mthcht/awesome-lists

GitHub: mthcht/awesome-lists

面向SOC/CERT/CTI的一站式威胁检测、取证分析与情报资源聚合库。

Stars: 1264 | Forks: 157

# SOC/DFIR 检测安全列表 [![Awesome](https://awesome.re/badge.svg)](https://awesome.re) ![dt](https://static.pigsec.cn/wp-content/uploads/repos/2026/03/1cea706eee155042.jpg) ## 🐾 威胁狩猎: - [ThreatHunting 关键字站点](https://mthcht.github.io/ThreatHunting-Keywords/) - [ThreatHunting 关键字列表](https://github.com/mthcht/ThreatHunting-Keywords) - [ThreatHunting Yara 规则](https://github.com/mthcht/ThreatHunting-Keywords-yara-rules) [ThreatHunting 搜索](https://github.com/mthcht/Purpleteam/tree/main/Detection/Threat%20Hunting/generic)

- [Windows 服务搜索](https://detect.fyi/threat-hunting-suspicious-windows-service-names-2f0dceea204c) - [User-Agents 搜索](https://mthcht.medium.com/threat-hunting-suspicious-user-agents-3dd764470bd0) - [DNS Over HTTPS 搜索](https://mthcht.medium.com/detecting-dns-over-https-30fddb55ac78) - [可疑 TLD 搜索](https://mthcht.medium.com/threat-hunting-suspicious-tlds-a742c2adbf58) - [HijackLibs 搜索](https://mthcht.medium.com/detect-dll-hijacking-techniques-from-hijacklibs-with-splunk-c760d2e0656f) - [钓鱼 & DNSTWIST 搜索](https://detect.fyi/detecting-phishing-attempts-with-dnstwist-37c426b3bbb8) - [浏览器扩展搜索](https://mthcht.medium.com/detecting-browser-extensions-installations-e0ac2b45c46b) - [C2 隐藏行踪](https://mthcht.medium.com/c2-hiding-in-plain-sight-7a83963b9344) - [HTML Smuggling 产物](https://mthcht.medium.com/detecting-html-smuggling-phishing-attempts-15af824e60e4) - [PSEXEC 及类似工具搜索](https://mthcht.medium.com/detecting-psexec-and-similar-tools-c812bf3dca6c) - [时间滑移检测](https://mthcht.medium.com/event-log-manipulations-1-time-slipping-55bf95631c40) - [可疑命名管道](https://detect.fyi/threat-hunting-suspicious-named-pipes-a4206e8a4bc8)

## 📂 我的检测列表 - 📋 列表：https://github.com/mthcht/awesome-lists/tree/main/Lists - 🕵️‍♂️ ThreatHunting 指南：https://mthcht.medium.com/list/threat-hunting-708624e9266f - 🚰 可疑命名管道：[suspicious_named_pipe_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_named_pipe_list.csv) - 🌐 可疑 TLD（自动更新）：[[suspicious_TLDs]](https://github.com/mthcht/awesome-lists/tree/main/Lists/TLDs) - 🌐 可疑 ASN（自动更新）：[[suspicious ASNs]](https://github.com/mthcht/awesome-lists/tree/main/Lists/ASNs) - 🌐 仅供参考 Maxmind GeoIP 数据库（自动更新）：[GeoIP DB](https://github.com/mthcht/awesome-lists/tree/main/Lists/ASNs/correlation_maxmind_geo_db/maxmind_databases/extracted) - 🔧 可疑 Windows 服务：[suspicious_windows_services_names_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_services_names_list.csv) - ⏲️ 可疑 Windows 任务：[suspicious_windows_tasks_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_tasks_list.csv) - 🚪 可疑目标端口：[suspicious_ports_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_ports_list.csv) - 🛡️ 可疑防火墙规则：[suspicious_windows_firewall_rules_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_windows_firewall_rules_list.csv) - 🆔 可疑 User-agent：[suspicious_http_user_agents_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_http_user_agents_list.csv) - 🔏 可疑证书签名者：[\[suspicious CERTS\]](https://github.com/mthcht/awesome-lists/tree/main/Lists/CERTS) - 📇 可疑 USB ID：[suspicious_usb_ids_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_usb_ids_list.csv) - 🏷️ 可疑互斥体名称：[suspicious_mutex_names_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_mutex_names_list.csv) - 🔢 可疑 MAC 地址：[suspicious_mac_address_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_mac_address_list.csv) - 📛 可疑主机名：[suspicious_hostnames_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_hostnames_list.csv) - 🌐 可疑浏览器扩展：[Browser Extensions](https://github.com/mthcht/awesome-lists/tree/main/Lists/Browser%20Extensions) - 📧 Microsoft App ID 列表 - BEC 检测 [microsoft_apps_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/microsoft_apps_list.csv) - 🧮 可执行文件元数据：[executables_metadata_informations_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Windows%20Metadata/executables_metadata_informations_list.csv) - 🕸️ DNS over HTTPS 服务器列表：[dns_over_https_servers_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/dns_over_https_servers_list.csv) - 🕸️ 动态 DNS 域名列表： [dyndns_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/DYNDNS/dyndns_list.csv) - 🪝 钓鱼列表：[Phishing domains and urls](https://github.com/mthcht/awesome-lists/tree/main/Lists/Phishing) - 🕸️ 域名：[\[sinkholed servers\]](https://github.com/mthcht/awesome-lists/tree/main/Lists/Domains) - 🕳️ Sinkhole 域名：[sinkholed_domains.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Domains/sinkholed_servers/sinkholed_domains.csv) - 🕳️ Sinkhole 站点：[SINKHOLED](https://github.com/sinkholed/sinkholed.github.io) - 📚 Hijacklibs（自动更新）：[hijacklibs_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Hijacklibs/hijacklibs_list.csv) - 🌐 TOR 节点列表（自动更新）：[[TOR]](https://github.com/mthcht/awesome-lists/tree/main/Lists/TOR) - 🛠️ LOLDriver 列表（自动更新）：[loldrivers_only_hashes_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Drivers/loldrivers_only_hashes_list.csv) - 🛠️ 恶意 Bootloader 列表（自动更新）：[malicious_bootloaders_only_hashes_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/Drivers/malicious_bootloaders_only_hashes_list.csv) - 📜 恶意 SSL 证书列表（自动更新）：[ssl_certificates_malicious_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/SSL%20CERTS/ssl_certificates_malicious_list.csv) - 🖥️ RMM 检测：[[RMM]](https://github.com/mthcht/awesome-lists/tree/main/Lists/RMM) - 👤🔑 AD/EntraID/AWS 的重要角色和组：[[permissions]](https://github.com/mthcht/awesome-lists/tree/main/Lists/permissions) - 💻🔒 勒索软件已知文件扩展名：[ransomware_extensions_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/ransomware_extensions_list.csv) - 💻🔒 勒索软件已知勒索信文件名：[ransomware_notes_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/ransomware_notes_list.csv) - 📝 Windows ASR 规则：[windows_asr_rules.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/windows_asr_rules.csv) - 🌐 DNSTWIST 列表（自动更新）：[DNSTWIST Default Domains + script](https://github.com/mthcht/awesome-lists/tree/main/Lists/Phishing/DNSTWIST) - 🌍 VPN [IP 地址列表](https://github.com/mthcht/awesome-lists/tree/main/Lists/VPN)（自动更新）： - 🛡️ NordVPN：[nordvpn_ips_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/NordVPN/nordvpn_ips_list.csv) - 🛡️ ProtonVPN：[protonvpn_ip_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/ProtonVPN/protonvpn_ip_list.csv) - 🛡️ SurfShark：[surfshark_vpn_servers_domains_and_ips_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/SurfSharkVPN/surfshark_vpn_servers_domains_and_ips_list.csv) - 🛡️ MullVad：[mullvad_relay_servers_ips_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/VPN/MullVad/mullvad_relay_servers_ips_list.csv) - 🌍 代理 [PROXY IP/端口列表](https://github.com/mthcht/awesome-lists/tree/main/Lists/PROXY) - 🏢 公司 IP 范围列表（自动更新）：[Default Lists + script](https://github.com/mthcht/awesome-lists/tree/main/Lists/Ranges_IP_Address_Company_List/bgp.he.net) / [Microsoft](https://github.com/mthcht/awesome-lists/tree/main/Lists/Ranges_IP_Address_Company_List/Microsoft) - 📍 GeoIP 服务列表：[ip_location_sites_list.csv](https://github.com/mthcht/awesome-lists/blob/main/Lists/GeoIP/ip_location_sites_list.csv) - 🧬 Yara 规则：[Threat Hunting yara rules](https://github.com/mthcht/ThreatHunting-Keywords-yara-rules) - 🧬 攻击性工具检测模式：[offensive_tool_keywords.csv](https://raw.githubusercontent.com/mthcht/ThreatHunting-Keywords/main/offensive_tool_keyword.csv) - 🧬 灰色软件工具检测模式：[greyware_tool_keyword.csv](https://raw.githubusercontent.com/mthcht/ThreatHunting-Keywords/main/greyware_tool_keyword.csv) - 🧬 AV 签名关键字：[signature_keyword.csv](https://github.com/mthcht/ThreatHunting-Keywords/blob/main/signature_keyword.csv) - 🧬 Microsoft Defender AV 签名列表：[[Defender]](https://github.com/mthcht/awesome-lists/tree/main/Lists/AV%20signatures/Defender) + [yara](https://github.com/mthcht/awesome-lists/tree/main/Lists/Others/Defender_yara_rules) - 🧬 ClamAV 签名列表：[[ClamAV]](https://github.com/mthcht/awesome-lists/tree/main/Lists/AV%20signatures/ClamAV) - 🔗 其他关联列表：[[Others]](https://github.com/mthcht/awesome-lists/tree/main/Lists/Others) - 📋 待完成的列表：[[todo]](https://github.com/mthcht/awesome-lists/tree/main/Lists/Others/todo) 我会在我的 [detection keywords](https://github.com/mthcht/ThreatHunting-Keywords) 项目中分析完每个工具后定期更新大多数这些列表。 ## 其他列表 ### 🛡️ DFIR：

