- ๐ Lists: https://github.com/mthcht/awesome-lists/tree/main/Lists
- ๐ต๏ธโโ๏ธ ThreatHunting Guides: https://mthcht.medium.com/list/threat-hunting-708624e9266f
- ๐ฐ Suspicious Named pipes: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_named_pipe_list.csv
- ๐ง Suspicious Windows Services: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_services_names_list.csv
- โฒ๏ธ Suspicious Windows Tasks: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_tasks_list.csv
- ๐ช Suspicious destination port: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_ports_list.csv
- ๐ก๏ธ Suspicious Firewall rules: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_firewall_rules_list.csv
- ๐ Suspicious User-agent: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_http_user_agents_list.csv
- ๐ Suspicious USB Ids: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv
- ๐ข Suspicious MAC address: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_mac_address_list.csv
- ๐ Suspicious Hostname: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_hostnames_list.csv
- ๐งฎ Metadata Executables: https://github.com/mthcht/awesome-lists/blob/main/Lists/Windows%20Metadata/executables_metadata_informations_list.csv
- ๐ธ๏ธ DNS over HTTPS server list: https://github.com/mthcht/awesome-lists/blob/main/Lists/dns_over_https_servers_list.csv
- ๐ Hijacklibs (updated automatically): https://github.com/mthcht/awesome-lists/blob/main/Lists/Hijacklibs/hijacklibs_list.csv
- ๐ TOR Nodes Lists (updated automatically): https://github.com/mthcht/awesome-lists/tree/main/Lists/TOR
- ๐ ๏ธ LOLDriver List (updated automatically): https://github.com/mthcht/awesome-lists/blob/main/Lists/Drivers/loldrivers_only_hashes_list.csv
- ๐ ๏ธ Malicious Bootloader List (updated automatically): https://github.com/mthcht/awesome-lists/blob/main/Lists/Drivers/malicious_bootloaders_only_hashes_list.csv
- ๐ Malicious SSL Certificates List (updated automatically): https://github.com/mthcht/awesome-lists/blob/main/Lists/SSL%20CERTS/ssl_certificates_malicious_list.csv
- ๐ DNSTWIST Lists (updated automatically): https://github.com/mthcht/awesome-lists/tree/main/Lists/DNSTWIST
- ๐ VPN IP address Lists (updated automatically):
- ๐ข Companies IP Range Lists (updated automatically)):
- ๐ข DigitalOcean: https://github.com/mthcht/awesome-lists/blob/main/Lists/Whitelists/Ranges_IP_Address_Company_List/bgp.he.net/DigitalOcean_IP_Ranges.csv
- ๐ข Microsoft: https://github.com/mthcht/awesome-lists/blob/main/Lists/Whitelists/Ranges_IP_Address_Company_List/bgp.he.net/microsoft_IP_Ranges.csv
- ๐ข Webex: https://github.com/mthcht/awesome-lists/blob/main/Lists/Whitelists/Ranges_IP_Address_Company_List/bgp.he.net/webex_IP_Ranges.csv
- ๐ Others correlation Lists: https://github.com/mthcht/awesome-lists/tree/main/Lists/Others
- ๐ Lists i need to finish: https://github.com/mthcht/awesome-lists/tree/main/todo
I regularly update most of these lists after each tool i analyze in my detection keywords project
- ABUSE.CH BLACKLISTS
- Block Lists
- DNS Block List
- Phishing Block List
- C2IntelFeeds
- Volexity TI
- Open Source TI
- C2 Tracker
- Unit42 IOC
- Unit42 Timely IOC
- Unit42 Articles IOC
- ThreatFOX IOC
