Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

53 KiB

Defense


Table of Contents


  • To-Do
    • User Awareness training
    • Objective-See Tools
    • Cred defense
    • SPA
    • Ransomware
    • Fix ToC more.

101/Basics


I Want to...(Personal)

  • Create an Asset Inventory
  • Track all my Assets
  • Create a Basic Security Plan
  • Create a Basic Security Strategy

I Want to...(Enterprise/Organization)


Specific Technical Defenses

  • 101 Level Stuff/Concepts
  • Access Controls
  • Application Execution Control
  • Application Monitoring & Logging
  • Firewalls
    • 101

    • Implementation

      • Linux
        • OpenSnitch
          • OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
      • macOS
        • Littlesnitch
        • LuLu
      • Windows
        • simplewall
          • Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For correct working, need administrator rights.
    • Management

      • Assimilator
        • The first restful API to control all firewall brands. Configure any firewall with restful API calls, no more manual rule configuration. Centralize all your firewalls into one API.
  • Malicious Devices
  • System Monitoring & Logging

Blue Team Tactics & Strategies


Attack Surface Analysis & Reduction

  • Monitoring
    • Tools
      • Intrigue-core
        • Intrigue-core is a framework for automated attack surface discovery.

Linux


macOS


Windows

  • Impement Application Execution Control

Databases(SQL/NoSQL)


Computer Networks

  • General
  • ACLs
    • Tools
      • Capirca
        • Capirca is a tool designed to utilize common definitions of networks, services and high-level policy files to facilitate the development and manipulation of network access control lists (ACLs) for various platforms. It was developed by Google for internal use, and is now open source.
  • Single Packet Authorization
    • Articles/Blogposts/Writeups
    • Papers
    • Tools
      • DrawBridge
        • A layer 4 Single Packet Authentication (SPA) Module, used to conceal TCP ports on public facing machines and add an extra layer of security.
  • SSH
    • Articles/Blogposts/Writeups
    • Documents
      • Mozilla OpenSSH
        • The goal of this document is to help operational teams with the configuration of OpenSSH server and client. All Mozilla sites and deployment should follow the recommendations below. The Enterprise Information Security (Infosec) team maintains this document as a reference guide.
      • CERT-NZ SSH Hardening
        • CERT NZ documentation for hardening SSH server and client configuration, and using hardware tokens to protect private keys
    • Tools
      • ssh-audit
        • SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Mitigate Phishing Attacks

  • 101
    • See 'Phishing.md'
  • Articles/Blogposts/Writeups
  • Tools
    • SwordPhish
      • SwordPhish is a very simple but effective button that sits within the users Outlook toolbar. One click and the suspicious e-mail is instantly reported to your designated recipient (i.e your internal security team, or SoC) and contains all metadata required for investigation.
    • Mercure
      • Mercure is a tool for security managers who want to teach their colleagues about phishing.
    • PPRT
      • This module is used to report phishing URLs to their WHOIS/RDAP abuse contact information.
    • PhishingKitHunter
      • PhishingKitHunter (or PKHunter) is a tool made for identifying phishing kits URLs used in phishing campaigns targeting your customers and using some of your own website files (as CSS, JS, ...). This tool - write in Python 3 - is based on the analysis of referer's URL which GET particular files on the legitimate website (as some style content) or redirect user after the phishing session. Log files (should) contains the referer URL where the user come from and where the phishing kit is deployed. PhishingKitHunter parse your logs file to identify particular and non-legitimate referers trying to get legitimate pages based on regular expressions you put into PhishingKitHunter's config file.
    • Hunting-Newly-Registered-Domains
      • The hnrd.py is a python utility for finding and analysing potential phishing domains used in phishing campaigns targeting your customers. This utility is written in python (2.7 and 3) and is based on the analysis of the features below by consuming a free daily list provided by the Whoisds site.
    • SwiftFilter
      • Exchange Transport rules using text matching and Regular Expressions to detect and enable response to basic phishing. Designed to augment EOP in Office 365.

Mitigate Ransomware Attacks

  • Tools
    • Decryptonite
      • Decryptonite is a tool that uses heuristics and behavioural analysis to monitor for and stop ransomware.

<<<<<<< HEAD

Table of Contents


For Journalists

* [Information Security For Journalist book - Centre for Investigative Journalism](http://files.gendo.nl/Books/InfoSec_for_Journalists_V1.1.pdf)

For Individuals Leaking Sensitive Information

  • Performing
    • Tools
  • Preventing
    • Talks/Presentations/Videos
      • You're Leaking Trade Secrets - Defcon22 Michael Schrenk
        • Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
    • Tools
      • AIL framework - Analysis Information Leak framework
        • AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information.
      • git-secrets
        • Prevents you from committing passwords and other sensitive information to a git repository.
      • keynuker
        • KeyNuker scans public activity across all Github users in your Github organization(s) and proactively deletes any AWS keys that are accidentally leaked. It gets the list of AWS keys to scan by directly connecting to the AWS API.

General Hardening