Azure Sentinel:

Microsoft’s Cloud Native SIEM and SOAR capability

Azure Sentinel Documentation 

https://docs.microsoft.com/en-us/azure/sentinel/

Project VAST dashboard – Discover old insecure protocols creating risk 

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-insecure-protocols-workbook-implementation-guide/ba-p/1197564

Joesandbox – Automated online malware sandbox

https://www.joesandbox.com/

Shodan for finding exposed ports and / or services

https://Shodan.io

Tryhackme – cyber security training in virtual environment

https://tryhackme.com/

hackthebox – cyber security training in virtual environment

https://www.hackthebox.com/

Youtube – but do your own research; make sure that you are not getting dodgy information from someone who *thinks* they know, but actually doesn’t.

https://youtube.com

Google.com

www.girlgerms.com

And then there’s the websites for the various manufacturers; think cisco, netgear, watchguard, greylog, etc etc, name your flavour of software / hardware here

Mitre’s Att&ck Navigator (to use in conjunction with the frameworks)

Attack Framework

https://attack.mitre.org/

Mitre Defend

https://d3fend.mitre.org/

Cyberchef from UK NCSC

Pentesterlab

Cybrary – for a lot of free training (I have been told that this has changed to include lots of paid for training since I was last on)

https://www.cybrary.it

Dragos

Mandiant

https://any.run/ – Not sure if this is still available

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/

https://us-cert.cisa.gov/ics/advisories

Virustotal – but not for confidential data

RITA (from BHIS)

Google Dig – gives a variety of information on websites, DNS, MX records and similar.

https://toolbox.googleapps.com/apps/dig/

Lots of useful Azure Sentinel KQL resources

https://github.com/reprise99/Sentinel-Queries