- Zscaler ThreatLabz IOC
- Sophos lab IOC
- ESET Research IOC
- ExecuteMalware IOC
- Cisco Talos IOC
- Elastic Lab IOC
- Blackorbid APT Report IOC
- AVAST IOC
- DoctorWeb IOC
- BlackLotusLab IOC
- prodaft IOC
- Pr0xylife DarkGate IOC
- Pr0xylife Latrodectus IOC
- Pr0xylife WikiLoader IOC
- Pr0xylife SSLoad IOC
- Pr0xylife Pikabot IOC
- Pr0xylife Matanbuchus IOC
- Pr0xylife QakBot IOC
- Pr0xylife IceID IOC
- Pr0xylife Emotet IOC
- Pr0xylife BumbleBee IOC
- Pr0xylife Gozi IOC
- Pr0xylife NanoCore IOC
- Pr0xylife NetWire IOC
- Pr0xylife AsyncRAT IOC
- Pr0xylife Lokibot IOC
- Pr0xylife RemcosRAT IOC
- Pr0xylife nworm IOC
- Pr0xylife AZORult IOC
- Pr0xylife NetSupportRAT IOC
- Pr0xylife BitRAT IOC
- Pr0xylife BazarLoader IOC
- Pr0xylife SnakeKeylogger IOC
- Pr0xylife njRat IOC
- Pr0xylife Vidar IOC
- Virustotal
- SpamHaus
- AbuseIPDB
- Malwarebazaar
- emailrep
- cloudfare scan
- shodan
- Onyphe
- Censys
- threatminer
- urlscan
- Apptotal (apps and extensions analysis)
- urlquery
- cloudfare scanner
- urlvoid
- urldns
- checkphish
- ipvoid
- mxtoolbox
- Microsoft TI
- pulsedive
- threatbook
- McAfee Threat Intelligence Exchange
- Kaspersky Security Network
- Microsoft Security Intelligence Report
- IBM X-Force Exchange
- AlienVault OTX
- greynoise
- whoxy
- jsoncrack
- cyberchef
- Hash calculator
- regex101
- CyberChef
- Javascript Deobfuscator
- JSONViewer
- TextMechanic
- UrlEncode.org
- TextFixer
- RegExr
- TextUtils
- TextCompactor
- Pretty Diff
- XML Tree
- Online XML Formatter and Beautifier
- XML Escape Tool
- DiffChecker
- CSVJSON
- HTML Formatter
- Text Tool
- String Manipulation Tool
- unshorten it
- urlunscrambler
- longurl
- Message Header
- MXToolbox EmailHeaders
- Email Header Analyzer
- Email Header Analysis
- Gitlab dashboard from Excel
- OPENAI
- uncoder
- DeHashed
- MITRE techniques
- MITRE Updates
- MITRE D3fend
- MITRE Navigator
- MITRE Datasources
- GTFOBIN
- LOLBAS
- LOTS
- loldrivers
- WTFBIN
- Sigma
- Splunk Rules
- Elastic Rules
- DFIR-Report Sigma-Rules
- JoeSecurity Sigma-Rules
- mdecrevoisier Sigma-Rules
- P4T12ICK Sigma-Rules
- tsale Sigma-Rules
- list of detections resources
- detection engineering resources
- CERT-FR
- CERT FR Alerts
- CERT FR Avis
- NIST CVEs
- JPCERT
- CISA news
- thedfirreport Feed
- Splunk Research Blog
- Unit42 Feed
- DFIR weekly sumary - thisweekin4n6
- akamai Feed
- Elastic Blog
- Checkpoint research Feed
- Cisco Talos Feed
- Crowdstrike Feed
- Hexacorn Blog
- simone kraus Blog
- Michael Haag Blog
- EricaZelic Blog
- Adam Chester Blog Feed
- Mauricio Velazco Blog
- Clรฉment Notin Feed
- tenable Blog
- horizon3 Feed
- Incidents reports Feed
- NCC Group Research Feed
- SpecterOps Feed
- Redcanary Feed
- Sophos Research Feed
- virusbulletin
- Offensive Research - DSAS by INJECT
- HackerNews Feed
- Bleepingcomputer Feed
- detect.fyi
- @inversecos - APT Emulation Labs: xintra
- 13cubed - Investigating Windows Endpoints: 13cubed.com
- @0gtweet - Forensic course: Mastering Windows Forensics
- SANS: SANS508
- Defensive-security: Linux-live-forensics
- @TheDFIRReport : LABs with logs from the existing reports dfir-labs
- @DebugPrivilege : Forensic Debugging free course InsightEngineering