- [🔥 EricZimmerman 工具集 🔥](https://ericzimmerman.github.io/#!index.md) - [usnjrnl_rewind](https://github.com/CyberCX-DFIR/usnjrnl_rewind) - [dfir-orc](https://github.com/dfir-orc) - [dfir-orc-config](https://github.com/DFIR-ORC/dfir-orc-config) - [Arsenal Recon 取证工具](https://arsenalrecon.com/downloads) - [Splunk4DFIR](https://github.com/mf1d3l/Splunk4DFIR) - [dfiq](https://github.com/google/dfiq) - [思维导图](https://github.com/AndrewRathbun/DFIRMindMaps) - [工件列表 - DFIRArtifactMuseum](https://github.com/AndrewRathbun/DFIRArtifactMuseum) - [工件列表 - ForensicArtifacts](https://github.com/ForensicArtifacts/artifacts) - [Autopsy](https://www.autopsy.com/download/) - [SleuthKit](https://github.com/sleuthkit/sleuthkit) - [\[操作系统\] SIFT Workstation](https://www.sans.org/tools/sift-workstation/) - [\[操作系统\] Remnux](https://remnux.org/) - [\[操作系统\] sof-elk](https://github.com/philhagen/sof-elk) - [\[操作系统\] tsurugi](https://tsurugi-linux.org/) - [\[操作系统\] DEFT](https://distrowatch.com/table.php?distribution=deft) - [\[操作系统\] Flare VM](https://github.com/mandiant/flare-vm) - [PSBits](https://github.com/gtworek/PSBits/tree/master/DFIR) - [Yara - Threat Hunting](https://github.com/mthcht/ThreatHunting-Keywords-yara-rules) + [TH](https://github.com/mthcht/ThreatHunting-Keywords) - [Yara - Forge](https://github.com/YARAHQ/yara-forge) - [capa](https://github.com/mandiant/capa) - [Malcontent](https://github.com/chainguard-dev/malcontent) - [\[事件解析器\] evtx](https://github.com/omerbenamram/evtx) - [\[事件解析器\] procmon-parser](https://github.com/eronnen/procmon-parser) - [\[事件解析器\] Linux - MasterParser](https://github.com/securityjoes/MasterParser) - [\[EVTX\] Hayabusa](https://github.com/Yamato-Security/hayabusa) - [\[EVTX\] WELA](https://github.com/Yamato-Security/WELA) - [\[EVTX\] chainsaw](https://github.com/WithSecureLabs/chainsaw) - [\[EVTX\] APTHunter](https://github.com/ahmedkhlief/APT-Hunter/) - [\[EVTX / Auditd\] Zircolite](https://github.com/wagga40/Zircolite) - [werejugo](https://github.com/MarkBaggett/werejugo) - [srum-dump](https://github.com/MarkBaggett/srum-dump) - [ADTimeline](https://github.com/ANSSI-FR/ADTimeline) - [PersistenceSniper](https://github.com/last-byte/PersistenceSniper) - [\[O365\] 日志 - Microsoft-Analyzer-Suite](https://github.com/evild3ad/Microsoft-Analyzer-Suite) - [Logon Tracer](https://github.com/JPCERTCC/LogonTracer) - [Timeline Plaso](https://github.com/log2timeline/plaso) - [Timeline TimeSketch](https://github.com/google/timesketch) - [regripper](https://github.com/warewolf/regripper) - [OneDrive OCR DB 工件收集器 exe](https://github.com/vxunderground/OCRMe/) - [OneDrive OCR DB 工件收集器 python ](https://github.com/Beercow/OCRMe) - [hollows hunter](https://github.com/hasherezade/hollows_hunter) - [PE sieve](https://github.com/hasherezade/pe-sieve) - [RdpCacheStitcher](https://github.com/BSI-Bund/RdpCacheStitcher) - [搜索字符串 - ripgrep](https://github.com/BurntSushi/ripgrep) - [搜索字符串 - Recoll](https://www.recoll.org/pages/recoll-windows.html) - [Kape](https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape) - [Kape Files](https://github.com/EricZimmerman/KapeFiles) - [更多 Kape 资源](https://github.com/AndrewRathbun/Awesome-KAPE) - [VolatileDataCollector](https://github.com/gtworek/VolatileDataCollector) - [Velociraptor](https://github.com/Velocidex/velociraptor) - [TZ 工具](https://www.tzworks.com/download_links.php) - [Nirsoft 工具](https://www.nirsoft.net/) - [\[内存\] MemDump](https://nircmd.nirsoft.net/memdump.html) - [\[内存\] MemProcFS](https://github.com/ufrisk/MemProcFS) - [\[内存\] MemProcFS-Analyzer](https://github.com/LETHAL-FORENSICS/MemProcFS-Analyzer) - [\[内存\] avml](https://github.com/microsoft/avml) - [\[内存\] WinPmem](https://github.com/Velocidex/WinPmem) - [\[内存\] Volatility](https://github.com/volatilityfoundation/volatility3/) - [\[镜像挂载\] FTK Imager](https://www.exterro.com/ftk-product-downloads) - [\[镜像挂载\] OSFMount](https://www.osforensics.com/tools/mount-disk-images.html) - [\[网络\] Network Miner](https://www.netresec.com/?page=NetworkMiner) - [\[网络\] Wireshark](https://wwwireshark.org/) - [\[网络\] xplico](https://www.xplico.org/) - [\[文件恢复\] PhotoRec](https://www.cgsecurity.org/wiki/PhotoRec) - [\[文件恢复\] Bulk Extractor](https://github.com/simsong/bulk_extractor) - [Didier Stevens 工具](https://blog.didierstevens.com/programs/) - [\[内存\] Lime](https://github.com/504ensicsLabs/LiME) - [Windows 工件](https://github.com/Psmths/windows-forensic-artifacts) - [\[Linux\] UAC](https://github.com/tclahr/uac) - [\[Linux\] EXT4 / XFS - fjta](https://github.com/mnrkbys/fjta) - [列表 - aboutdfir.com](https://aboutdfir.com/) - [监控 - Osquery](https://github.com/osquery/osquery) - [\[IR 指南\] OpenProject ](https://github.com/DebugPrivilege/OpenProject) - [\[OSX 工具\] Knockknock](objective-see.com/products/knockknock.html) - [\[OSX 工具\] mac_apt](https://github.com/ydkhatri/mac_apt) - [浏览器 Chrome 扩展 DNS 取证](https://github.com/arsolutioner/ExtensionHound)

