Cybersecurity Resources

Frameworks

NIST Cybersecurity Framework provides the standards, best practices and to manage cybersecurity risk.

UCF – Unified Compliance Framework provides a number of products which provide search, research, and defines relationships between regulatory controls. The Common Controls Hub allows for the scoping, defining, and customization of compliance requirements. The UCF also provides a STIG Viewer (Standard Technical Implementation Guide) to quickly search configuration guidance created by the US Department of Defense.


Organizations

Cloud Security Alliance.org is an organization which provides awareness, best practices and research information to help ensure secure cloud computing environments.

ISACA.org provides Credentialing, Education and Training, and Community resources for a wide range of IT Audit, Risk, Security & Governance. Annual Membership is required.

Infragard.org is a member based program which provides collaboration and information sharing between private-sector/government partnerships to collectively address threats to critical infrastructure.

OWASP.org – Open Web Application Security Project Foundation is a nonprofit foundation that works to provide the security in software. The OWASP Top 10 is one of the most know projects from the foundation. The Top 10 Web Application Security Risks is the industry standard for a starting point to secure coding. Other OWASP projects include mobile and web security testing guides, Dependency-Track to produce a software bill of materials, and the Zed Attack https://owasp.org/www-project-web-security-testing-guide/Proxy (ZAP) free, open-source penetration testing tool. The OWASP Foundation website is crucial resource in any cybersecurity tool bet. Follow them on Twitter @owasp_wstg.

CIS -Center for Internet Security is a nonprofit providing a variety of solutions to secure the ever-changing connected world. CIS is well known for their CIS Controls which prioritize actions to protect organization data from known cyber-attack vectors. CIS Benchmarks provide vendor-neutral secure configuration guidelines to safeguard systems against evolving cyber threats. The CIS SecureSuite requires a paid membership but includes CIS-CAT Pro Assessor, Dashboard, CIS Workbench, and the ability to generate GPO and Linux configuration scripts. Additionally, CIS Hardened Images are available for pay-per-use and are readily available on the majority of cloud provider platforms.


Government Cyber Sites

CISA – Cybersecurity & Infrastructure Security Agency is the United States government site which is the nation’s risk advisor. The site provides extensive directives & guidance, alerts, and information sharing. Alert subscription is available via email on their site. Email alerts can be subscribed to on their Mailing List and Feeds page as well as follow on Twitter @USCERT_gov.

ACSC – Australian Cyber Security Centre provides advice and information on how to protect individuals and businesses online as well as provide foreign signals intelligence.

Department of Defense Cyber Exchange is the public site providing Security Technical Implementation Guides (STIGs). The STIGs Document Library contains numerous detailed guides which can be downloaded for many of today’s popular systems and devices. The UCF STIG Viewer provides an easier search mechanism to search for STIGs.


Links to Boost Your Little Grey Cells

MITRE | ATT&CK provides a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK has a number of Matrices starting with the Enterprise Matrix which covers PRE (preparatory), Windows, MacOS, Linux, Cloud, Network and Containers. There is also a Mobile Matrix and an ICS (Industrial Control Systems). ATT&CK’s knowledge base is fully searchable to identify adversary group profiles, techniques, tactics, and mitigations. They also have free training on how to utilize their Matrices and an annual conference called ATT&CKcon. They can be followed on Twitter @MITREattack.

Awesome Threat Intelligence is a GitHub repository, and as you would expect a collection of awesome threat intelligence resources.

MB Secure released DeTT&CT – DEtect Tactics, Techniques & Combat Threats which was created at the Cyber Defence Centre of Rabobank, and built atop MITRE | ATT&CK. DeTT&CT enables blue teams who are utilizing ATT&CK to compare and score various data points to become more resilient against adversary attacks. Find their wiki on GitHub at rabobank-cdc/DeTTECT.


More Best Practices

Best Practices for Security Active Directory provides practical techniques from Microsoft for how to protect an enterprise Active Directory environment. The documentation covers Areas of Compromise, Reducing the Active Directory Attack Surface, Monitoring Active Directory for Signs of Compromise, and Planning for Compromise. What to Audit in AD is listed here in the Audit Policy Recommendations.


Learning and Development

Building a Home Security Lab from Black Hills Security. The slide presentation can be found here.

Offensive Security provides courses, certifications related to penetration testing. The Kali and Community Projects site contains various resources such as Kali Linux, VulnHub, Exploit Database, and Metasploit Unleashed.


Other Resources

CSIS – Center for International Strategic & International Studies provides a list of Significant Cyber Incidents and other topics related to Cybersecurity and Governance including Cybercrime and the Global Cyber Strategies Index which provides a compiled list of cyber strategies and laws by country and territory.

AuditScripts.com provides a number of Free Security Resources including the Collective Risk Project, Critical Security Controls with References, the Open Threat Taxonomy, and various Presentations.

CISA Cyber Resource Hub contains a wealth of cybersecurity resources, including training, tools, self-assessments, and other valuable resources.


Configuration

Mozilla SSL Configuration Generator provides a quick and easy way to generate configuration files for many of today’s most popular web servers.


Toolbox

SANS Ultimate List of Cheat Sheets contains a extensive list of quick reference links covering General Security, Digital Forensics and Incident Response, Offensive Operations, Cloud Security, Industrial Control Systems, Cyber Leadership. And Defender Primers.

Beginners guide to Regex is a great guide to learn how to use regex. Regex 101 – site provides a mechanism to build Regex patterns and test against strings.


Ransomware Prevention Resources

US Government has developed a centralized resource site for ransomware StopRansomware.gov. This site contains resources explaining what ransomware is, free tools, training, and best practices.

CISA has created a Cyber Incident & Vulnerability Response Playbooks which provides guidance on how to respond to a cyber incident. The guide also contains recommendations on how to build a process to respond to vulnerabilities.


Kubernetes

Kube-Bench is a tool which provides checks against the CIS Kubernetes Benchmark and other best practices. Tests are configured using YAML files, allowing for easy updates as practices and specifications evolve.

The Cybersecurity and Infrastructure Security Agency has developed Kubernetes Hardening Guidance. This guide includes additional information on the threat model, architecture, pod security, network segmentation and hardening, authentication and authorization, as well as log auditing.

Kubescape by Armo Security is a open-source tool to test Kubernetes configurations against multiple frameworks from NSA-CISA, MITRE, and DevSecOps best practices. Kubescape can be integrated and customize to support additional frameworks. Check out their GitHub Repository.

Microsoft Security has developed a threat matrix for Kubernetes based on the MITRE ATT&CK framework for containers matrix.


Pen Testing

Pentestit.com has a great list of red teaming and Adversary Emulation Tools

InfosecMatter.com is a great resource for pen testing methods, techniques, and tooling.

LOLBAS Project Living off the Land, Scripts and Binaries contains various techniques pen testers can use to test security controls.


OSINT

DNSDumpster.com free DNS lookup tool to gather detailed and graphical information on a domain’s IP and record mappings.


Vulnerabilities and Weaknesses

GitHub Advisory Database contains a list of malware occurrences and security vulnerabilities.