atomic-red-team
Notes
atomic-red-team | Notes | |
---|---|---|
32 | 12 | |
9,079 | 1,439 | |
1.6% | - | |
9.7 | 2.3 | |
3 days ago | 3 months ago | |
C | ||
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
atomic-red-team
-
Which Antivirus do you recommend and why?
You can write your own or look at testing tools like Cytest to ensure that your business goals are met and to ensure your sensors are configured correctly, and ART for attack chains.
-
Exfiltration Detections
I had heard that Falcon Overwatch has a detection for Exfiltration for C2, but I was not able to trigger it using my personal Kali Machine to host a C2 server with https://github.com/cedowens/SimpleC2_Server and then used Atomic Red Team: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1041/T1041.md
- EDR Attack Simulation
-
Red Team Methodology
Yup what the above said, you can use atomic red https://github.com/redcanaryco/atomic-red-team
-
“Malicious” powershell commands for demo
Atomic red team have tests that should trigger it, it also has a clear description of what it does and how to clean up afterwards. https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md suggest that you try obfuscation or cradle.
-
Initial acess simulation tests
Dated but still full of goodness. https://github.com/redcanaryco/atomic-red-team/tree/e88a1ea463964839e267dba74ec1cf7bf634ccbf/ARTifacts/Initial_Access
-
What are some good showcases of Collection-tactics of the MITRE ATT&CK matrix?
Are you familiar with Atomic Red Team? Many quick & practical sample tests you can often run without much effort or prep work. All tests map to Techniques - a quick way to search through them all at the Tactic level is by searching within the CSV index of all their current tests here (I counted ~50 Collection-related tests just now): https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/Indexes/Indexes-CSV/index.csv
-
Testing an XDR solution
Check out Atomic Red Team’s Redcanary.
- Blue Teamers: What makes a good detection use case?
- Custom IOAs: What's The Best Resource/Documentation For This On CS Falcon
Notes
-
SWE vs. Cybersecurity
https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md i think this is a good general list of topics - there are many subfields within it but for appsec or product security dm me i got tons of links. The other fields idk but they are always a lot of people hired for Cloud Infra/IAM/PKI type roles
-
Finally made it(Google) - now people will know what my job is
Basically this https://www.youtube.com/watch?v=GM9yGj5tdHc but way longer and with a slightly more complex coding question similar to something you would need to solve irl. This guide is a little more detailed for intern but accurate for what to expect for full time interviews https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md
-
Landing a job in California, moving from Italy
I suppose it depends on the role as some might be more code oriented than other roles. Check this out by Nolan, interview notes on Google Security Engineering. It could have something valuable for you.
- Security Engineer interview - google
-
Technical Interview pointers
Ps: some technical questions to test if you are ready or not - github
- Advice on new career path (Cyber security professionals' opinion would be welcome) and a Cyber security training package being offered to me
- Security Engineer Interview Prep for FAANG?
-
If you could name 5 tools/software worth learning for a cybersecurity analyst to become more employable, what would they be?
For government: Python, Splunk, Nessus, McAfee, know your current events in the cyber landscape.For modern world: https://github.com/gracenolan/Notes/blob/master/interview-study-notes-for-security-engineering.md
- PSA you don't need to do leetcode to work at FAANG. if you learn specialized skills specialized swe roles still pay the same but without requiring leetcode(i.e. security, sre, some OS teams)
- Security Engineering at Google: Interview Study Notes
What are some alternatives?
detection-rules - Rules for Elastic Security's detection engine
APTSimulator - A toolset to make a system look as if it was the victim of an APT attack
sigma - Main Sigma Rule Repository
DumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
sysmon-modular - A repository of sysmon configuration modules
Incident-Playbook - GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.
Certified-Kubernetes-Security-Specialist - Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
security_content - Splunk Security Content
nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.