### 🚫 IOC 源/黑名单：

- [ABUSE.CH 黑名单](https://sslbl.abuse.ch/blacklist/) - [拦截列表](https://github.com/blocklistproject/Lists) - [DNS 拦截列表](https://github.com/hagezi/dns-blocklists) - [钓鱼拦截列表](https://github.com/jarelllama/Scam-Blocklist) - [Binary Defense IP 拦截列表](https://www.binarydefense.com/banlist.txt) - [C2IntelFeeds](https://github.com/drb-ra/C2IntelFeeds) - [Volexity TI](https://github.com/volexity/threat-intel) - [开源 TI](https://github.com/Bert-JanP/Open-Source-Threat-Intel-Feeds) - [C2 Tracker](https://github.com/montysecurity/C2-Tracker) - [Unit42 IOC](https://github.com/mthcht/iocs) - [Sekoia IOC](https://github.com/SEKOIA-IO/Community/tree/main/IOCs) - [Unit42 Timely IOC](https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel) - [Unit42 文章 IOC](https://github.com/PaloAltoNetworks/Unit42-Threat-Intelligence-Article-Information) - [ThreatFOX IOC](https://threatfox.abuse.ch/export/) - [Zscaler ThreatLabz IOC](https://github.com/threatlabz/iocs) - [Zscaler ThreatLabz 勒索信](https://github.com/ThreatLabz/ransomware_notes) - [experiant.ca](https://fsrm.experiant.ca/api/v1/get]) - [Sophos lab IOC](https://github.com/sophoslabs/IoCs) - [ESET Research IOC](https://github.com/eset/malware-ioc) - [ExecuteMalware IOC](https://github.com/executemalware/Malware-IOCs) - [Cisco Talos IOC](https://github.com/Cisco-Talos/IOCs) - [Elastic Lab IOC](https://github.com/elastic/labs-releases/tree/main/indicators) - [Blackorbid APT 报告 IOC](https://github.com/blackorbird/APT_REPORT) - [AVAST IOC](https://github.com/avast/ioc) - [Zimperium IOC](https://github.com/Zimperium/IOC) - [HarfangLab IOC](https://github.com/HarfangLab/iocs) - [DoctorWeb IOC](https://github.com/DoctorWebLtd/malware-iocs) - [BlackLotusLab IOC](https://github.com/blacklotuslabs/IOCs) - [prodaft IOC](https://github.com/prodaft/malware-ioc) - [Pr0xylife DarkGate IOC](https://github.com/pr0xylife/DarkGate) - [Pr0xylife Latrodectus IOC](https://github.com/pr0xylife/Latrodectus) - [Pr0xylife WikiLoader IOC](https://github.com/pr0xylife/WikiLoader) - [Pr0xylife SSLoad IOC](https://github.com/pr0xylife/SSLoad) - [Pr0xylife Pikabot IOC](https://github.com/pr0xylife/Pikabot) - [Pr0xylife Matanbuchus IOC](https://github.com/pr0xylife/Matanbuchus) - [Pr0xylife QakBot IOC](https://github.com/pr0xylife/Qakbot) - [Pr0xylife IceID IOC](https://github.com/pr0xylife/IcedID) - [Pr0xylife Emotet IOC](https://github.com/pr0xylife/Emotet) - [Pr0xylife BumbleBee IOC](https://github.com/pr0xylife/Bumblebee) - [Pr0xylife Gozi IOC](https://github.com/pr0xylife/Gozi) - [Pr0xylife NanoCore IOC](https://github.com/pr0xylife/Nanocore) - [Pr0xylife NetWire IOC](https://github.com/pr0xylife/Netwire) - [Pr0xylife AsyncRAT IOC](https://github.com/pr0xylife/AsyncRAT) - [Pr0xylife Lokibot IOC](https://github.com/pr0xylife/Lokibot) - [Pr0xylife RemcosRAT IOC](https://github.com/pr0xylife/RemcosRAT) - [Pr0xylife nworm IOC](https://github.com/pr0xylife/nworm) - [Pr0xylife AZORult IOC](https://github.com/pr0xylife/AZORult) - [Pr0xylife NetSupportRAT IOC](https://github.com/pr0xylife/NetSupportRAT) - [Pr0xylife BitRAT IOC](https://github.com/pr0xylife/BitRAT) - [Pr0xylife BazarLoader IOC](https://github.com/pr0xylife/BazarLoader) - [Pr0xylife SnakeKeylogger IOC](https://github.com/pr0xylife/SnakeKeylogger) - [Pr0xylife njRat IOC](https://github.com/pr0xylife/njRat) - [Pr0xylife Vidar IOC](https://github.com/pr0xylife/Vidar) - [Pr0xylife Warmcookie IOC](https://github.com/pr0xylife/Warmcookie-Badspace) - [Cloud Intel IOC](https://github.com/unknownhad/CloudIntel) - [钓鱼网址 - 上周推送](https://file.jeroengui.be/phishing/last_week.txt) - [SpamHaus drop.txt](https://www.spamhaus.org/drop/drop.txt) - [SpamHaus drop + ASN](https://www.spamhaus.org/blocklists/do-not-route-or-peer/) - [UrlHaus_misp](https://urlhaus.abuse.ch/downloads/misp/) - [UrlHaus_misp ASN](https://urlhaus.abuse.ch/feeds/) - [UrlHaus](https://urlhaus.abuse.ch/api/#csv) - [vx-underground - 样本和情报报告的绝佳资源](https://vx-underground.org/Samples) - [Ransomware.live](https://ransomware.live) - [rosti.bin 公开报告源](https://rosti.bin.re/feeds)

### 🐙 Github

- [更多 Github 列表](https://github.com/mthcht?tab=stars&user_lists_direction=asc&user_lists_sort=name)

### 🖥️ SIEM/SOC/紫队相关：

- [EDR 遥测](https://github.com/tsale/EDR-Telemetry) - [紫队脚本](https://github.com/mthcht/Purpleteam) - [Awesome-SOC](https://github.com/cyb3rxp/awesome-soc) - [Awesome SOC 分析师](https://github.com/st0pp3r/awesome-soc-analyst) - [使用 Splunk 进行威胁狩猎](https://github.com/mthcht/ThreatHunting-Keywords) - [检测列表](https://github.com/mthcht/awesome-lists/Lists) - [紫队原子测试](https://github.com/redcanaryco/atomic-red-team)

### 📊 TI TTP/框架/模型/跟踪器

- [勒索软件组织使用的工具 - @BushidoToken](https://github.com/BushidoUK/Ransomware-Tool-Matrix) - [俄罗斯 APT 使用的工具](https://github.com/BushidoUK/Russian-APT-Tool-Matrix) - [与组织关联的工具（部分）](https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU) - [技术 - MITRE ATT&CK](https://attack.mitre.org/techniques/enterprise/) - [战术 - MITRE ATT&CK](https://attack.mitre.org/tactics/enterprise/) - [组织与行动命名规范矩阵](https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU) - [缓解措施 - MITRE ATT&CK](https://attack.mitre.org/mitigations/enterprise/) - [ATT&CK 矩阵导航器](https://mitre-attack.github.io/attack-navigator/) - [xlsx 格式的所有 MITRE 数据](https://attack.mitre.org/resources/attack-data-and-tools/) - [威胁行为者组织使用的工具 - MITRE ATT&CK](https://attack.mitre.org/software/) - [atomic-red-team](https://github.com/redcanaryco/atomic-red-team) - [redcanary 威胁检测报告](https://redcanary.com/threat-detection-report/) - [统一杀伤链](https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf) - [TTP 金字塔](https://scythe.io/library/summiting-the-pyramid-of-pain-the-ttp-pyramid) - [痛苦金字塔](https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html) - [网络杀伤链](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) - [MITRE D3FEND](https://d3fend.mitre.org/) - [MITRE CAPEC](https://capec.mitre.org/) - [MITRE CAR](https://car.mitre.org/) - [MITRE DeTTECT](https://github.com/rabobank-cdc/DeTTECT) - [MITRE PRE-ATT&CK 技术](https://attack.mitre.org/versions/v7/techniques/pre/) - [APTMAP](https://github.com/andreacristaldi/APTmap) - [CVE 漏洞数据库](https://cve.mitre.org/) - [CVE 漏洞框架](https://github.com/CERTCC/SSVC) - [REACT 框架](https://atc-project.github.io/react-navigator/) - [🔥所有 TI 报告🔥](https://github.com/mthcht/ThreatIntel-Reports) - [🔥所有 TI 报告搜索🔥](https://mthcht.github.io/ThreatIntel-Reports/)

### 🕵️‍♂️ 调查 #### 📊 TI 检查

- [Virustotal](https://www.virustotal.com/#/home/search) - [SpamHaus](https://check.spamhaus.org/) - [app.spur.us](https://app.spur.us/) - [AbuseIPDB](https://www.abuseipdb.com/) - [Telegram BOT 狩猎](https://matkap.cti.monster/) - [Malwarebazaar](https://bazaar.abuse.ch/) - [emailrep](https://emailrep.io/) - [dnsdumpster](https://dnsdumpster.com/) - [nslookup.io](https://www.nslookup.io/) - [Cloudflare URL 扫描](https://radar.cloudflare.com/scan) - [代理 IP 检查 - proxycheck.io](https://proxycheck.io/web/) - [IP 信誉检查 criminalip](https://www.criminalip.io/en) - [代理 IP 检查 - iphub.info](https://iphub.info/) - [shodan](https://www.shodan.io/) - [Onyphe](https://www.onyphe.io/) - [haveibeenpwned](https://haveibeenpwned.com/) - [leakcheck.io](leakcheck.io) - [Censys](https://search.censys.io/) - [cybergordon (URL 信誉检查)](https://cybergordon.com/) - [threatminer](https://www.threatminer.org/) - [urlscan](https://urlscan.io/) - [Apptotal (应用和扩展分析)](https://apptotal.io/) - [urlquery](http://urlquery.net/) - [Cloudflare 扫描器](https://radar.cloudflare.com/) - [scamsearch.io](https://scamsearch.io/#anchorCeckNow) - [scamdb.net](https://www.scamdb.net/) - [urlvoid](https://www.urlvoid.com) - [urldna.io](https://urldna.io/) - [URL checkphish](https://checkphish.bolster.ai/) - [ipvoid](https://www.ipvoid.com/) - [mxtoolbox](https://mxtoolbox.com/NetworkTools.aspx) - [mxtoolbox 邮件头](https://mxtoolbox.com/EmailHeaders.aspx) - [Microsoft TI](https://ti.defender.microsoft.com/) - [pulsedive](https://pulsedive.com/) - [URL 重定向检查器](https://redirect-checker.net/) - [threatbook](https://threatbook.io/) - [Web Archive](https://web.archive.org/) - [McAfee 威胁情报交换](https://www.mcafee.com/enterprise/en-us/products/threat-intelligence-exchange.html) - [卡巴斯基安全网络](https://www.kaspersky.com/security-network) - [Microsoft 安全情报报告](https://www.microsoft.com/en-us/wdsi/intelligence-report) - [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/) - [AlienVault OTX](https://otx.alienvault.com/) - [greynoise](https://viz.greynoise.io/) - [whoxy](https://www.whoxy.com/reverse-whois/) - [URL tiny-scan](https://www.tiny-scan.com/) - [证书 - crt.sh](https://crt.sh/) - [网站 web-check](https://web-check.as93.net/) - [validin.com](https://app.validin.com/) - [浏览器扩展 CRX 检查器](https://crxaminer.tech/) - [.EXE 查询 - echotrail](https://www.echotrail.io/) - [Malware-Traffic-Analysis (PCAP 文件)](https://malware-traffic-analysis.net/) - [redhuntlabs](https://redhuntlabs.com/online-ide-search) - [whois domaintools](https://whois.domaintools.com/) - [ASN 检查 bgp.he](/bgp.he.net/) - [viewdns](http://viewdns.info/) - [OUI MAC 地址查询](https://www.wireshark.org/tools/oui-lookup.html) - [macvendorlookup](https://www.macvendorlookup.com/) - [.EXE 查询 - xcyclopedia](https://strontic.github.io/xcyclopedia/) - [abuse.ch](https://abuse.ch/#platforms) - [malware-traffic-analysis](https://www.malware-traffic-analysis.net/index.html) - [Wayback Machine](http://web.archive.org/) - [在线 Paste 工具查询](https://redhuntlabs.com/online-ide-search/) - [dnshistory](https://dnshistory.org/) - [asnlookup](https://asnlookup.com/) - [浏览器扩展检查器 - CRXaminer](https://crxaminer.tech/) - [ipinfo.io](https://ipinfo.io) - [fofa.info](https://fofa.info/) - [SecurityTrail](https://securitytrails.com/) - [ZoomEye](https://www.zoomeye.ai/) - [BlueCoat 查询](https://sitereview.bluecoat.com/) - [Norton 查询](https://safeweb.norton.com/) - [Fortinet 查询](https://www.fortiguard.com/webfilter) - [McAfee 查询](https://sitelookup.mcafee.com/) - [Trellix 查询](https://trustedsource.org/) - [Palo Alto 查询](https://urlfiltering.paloaltonetworks.com/query/) - [Talos Intelligence 查询](_URL_278/>) - [Checkpoint 查询](https://urlcat.checkpoint.com/urlcat/main.htm) - [Cyren 查询](https://www.cyren.com/security-center/url-category-check-gate) - [Forcepoint 查询](https://support.forcepoint.com/s/site-lookup) - [TrendMicro 查询](https://global.sitesafety.trendmicro.com/) - [USB & PCI 数据库 - DeviceHunt](https://devicehunt.com/)

#### 🔬 沙箱 / 模拟

- [沙箱 Anyrun](https://any.run/) - [triage](https://tria.ge/s) - [capesandbox](https://www.capesandbox.com/) - [joesandbox](https://www.joesandbox.com/analysispaged/0) - [filescan.io](https://www.filescan.io/) - [Hybrid Analysis](https://www.hybrid-analysis.com/) - [virustotal](https://www.virustotal.com) - [threat zone](https://app.threat.zone/scan) - [vmray](https://www.vmray.com/) - [卡巴斯基 opentip](https://opentip.kaspersky.com/requests) - [speakeasy (内核和用户模式模拟)](https://github.com/mandiant/speakeasy) - [DOGGuard](https://app.docguard.io/) - [卡巴斯基威胁情报门户](https://opentip.kaspersky.com/?tab=upload)

### 🧩 数据处理

- [CyberChef](https://gchq.github.io/CyberChef/) - [jsoncrack](https://jsoncrack.com/editor) - [Grok 调试器](https://grokdebugger.com/) - [JS 反混淆器](https://lelinhtinh.github.io/de4js/) - [PCAP 在线分析器](https://apackets.com/) - [哈希计算器](https://md5calc.com/hash) - [regex101](https://regex101.com/) - [PCAP 在线分析器](https://apackets.com/) - [Javascript 反混淆器 - deobfuscate.relative.im](https://deobfuscate.relative.im/) - [Javascript 反混淆器 - de4js](https://lelinhtinh.github.io/de4js/) - [JSONViewer](https://jsonviewer.stack.hu/) - [TextMechanic](https://textmechanic.com/) - [UrlEncode.org](https://www.urlencoder.org/) - [TextFixer](https://www.textfixer.com/) - [RegExr](https://regexr.com/) - [TextUtils](https://textutils.com/) - [TextCompactor](https://textcompactor.com/) - [Pretty Diff](https://prettydiff.com/) - [XML Tree](http://www.xmltree.com/) - [在线 XML 格式化和美化](https://www.freeformatter.com/xml-formatter.html) - [XML 转义工具](https://www.freeformatter.com/xml-escape.html) - [DiffChecker](https://www.diffchecker.com/) - [CSVJSON](https://www.csvjson.com/) - [HTML 格式化](https://htmlformatter.com/) - [文本工具](https://texttools.netlify.app/) - [字符串操作工具](https://string-functions.com/) - [unshorten it](https://www.unshorten.it) - [urlunscrambler](https://www.urlunscrambler.com/) - [URLEncode & Decode](https://www.urlencoder.org/) - [longurl](https://www.longurl.org/) - [消息头](https://mha.azurewebsites.net/pages/mha.html) - [MXToolbox EmailHeaders](https://mxtoolbox.com/EmailHeaders.aspx) - [邮件头分析器](https://emailheaders.verification-check.com/) - [邮件头分析](https://www.email-format.com/header-analysis/) - [从 Excel 生成 Gitlab 仪表板](https://thisdavej.com/copy-table-in-excel-and-paste-as-a-markdown-table/) - [uncoder](https://uncoder.io/) - [DeHashed](https://dehashed.com/) - [Diff Checker](https://www.diffchecker.com/) - [IT 工具](https://it-tools.tech/) - [ChatGPT](https://chatgpt.com/)

### 📡 检测资源

- [检测列表](https://github.com/mthcht/awesome-lists/tree/main/Lists) - [MITRE 技术](https://attack.mitre.org/techniques/enterprise/) - [MITRE 更新](https://attack.mitre.org/resources/updates/) - [MITRE D3fend](https://d3fend.mitre.org/) - [MITRE Navigator](https://mitre-attack.github.io/attack-navigator/) - [MITRE 数据源](https://attack.mitre.org/datasources/) - [GTFOBIN](https://github.com/mthcht/GTFOBins.github.io) - [LOLBAS](https://github.com/mthcht/LOLBAS) - [LOTS](https://lots-project.com/) - [LOLRMM](https://github.com/magicsword-io/LOLRMM) - [loldrivers](https://www.loldrivers.io/) - [LOLRMM](https://github.com/magicsword-io/LOLRMM) - [LOLC2](https://github.com/lolc2/lolc2.github.io) - [LOLESXI](https://github.com/LOLESXi-Project/LOLESXi) - [WTFBIN](https://wtfbins.wtf/) - [Sigma](https://github.com/mthcht/sigma/tree/master/rules) - [Splunk 规则](https://research.splunk.com/detections/) - [Elastic 规则](https://github.com/elastic/detection-rules) - [DFIR-Report Sigma-Rules](https://github.com/The-DFIR-Report/Sigma-Rules) - [JoeSecurity Sigma-Rules](https://github.com/joesecurity/sigma-rules/tree/master/rules) - [mdecrevoisier Sigma-Rules](https://github.com/mdecrevoisier/SIGMA-detection-rules) - [P4T12ICK Sigma-Rules](https://github.com/P4T12ICK/Sigma-Rule-Repository) - [tsale Sigma-Rules](https://github.com/tsale/Sigma_rules) - [检测资源列表](https://github.com/jatrost/awesome-detection-rules) - [KQL 狩猎查询](https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules) - [检测工程资源](https://github.com/infosecB/awesome-detection-engineering) - [Defender 资源](https://defenderresourcehub.info/) - [awesome-threat-detection](https://github.com/0x4D31/awesome-threat-detection) - [LOLOLFarm](https://lolol.farm/)

### 🌐 安全新闻

- [Adam Chester 博客订阅](https://blog.xpnsec.com/rss.xml) - [AhnLab APT 订阅](https://asec.ahnlab.com/en/category/apt-en/feed/) - [AhnLab CERT 订阅](https://asec.ahnlab.com/en/category/cert-en/feed) - [AhnLab 钓鱼订阅](https://asec.ahnlab.com/en/category/phishing-scam-en/feed) - [AhnLab 趋势订阅](https://asec.ahnlab.com/en/category/trend-en/feed) - [Akamai 博客订阅](https://feeds.feedburner.com/akamai/blog) - [Any.run 恶意软件分析博客订阅](https://any.run/cybersecurity-blog/category/malware-analysis/feed/) - [Avast 博客订阅](https://blog.avast.com/rss.xml) - [badsectorlabs 上周安全动态 - Redteam](https://blog.badsectorlabs.com/feeds/all.atom.xml) - [BI.ZONE 博客订阅](https://medium.com/feed/@bi-zone) - [Bitdefender 实验室订阅](https://www.bitdefender.com/nuxt/api/en-us/rss/labs/) - [Binary Defense 博客订阅](https://www.binarydefense.com/feed/) - [Blackberry 博客](https://blogs.blackberry.com/en/home) - [BleepingComputer 订阅](https://www.bleepingcomputer.com/feed/) - [bleepingcomputer 订阅](https://www.bleepingcomputer.com/feed/) - [Broadcom 博客订阅](https://sed-cms.broadcom.com/rss/v1/blogs/rss.xml) - [CERT FR 警报](https://www.cert.ssi.gouv.fr/alerte/) - [CERT FR 公告](https://www.cert.ssi.gouv.fr/avis/) - [CERT LV 订阅](https://cert.lv/en/feed/rss/all) - [CERT PL 订阅](https://cert.pl/en/rss.xml) - [CERT SE 订阅](https://www.cert.se/feed.rss) - [CERT SI 订阅](https://www.cert.si/en/category/news/feed/) - [CERT UA 订阅](https://cert.gov.ua/api/articles/rss) - [CERT-FR](https://www.cert.ssi.gouv.fr/) - [Checkpoint 研究订阅](https://research.checkpoint.com/feed) - [CIRT bd 订阅](https://www.cirt.gov.bd/feed/) - [CISA 新闻订阅](https://www.cisa.gov/cybersecurity-advisories/all.xml) - [CISA 新闻](https://www.cisa.gov/news-events/news) - [Cisco Talos](https://www.talosintelligence.com/) - [Claroty Team82 研究](https://claroty.com/team82/research/) - [Cloudflare 安全订阅](https://blog.cloudflare.com/tag/security/rss) - [Clément Notin 订阅](https://clement.notin.org/feed.xml) - [CrowdStrike 反对手操作博客](https://www.crowdstrike.com/en-us/blog/category.counter-adversary-operations/) - [Deep Instinct 博客](https://www.deepinstinct.com/blog) - [detect.fyi](https://detect.fyi/) - [检测工程周报](https://www.detectionengineering.net/) - [DFIR 周报新闻](https://thisweekin4n6.com/) - [DFIR 周报新闻订阅](https://thisweekin4n6.wordpress.com/feed/) - [Dr.Web 病毒警报订阅](https://news.drweb.com/rss/get/?c=9) - [EclecticIQ 威胁情报](https://www-eclecticiq-com.sandbox.hs-sites.com/blog?type=intelligence-research#overview) - [Elastic 安全实验室博客](https://www.elastic.co/security-labs) - [Elastic 安全实验室博客订阅](https://www.elastic.co/security-labs/rss/feed.xml) - [EricaZelic 博客](https://ericazelic.medium.com/) - [Forcepoint 实验室博客](https://www.forcepoint.com/blog/x-labs) - [Genians 威胁情报订阅](https://www.genians.co.kr/blog/threat_intelligence/rss.xml) - [gi7w0rm 威胁情报订阅](https://medium.com/feed/@gi7w0rm) - [Google Project Zero 博客订阅](https://googleprojectzero.blogspot.com/feeds/posts/default?alt=rss) - [Google 威胁情报订阅](https://feeds.feedburner.com/threatintelligence/pvexyqv7v0v) - [Google 威胁情报](https://cloud.google.com/blog/topics/threat-intelligence) - [Google 威胁分析订阅](https://blog.google/threat-analysis-group/rss/) - [Group-IB 订阅](https://blog.group-ib.com/rss.xml) - [HackerNews 订阅](https://feeds.feedburner.com/TheHackersNews) - [HarfangLab 实验室订阅](https://harfanglab.io/insidethelab/feed/) - [Hexacorn 博客订阅](http://www.hexacorn.com/blog/feed/) - [Horizon3 订阅](https://www.horizon3.ai/feed/) - [hunt.io 博客](https://hunt.io/blog) - [Huntress 博客订阅](https://www.huntress.com/blog/rss.xml) - [IC3 CSA 订阅](https://www.ic3.gov/CSA/rss) - [Infostealers Hub 新闻订阅](https://www.infostealers.com/learn-info-stealers/feed/) - [信息窃取者报告订阅](https://www.infostealers.com/info-stealers-reports/feed/) - [Intrinsec 订阅](https://www.intrinsec.com/feed/) - [ISC SANS EDU 订阅](https://isc.sans.edu/rssfeed.xml) - [JPCERT 订阅](https://blogs.jpcert.or.jp/en/atom.xml) - [JPCERT](https://www.jpcert.or.jp/english/) - [KrebsOnSecurity 订阅](https://krebsonsecurity.com/feed/) - [Malwarebytes 博客订阅](https://www.malwarebytes.com/blog/feed/index.xml) - [MalwareTech 订阅](https://www.malwaretech.com/feed) - [Mauricio Velazco 博客](https://medium.com/@mvelazco) - [McAfee 实验室订阅](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/feed/) - [Michael Haag 博客](https://haggis-m.medium.com/) - [Microsoft 安全博客订阅](https://www.microsoft.com/en-us/security/blog/feed/) - [Microsoft 事件响应忍者中心](https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/welcome-to-the-microsoft-incident-response-ninja-hub/4243594) - [Microsoft 威胁情报订阅](https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/feed) - [Morphisec 威胁研究](https://blog.morphisec.com/topic/threat-research) - [NCC Group 研究订阅](https://research.nccgroup.com/feed/) - [NCCGroup 研究博客安全](https://www.nccgroup.com/us/research-blog/?resource=18345&category=18146#hub) - [NCSC 新闻订阅](https://feeds.english.ncsc.nl/news.rss) - [NIST CVEs](https://nvd.nist.gov/vuln/search/results?isCpeNameSearch=false&results_type=overview&form_type=Basic&search_type=all&startIndex=0) - [NIST 网络安全洞察订阅](https://www.nist.gov/blogs/cybersecurity-insights/rss.xml) - [攻击性研究 - DSAS by INJECT](https://blog.injectexp.dev/) - [Orange Cyberdefense 情报](https://www.orangecyberdefense.com/global/blog?tx_solr%5Bfilter%5D%5B0%5D=tags%3AIntelligence-led+Security) - [Outpost24 研究和威胁情报订阅](https://outpost24.com/blog/category/research-and-threat-intel/feed/) - [Proofpoint 威胁洞察](https://www.proofpoint.com/us/blog/threat-insight#) - [Qualys 威胁研究订阅](https://blog.qualys.com/vulnerabilities-threat-research/feed) - [Red Canary 订阅](https://www.redcanary.co/feed/) - [ReversingLabs 威胁研究](https://www.reversinglabs.com/blog/tag/threat-research) - [SANS 博客](https://www.sans.org/blog/) - [Security.com 威胁情报](https://www.security.com/threat-intelligence) - [Security Affairs APT 订阅](https://securityaffairs.com/category/apt/feed) - [SecurityWeek 订阅](https://www.securityweek.com/feed/) - [SecureList APT 定向攻击订阅](https://securelist.com/threat-category/apt-targeted-attacks/feed/) - [Sekoia 博客](https://blog.sekoia.io/) - [Sekoia 博客订阅](https://blog.sekoia.io/feed/) - [SentinelOne 实验室订阅](https://www.sentinelone.com/labs/feed/) - [Seqrite 技术博客](https://www.seqrite.com/blog/category/technical/) - [Simone Kraus 博客订阅](https://medium.com/feed/@simone.kraus) - [Sophos 威胁研究订阅](https://news.sophos.com/en-us/category/threat-research/feed/) - [SpecterOps 订阅](https://posts.specterops.io/feed) - [Splunk 研究博客](https://www.splunk.com/en_us/blog/author/secmrkt-research.html) - [Syber Security 新闻订阅](https://cybersecuritynews.com/feed/) - [Talos 订阅](https://feeds.feedburner.com/feedburner/Talos) - [Tenable 博客](https://medium.com/tenable-techblog) - [The HackerNews 订阅](https://feeds.feedburner.com/TheHackersNews) - [TheDFIRReport 订阅](https://thedfirreport.com/feed/) - [Threat Connect 博客订阅]( ### 📺 Youtube/Twitch 频道

- [DFIR - 13cubed 视频](https://www.youtube.com/@13Cubed/videos) - [DFIR - SANS 视频](https://www.youtube.com/@SANSForensics/videos) - [DFIR - MyDFIR](https://youtube.com/@mydfir) - [DFIR - DFIRScience](https://www.youtube.com/@DFIRScience/videos) - [恶意软件分析 - jstrosch](https://www.youtube.com/@jstrosch/videos) - [恶意软件分析 - cyberraiju](https://www.youtube.com/@cyberraiju/videos) - [恶意软件分析 - Botconf](https://www.youtube.com/@BotConfTV) - [DFIR - AntisyphonTraining](https://www.youtube.com/@AntisyphonTraining) - [DFIR - BlackPerl](https://youtube.com/watch?v=KzD0MmEYAzQ&list=PLjWEV7pmvSa6f-NTpXsaUYWZLjLAB_0TS) - [恶意软件分析 - malwareanalysisforhedgehogs](https://youtube.com/@malwareanalysisforhedgehogs?si=rHy80uPhjtyPtX0K) - [DFIR - BlueMonkey4n6](https://www.youtube.com/@BlueMonkey4n6/playlists) - [DFIR - binaryzone](https://www.youtube.com/@binaryz0ne/playlists) - [检测工程 - Splunk - atomicsonafriday](https://www.youtube.com/@atomicsonafriday/streams) - [漏洞利用 - HackerSploit](https://www.youtube.com/@HackerSploit/playlists) - [DFIR - TheTaggartInstitute](https://www.youtube.com/@TheTaggartInstitute/videos) - [恶意软件分析 - JohnHammond](https://www.youtube.com/@_JohnHammond) - [恶意软件分析 - invokereversing](https://youtube.com/@invokereversing) - [漏洞利用 - Defcon 演讲](https://www.youtube.com/user/DEFCONConference/videos) + https://media.defcon.org/ - [漏洞利用 - Alh4zr3d - twitch](https://www.twitch.tv/Alh4zr3d) - [漏洞利用 - Alh4zr3d - youtube](https://www.youtube.com/@alh4zr3d3/videos) - [漏洞利用 - incodenito](https://youtube.com/@incodenito?si=uV9UDhYFs_vQYayR) - [漏洞利用 - dayzerosec](https://www.youtube.com/@dayzerosec/videos) - [恶意软件分析 - MalwareTechBlog](https://www.youtube.com/@MalwareTechBlog) - [恶意软件分析 - radkawar](https://www.youtube.com/@radkawar) - [漏洞利用 - LiveOverflow](https://www.youtube.com/@LiveOverflow) - [恶意软件分析 - neoeno](https://youtube.com/@neoeno4242?si=_mVioHsmbvu17KNk) - [恶意软件分析 - AzakaSekai](https://www.youtube.com/@AzakaSekai) - [CTI - bushidotoken](https://youtube.com/@bushidotoken) - [CTI - @TLP_R3D](https://www.youtube.com/@TLP_R3D) - [Windows 内部 - @mrexodia](https://www.youtube.com/@mrexodia) - [!!! 漏洞利用 - ippsec](https://www.youtube.com/@ippsec) - [漏洞利用 - flangvik](https://youtube.com/@flangvik?si=vVShvHdg3QCLrHJf) - [会议频道 - scrtinsomnihack](https://www.youtube.com/@scrtinsomnihack/videos) - [会议频道 - OffensiveCon](https://www.youtube.com/@OffensiveCon/videos) - [会议频道 - BSidesSF](https://www.youtube.com/@BSidesSF/videos) - [会议频道 - BSidesTLV](https://www.youtube.com/@BSidesTLV/videos) - [会议频道 - bsidesbudapest](https://www.youtube.com/@bsidesbudapest/videos) - [会议频道 - SecuritybsidesOrgUk](https://www.youtube.com/@SecuritybsidesOrgUk/videos) - [会议频道 - bsidescanberra9688](https://www.youtube.com/@bsidescanberra9688/videos) - [会议频道 - brucontalks](https://www.youtube.com/@brucontalks/videos) - [会议频道 - DEFCONConference](https://www.youtube.com/@DEFCONConference/videos) - [会议频道 - Disobey](https://www.youtube.com/@Disobey/videos) - [会议频道 - hitbsecconf](https://www.youtube.com/@hitbsecconf/videos) - [会议频道 - SANSOffensiveOperations](https://www.youtube.com/@SANSOffensiveOperations/videos) - [会议频道 - BlackHillsInformationSecurity](https://www.youtube.com/@BlackHillsInformationSecurity/videos) - [会议频道 - RITSEC](https://www.youtube.com/@RITSEC/videos) - [会议频道 - Preludeorg](https://www.youtube.com/@Preludeorg/videos) - [会议频道 - BlackHatOfficialYT](https://www.youtube.com/@BlackHatOfficialYT/videos) - [会议频道 - TROOPERScon](https://www.youtube.com/@TROOPERScon/videos) - [会议网站 - infocon.org](https://infocon.org/cons/) - [会议网站 - sectube.tv](https://sectube.tv/) - [会议频道 - x33conf](https://www.youtube.com/@x33fcon/videos)

### 🎙️ 播客

- [darknetdiaries](https://darknetdiaries.com/) - [risky.biz](https://risky.biz/) - [DFIR 播客](https://digitalforensicsurvivalpodcast.libsyn.com/podcast) - [cloud.withgoogle.com](https://cloud.withgoogle.com/cloudsecurity/podcast/) - [Internet Storm Center SANS 播客](https://isc.sans.edu/podcast.html) - [7 分钟安全播客](https://7minsec.com/) - [hacking-humans](https://thecyberwire.com/podcasts/hacking-humans/) - [dayzerosec](https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt) - [CISO 系列](https://cisoseries.com/category/podcast/cyber-security-headlines/) - [Splunk Atomic on Friday](https://www.youtube.com/@atomicsonafriday/streams) - [NolimitSecu (法语)](https://www.nolimitsecu.fr/) - [HacknSpeak (法语)](https://open.spotify.com/show/2lwA1WLVqnYvnlc7WkV3yU) - [Radio CSIRT (法语)](https://www.radiocsirt.org) - [DEV 播客 (法语)](https://www.ifttd.io/liste-des-episodes) - [安全对话](https://securityconversations.com/) - [网络世界 (法语)](https://open.spotify.com/show/0uNuF41uZYwwik1AW6hOSM?si=iv8LKD8VQQSM8Tqf-F1X0w)

### 💬 Discord / Slack 频道

- [红队 - 🔥 Initial Access Guild 🔥 Discord](https://discord.com/channels/1118340483337424936) - [红队 - 🔥 Red-Team VX community 🔥 Discord](https://discord.com/channels/1012733841229746240) - [红队 - BloodHoundHQ Slack](bloodhoundhq.slack.com) - [红队 - evilsocket Discord](https://discord.com/channels/1100085665766572142) - [红队 - OffSec Discord](https://discord.com/channels/780824470113615893/) - [威胁狩猎 - Threat Hunter 社区 Discord](https://discord.com/channels/690293821866508430/) - [紫队 - Ipurpleteam Discord](https://discord.com/channels/1285691872928595968) - [蓝队检测工程 - Hunter's Den Discord](https://discord.com/channels/1104707391569797200) - [蓝队检测工程 - Sigma HQ Discord](https://discord.com/channels/1176230866515669072) - [蓝队威胁情报 - Malcore Discord](https://discord.com/channels/1087758991809060876/1165463214457368677)

### 📚 培训

#### DFIR - 13cubed - 调查 Windows 终端 [13cubed.com -windows endpoints](https://training.13cubed.com/investigating-windows-endpoints) - 13cubed - 调查 Windows 内存 [13cubed.com -windows memory](https://training.13cubed.com/investigating-windows-memory) - 13cubed - 调查 Linux 设备 [13cubed.com - linux](https://training.13cubed.com/investigating-linux-devices) - SANS：[FOR500](https://www.sans.org/cyber-security-courses/windows-forensic-analysis/) - SANS：[FOR508](https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/) - Defensive-security：[Linux-live-forensics](https://edu.defensive-security.com/linux-attack-live-forensics-at-scale) - @0gtweet - 取证课程：[Mastering Windows Forensics](https://grzegorz-tworek-s-school.teachable.com/) - @DebugPrivilege ：取证调试免费课程 [InsightEngineering](https://github.com/DebugPrivilege/InsightEngineering) - 挑战： - Arsenal Recon DFIR 磁盘镜像：[publicly-accessible-disk-images](https://arsenalrecon-dev.s3.amazonaws.com/blog/publicly-accessible-disk-images-&-mobile-extractions-grid-for-dfir---september-24-2024-update.pdf) - @inversecos - APT 模拟实验室：[xintra](https://www.xintra.org/labs) - @TheDFIRReport ：基于现有报告日志的实验室 [dfir-labs](https://the-dfir-report-store.myshopify.com/collections/dfir-labs) - @ACEresponder：包含详细解释和实验的课程 [aceresponder.com](https://www.aceresponder.com/challenges) - @binaryz0ne：DFIR 挑战及 [数据集](https://www.ashemery.com/dfir.html) + [Linux 取证研讨会](https://github.com/ashemery/LinuxForensics) #### SOC - tryhackme - [SOC lvl 1](https://tryhackme.com/path/outline/soclevel1) - tryHackme - [SOC lvl 2](https://tryhackme.com/path/outline/soclevel2) - letsdefend.io @chrissanders88 - [letsdefend.io](https://app.letsdefend.io/training) - 构建防御 [constructingdefense.com](https://course.constructingdefense.com/constructing-defense) - SANS：[SANS555](https://www.sans.org/cyber-security-courses/siem-with-tactical-analytics/) - Xintra：[攻击和防御 Azure M365](https://training.xintra.org/attacking-and-defending-azure-m365) - 挑战： - Splunk Boss Of The SOC - [BOTS](https://bots.splunk.com/) - BOTS [数据集 v1](https://github.com/splunk/botsv1) - BOTS [数据集 v2](https://github.com/splunk/botsv2) - BOTS [数据集 v3](https://github.com/splunk/botsv3) - @TheDFIRReport ：基于现有报告日志的实验室 [dfir-labs](https://the-dfir-report-store.myshopify.com/collections/dfir-labs) - @ACEresponder：包含详细解释和实验的课程 [aceresponder.com](https://www.aceresponder.com/challenges) - @inversecos - APT 模拟实验室：[xintra](https://www.xintra.org/labs) #### 进攻 - [OSCP - HTB](https://0xdf.gitlab.io/cheatsheets/offsec) - [OSCP - 课程 PEN200](https://www.offsec.com/courses/pen-200/) - [OSEP - 课程 PEN300](https://www.offsec.com/courses/pen-300/) #### 挑战 - [HackTheBox](https://www.hackthebox.com) - [Pentestlab](https://pentesterlab.com) - [Root-Me](https://www.root-me.org) - [TryHackMe](https://tryhackme.com) - [Zenk-Security](https://www.zenk-security.com/challenges) #### 逆向工程 / 恶意软件分析 / 深入研究 - [OpenSecurityTraining2](https://p.ost2.fyi/)

### 📚 书籍

#### DFIR - [Practical Forensic Imaging](https://www.amazon.com/Practical-Forensic-Imaging-Securing-Evidence/dp/1593277938) - [Practical-Linux-Forensics-Digital-Investigators](https://www.amazon.com/Practical-Linux-Forensics-Digital-Investigators-ebook/dp/B096Z4CRC8) - [TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts - 免费](https://leanpub.com/TheHitchhikersGuidetoDFIRExperiencesFromBeginnersandExperts) - [取证工件 - Microsoft 指南 - 免费](https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/IR-Guidebook-Final.pdf) - [Eric Zimmerman 手动工具 - 免费](https://leanpub.com/eztoolsmanuals) - [The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory](https://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098) - [Applied Incident Response](https://www.amazon.com/Applied-Incident-Response-Steve-Anson/dp/1119560268) - [SANS FOR500 / FOR508 书籍](https://www.sans.org/cyber-security-courses/advanced-incident-response-threat-hunting-training/) - [Blue Team Handbook: Incident Response Edition](https://www.amazon.com/Blue-Team-Handbook-condensed-Responder/dp/1500734756) - [Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software](https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901) - [Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset](https://www.amazon.com/Placing-Suspect-Behind-Keyboard-Investigative/dp/B0CZPJF23Q) - [Crafting the InfoSec Playbook: Security Monitoring and Incident](https://www.amazon.com/Crafting-InfoSec-Playbook-Security-Monitoring/dp/1491949406) - [Investigating Windows Systems](https://www.amazon.com/Investigating-Windows-Systems-Harlan-Carvey/dp/0128114150) #### 恶意软件分析 - [Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software](https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901) - [The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory](https://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098) - [Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats](https://www.amazon.fr/Evasive-Malware-Understanding-Deceptive-Self-Defending/dp/1718503261) #### SOC - [Blue Team Handbook: SOC, SIEM, and Threat Hunting](https://www.amazon.com/Blue-Team-Handbook-Condensed-Operations/dp/1091493898) - [BTFM: Blue Team Field Manual](https://www.amazon.fr/Blue-Team-Field-Manual-BTFM/dp/154101636X) - [PTFM: Purple Team Field Manual](https://www.amazon.com/PTFM-Purple-Team-Field-Manual/dp/B08LJV1QCD) + [PTFM: Purple Team Field Manual v2](https://www.amazon.com/PTFM-2nd-Purple-Field-Manual/dp/1736526790) - [EDR - Introduction to endpoint security](https://www.amazon.com/Endpoint-Detection-Response-Essentials-deployment/dp/1835463266) - [MITRE - 11 Strategies of a World-Class Cybersecurity Operations Center](https://www.amazon.com/Strategies-World-Class-Cybersecurity-Operations-Center-ebook/dp/B09ZDWRFMW) - [运行 SOC 的宏观图景 - Modern SOC](https://www.amazon.com/Modern-Security-Operations-Center-ebook/dp/B08BW8Y9Q4) - [Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software](https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901) - [SANS 555 book](https://www.sans.org/cyber-security-courses/siem-with-tactical-analytics/) #### 深入研究 - [Windows Internals Books](https://learn.microsoft.com/en-us/sysinternals/resources/windows-internals) - [How Linux Works](https://www.amazon.com/How-Linux-Works-Brian-Ward-ebook/dp/B07X7S1JMB) - [Linux Device Drivers](https://lwn.net/Kernel/LDD3/) - [ The Linux Virtual Memory Manager](https://www.kernel.org/doc/gorman/pdf/understand.pdf) - [Linux insides](https://github.com/0xAX/linux-insides/blob/master/SUMMARY.md) - [Linux Ebpf](https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121) - [Windows Security Internals](https://www.oreilly.com/library/view/windows-security-internals/9781098168834) #### 漏洞利用 - [Hacking Art Exploitation](https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson-ebook/dp/B004OEJN3I) - [Hacker Playbook Practical Penetration Testing](https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2) - [RTFM: Red Team Field Manual](https://www.amazon.com/RTFM-Red-Team-Field-Manual-ebook/dp/B0B7H8X3XY) - [Red Team Development and Operations: A practical guide](https://www.amazon.com/Red-Team-Development-Operations-practical-ebook/dp/B0842BMMCC) - [RTRM: Red Team Reference Manual](https://www.amazon.com/RTRM-Red-Team-Reference-Manual/dp/B08N37KDPQ) - [POC||GTFO](https://nostarch.com/search/gtfo) #### AI - [Hands Machine Learning](https://www.amazon.fr/Hands-Machine-Learning-Scikit-learn-Tensorflow/dp/1492032646)

### 📚 知识站点

- [DFIR - NTFS 深入研究 - ntfs.com](https://www.ntfs.com/index.html) - [DFIR - aboutdfir](https://aboutdfir.com/) - [DFIR - 取证工件 - Microsoft GuideBook](https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/IR-Guidebook-Final.pdf) - [恶意软件分析 - unprotect.it - 规避技术](https://unprotect.it/) - [漏洞利用 - hacktricks](https://book.hacktricks.xyz/) - [漏洞利用 - PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings) - [漏洞利用 - red-team-note](https://dmcxblue.gitbook.io/red-team-notes-2-0/files/red-team-guide) - [漏洞利用 - Red Team Notes](https://www.ired.team/) - [DFIR - JPCERT 工具分析](https://jpcertcc.github.io/ToolAnalysisResultSheet/) - [漏洞利用 - Red Team TTP](https://rosesecurity.gitbook.io/red-teaming-ttps) - [Linux - EBPF 文档](https://docs.ebpf.io/) - [DFIR - Microsoft NinjaHub](https://aka.ms/MicrosoftIRNinjaHub) - [DEV - Windows PInvoke 签名](https://pinvoke.net/) - [隐私 - VPN 隐私指南](https://docs.google.com/spreadsheets/d/1L72gHJ5bTq0Djljz0P-NCAaURrXwsR1MsLpVmAt3bwg) - [检测 - GCP 攻击 - 防御](https://github.com/anrbn/GCP-Attack-Defense) - [检测 - Azure 攻击防御](https://github.com/Cloud-Architekt/AzureAD-Attack-Defense) - [检测 - Unprotect 项目](https://unprotect.it/snippets/) - [漏洞利用 - Hacker recipes](https://www.thehacker.recipes/) - [日志 - 事件 ID 及其他 - eventlog-compendium](https://eventlog-compendium.streamlit.app/) - [日志 - 事件 ID - ultimatewindowssecurity](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx) - [日志 - 事件 ID 和策略 - microsoft](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/advanced-security-audit-policy-settings) - [日志 - 事件 ID 登录类型 - microsoft](https://learn.microsoft.com/en-us/windows-server/identity/securing-privileged-access/reference-tools-logon-types) - [日志 - Azure SigninLogs 架构](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/signinlogs) - [日志 - Azure SigninLogs 风险检测](https://learn.microsoft.com/en-us/graph/api/resources/riskdetection?view=graph-rest-1.0) - [日志 - AADSTS 错误代码](https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes) - [日志 - Microsoft 错误搜索](https://login.microsoftonline.com/error) - [日志 - Microsoft Entra 身份验证和授权错误代码](https://learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes) - [日志 - Microsoft Defender 事件 ID](https://learn.microsoft.com/en-us/defender-endpoint/troubleshoot-microsoft-defender-antivirus) - [日志 - Microsoft Defender for Cloud 警报参考](https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference) - [日志 - Microsoft Defender for Identity 警报参考](https://learn.microsoft.com/en-us/defender-for-identity/alerts-overview) - [日志 - Microsoft Defender XDR 架构](https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-schema-tables) - [日志 - Microsoft DNS 调试事件 ID](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn800669(v=ws.11)#dns-logging-and-diagnostics-1) - [日志 - Sysmon 事件 ID](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon#events) - [更多速查表](https://github.com/r1cksec/cheatsheets) - [漏洞利用 - TLS 详情](https://tls12.xargs.org/) - [SOC - 电子邮件头 IANA](https://www.iana.org/assignments/message-headers/message-headers.xhtml) - [SOC - DKIM, DMARC, SPF](https://github.com/nicanorflavier/spf-dkim-dmarc-simplified) - [SOC - Kerberos 协议详解](https://en.hackndo.com/kerberos/) - [SOC - ADSecurity AD 攻击](https://adsecurity.org/?page_id=4031) - [SOC - 票据传递详解](https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1550-use-alternate-authentication-material/pass-the-ticket) - [SOC - Kerberoasting 详解](https://en.hackndo.com/kerberoasting/) - [SOC - Kerberos 无约束委派详解](https://en.hackndo.com/constrained-unconstrained-delegation/) - [SOC - AS_REP Roasting 详解](https://en.hackndo.com/kerberos-asrep-roasting/) - [SOC - 黄金票据详解](https://en.hackndo.com/kerberos-silver-golden-tickets/) - [SOC - 白银票据详解](https://en.hackndo.com/kerberos-silver-golden-tickets/) - [SOC - 万能钥匙详解](https://adsecurity.org/?p=1255) - [SOC - NTLM 中继详解](https://en.hackndo.com/ntlm-relay/) - [SOC - LLMNR 中毒详解](https://medium.com/@rymak/llmnr-poisoning-an-attack-on-the-active-directory-of-an-organization-9907bf0498ff) - [SOC - DCSync 详解](https://adsecurity.org/?p=1729) - [SOC - DCShadow 攻击详解](https://www.dcshadow.com/) - [SOC - LetsDefend 面试题](https://github.com/LetsDefend/SOC-Interview-Questions) - [SOC - 解释 Shell 命令参数](https://explainshell.com/)

### 🧪 实验室

- [实验室自动化 - ludus](https://gitlab.com/badsectorlabs/ludus) - [实验室环境 - Windows - GOAD](https://github.com/Orange-Cyberdefense/GOAD) - [实验室自动化 - warhorse](https://github.com/warhorse/warhorse) - [实验室自动化 - Azure - BadZure](https://github.com/mvelazc0/BadZure) - [实验室自动化 - Azure - AzureGoat](https://github.com/ine-labs/AzureGoat) - [操作系统 - 恶意软件分析 - flare-vm](https://github.com/mandiant/flare-vm) - [沙箱 - cuckoo](https://github.com/cuckoosandbox/cuckoo) - [沙箱 - CAPEv2](https://github.com/kevoreilly/CAPEv2) - [沙箱 - Malice (本地托管的 Virustotal 克隆)](https://github.com/maliceio/malice) - [检测平台 - wazuh](https://github.com/wazuh/wazuh) - [检测平台 - Security Onion](https://github.com/Security-Onion-Solutions/securityonion) - [检测平台 - Splunk](https://www.splunk.com/en_us/download.html) - [检测平台 - Elastic](https://www.elastic.co/downloads/elasticsearch) - [部署 - ansible](https://github.com/ansible/ansible) - [SOC - 用例工厂自动化 - DetectIQ](https://github.com/AttackIQ/DetectIQ) - [网络日志 - StratosphereLinuxIPS](https://github.com/stratosphereips/StratosphereLinuxIPS) - [网络日志 - flare-fakenet-ng](https://github.com/mandiant/flare-fakenet-ng) - [网络日志 - maltrail](https://github.com/stamparm/maltrail) - [紫队 - openbas](https://github.com/OpenBAS-Platform/openbas) - [蜜罐 - LLM 蜜罐 galah](https://github.com/0x4D31/galah) - [蜜罐 - canary](https://github.com/thinkst/opencanary) - [蜜罐 - opencanary](https://github.com/thinkst/opencanary) - [蜜罐 - Respotter (Responder 蜜罐)](https://github.com/lawndoc/Respotter) - [蜜罐 - Certiception (ADCS 蜜罐)](https://github.com/srlabs/Certiception) - [蜜罐 - cowrie](https://github.com/cowrie/cowrie) - [恶意软件开发 - 防御规避 - avred](https://github.com/dobin/avred) - [恶意软件开发 - 防御规避 - gocheck](https://github.com/gatariee/gocheck) - [侦察 - HEDnsExtractor](https://github.com/HuntDownProject/HEDnsExtractor) - [检测代理 - Sandfly Linux 代理](https://github.com/sandflysecurity/sandfly-setup) - [日志转发器 - openwec (Windows 事件转发器)](https://github.com/cea-sec/openwec) - [威胁狩猎平台 - deephunter](https://github.com/sebastiendamaye/deephunter) - [Windows 日志 - JonMon](https://github.com/jsecurity101/JonMon) - [Windows 日志 - Sysmon](https://learn.microsoft.com/pt-br/sysinternals/downloads/sysmon) - [Linux 日志 - ossec](https://github.com/ossec/ossec-hids) - [Linux 日志 - ecapture (SSL/TLS)](https://github.com/gojue/ecapture) - [Linux 日志 - tracee](https://github.com/aquasecurity/tracee) - [Linux 日志 - auditd](https://packages.debian.org/sid/auditd) - [Linux 日志 - SysmonForLinux](https://github.com/microsoft/SysmonForLinux) - [Linux 日志 - kunai](https://github.com/kunai-project/kunai) - [CTI - OpenCTI](https://github.com/OpenCTI-Platform/opencti) - [CTI - MISP](https://github.com/MISP/MISP) - [代码分析](https://github.com/semgrep/semgrep) - [IR 平台 - iris-web](https://github.com/dfir-iris/iris-web) - [IR 平台 - rAIdline](https://github.com/certsocietegenerale/rAIdline) - [IR 平台 - FIR](https://github.com/certsocietegenerale/FIR) - [挑战 - DFIR LABS](https://github.com/Azr43lKn1ght/DFIR-LABS) - [日志样本 - Splunk Attack range](https://github.com/splunk/attack_range) - [IT - 远程连接管理器 - xpipe](https://github.com/xpipe-io/xpipe) - [终端安全 - Windows 加固 - Harden-Windows-Security](https://github.com/HotCakeX/Harden-Windows-Security) - [终端安全 - Linux 加固 - lynis](https://github.com/CISOfy/lynis) - [终端安全 - Linux - apparmor](https://ubuntu.com/server/docs/apparmor)

### 📦 其他

- [Crontab 检查](https://crontab.guru/every-2-minutes) - [markmap.js.org (Markdown 转思维导图)](https://markmap.js.org/repl) - [子网计算器](https://mxtoolbox.com/subnetcalculator.aspx) - [chmod 计算器](https://chmod-calculator.com/) - [Epoch 时间转换器](https://www.epochconverter.com/) - [CyberChef](https://cyberchef.org/) - [用于 TI 检查的 Chrome 插件](https://chromewebstore.google.com/detail/osintlytics/kfpbbegdghffnakhgcbonaglepgoedmm) - [短信验证](textverified.com) - [临时邮件](https://temp-mail.org) - [10 分钟邮件](https://10minutemail.com/)

### 内容创作

- [攻击动画创建器 - aceresponder](https://aceresponder.com/attackanimator)

### 🏷️ 书签 - ⭐ 包含我所有列表的书签，可导入您的浏览器（自动更新）[更新书签](https://github.com/mthcht/awesome-lists/blob/main/_utils/bookmarks.html)

标签：Awesome List, C2 检测, DLL 劫持, DNS 反向解析, DNS 监控, IP 地址批量处理, PE 加载器, Psexec, RFI远程文件包含, Threat Hunting, Windows 安全, YARA, 云资产可视化, 关键词, 内核模块, 可疑域名, 命名管道, 大语言模型, 威胁情报, 子域名变形, 安全资源, 安全运营中心, 库, 应急响应, 开发者工具, 数字取证, 检测列表, 检测规则, 白名单, 网络信息收集, 网络映射, 网络资产发现, 自动化脚本, 逆向工具, 钓鱼检测, 黑名单