logo  ONESTOPCYBERSHOP

  Cyber Defence (Blue Team)

Posters | Cheat Sheets | Publications | Media | Tooling | Training | Frameworks & Projects | Virtual Machines



    Posters

Know Normal; Hunt Evil
Download 
Know Abnormal; Find Evil
Download 
DFIR Command Line
Download 
SIFT & REMnux
Download 
Windows Forensics
Download 
Windows Third Party Apps
Download 
Memory Forensics
Download 
Network Forensics
Download 
Cloud Forensics
Download 
Log Lifecycle
Download 
Smartphone Forensics
Download 
Smartphone Forensics
Download 



    Cheat Sheets

    Scripting
Windows CLI
Download 
Windows & Linux CLI
Download 
Linux Commands
Download 
Linux CLI Fundamentals
Download 
Linux CLI
Download 
Linux Shell
Download 
Vim
Download 
Vi
Download 
Nano
Download 

    Cloud Platforms
AWS
Download 
GCP
Download 
Multi-Cloud CLI
Download 
Cloud Security DevOps
Download 

    PowerShell & WMIC
Download 
Download 
Download 
Download 
Download 

    Python
Download 
Download 

    Structures & Schemas
HEX & Regex
Download 
RegEx
Download 
sort & uniq
Download 
JSON & jq
Download 

    Query Languages
Log Parsing
Download 
SQLite
Download 
SQL
Download 
KQL
Download 
SPL (Splunk)
Download 
VT File Search Modifiers



    Cheat Sheets (Blue Team)

    Preperation
IR Lifecycle
Download 
Critical Log Review
Download 
DDoS Incident Response
Download 
Security Architecture
Download 
Writing Tips
Download 

    Intrusion Detection
Windows
Download 
Windows 2K
Download 
Linux
Download 
Evidence Collection
Download 

    DFIR & Threat Hunting
SIFT
Download 
REMnux
Download 
macOS Forensics
Download 
Memory Forensics
Download 
Volatility
Download 
plaso
Download 
Eric Zimmerman Tools
Download 
oledump
Download 
TZWorks
Download 
Windows Processes
Download 
Event Log Analysis
Download 
Awesome Event IDs
Sysmon
Download 


    Network Forensics
Lateral Movement Analysis
Download 
Common Ports
Download 
Web Proxy Event Analysis
Download 
TCP/IP & tcpdump
Download 
SMB Access from Linux
Download 

    Malware Analysis & Reverse Engineering
Malware Analysis
Download 
Malicious Documents
Download 
Reverse Engineering
Download 
Reverse Engineering
Download 
Anti-virus Event Analysis
Download 
IDA Pro
Download 

    Steganography



    Publications

    Books
Cybersecurity Blue
Team Toolkit

Blue Team
Field Manual

Incident Response
Computer Forensics

Malware Analysts
Cookbook

Practical Malware
Analysis

Malware Forensics
Field Guide

Hacking Exposed
Malware and Rootkits

File System
Forensic Analysis

The Art of Mac Malware


    Blogs
SANS ISC

The DFIR Report

Operation Decode

Cyber Triage

Red Canary

Didier Stevens

Lenny Zelster


    Guides & Tutorials
Using OODA Loop in IR

Ransomware Response

Home Network Design

Home Lab Advice

Learn Malware Analysis

Learn Reverse Engineering

DFIR Hierarchy of
Security Controls

Threat Hunting
Maturity Model

Threat Hunting with
Web Proxy Logs

Threat Hunting with
Sysmon

Threat Hunting with
ELK

Building a Malware
Analysis Toolkit

Create macOS
Disk Image

Linux Memory
Acquisition

Defining CobaltStrike
Components

CONTI/CobaltStrike
Lateral Movement

Decrypting Cobalt Strike
Traffic w/ Private Keys

Reversing a Binary
using GDB

How to Detect PtH Attacks

Decrypt TLS Streams

Install Cuckoo

Install SIFT & REMnux

11 Malware Analysis Tools

PMAT Labs Walkthroughs

Analysis of GoLang Malware

Atomic Red Team:
Hands-On

Blue Team-System
Live Analysis

Reverse Engineering
Wannacry

WMIC for
Incident Response

Build Your Own Sandbox
Download 

    Media

    Channels & Playlists
SANS Cyber Defense

13Cubed

OALabs

Didier Stevens: dist67

Colin Hardy

Chris Greer

    Cyber Defence (Blue Team)

Awesome IR

Awesome Awesomeness

SANS DFIR

Security Awareness Planning

TheHive

Velociraptor

DFIRTrack

DFIRlogbook


    Scripting
PowerShell Core

Brew

Blue Team PowerShell

regex101

crontab guru

CyberChef

DeepBlueCLI

jq

freq

Sooty

wtfis

EpochConverter



python-iocextract



python-stix

Python Tools
Download 

    Vulnerability Assessment
Nessus

BurpSuite

OpenVAS

interactsh

SkyArk



    Network Forensics
Splunk

Elastic

Nagios

Snort

Zeek

Suricata

SiLK

NetreseC

SIGMA

Sigma2SplunkAlert

BruteShark


    DFIR & Threat Hunting
Eric Zimmerman Tools

The Sleuth Kit

TZWorks

KAPE

GRR

LinuxCatScale

FTK Imager

Registry Viewer

Process Capture

Sysmon

PowerForensics

HELK

analyzeMFT

RegRipper

evtx_dump

WELA

ShimCacheParser

Seatbelt

plaso

Timesketch

APT-Hunter

ThreatHunting

Sentinel ATT&CK

AzureHunter



    Memory Analysis
Redline

Volatility

SuperMem

WinPmem

osxpmem

linpmem

AVML

LiME

MemProcFS




    Malware Analysis

File Signatures

SysInternals Suite

Nirsoft Suite

YARA

Malware Analysis Repo

DidierStevens Suite

Wireshark

INetSim

fakedns

PhishingKitTracker

pehash

ssdeep



    Identifiers & Hex Viewers
ExifTool

TrID

xxd

Bless

Neo

Hexinator



    Process & Document Analysis
Process Hacker

ProcDOT

API Monitor

Regshot

WMI Explorer

Viper

cscript

wscript

PE-bear

PE Tree

peframe

petools

rtfdump

PDF Parser

peepdf

oletools

XLMMacroDeobfuscator



    Disassemblers/Debuggers
IDA Pro

OllyDBG

x64dbg

WinDbg

pestudio

Ghidra

Immunity Debugger

Cutter

Binary Ninja

Hopper

Fiddler

Radare2

Scylla

Java Decompiler

Beautifier

js-beautify

SpiderMonkey

pcodedmp


    Sandboxes
Hybrid Analysis

Any.Run

Joe Sandbox

Malwr

Yomi

Malware Jail

filescan.io

Cuckoo

CAPE

DetuxNG




    Malware Repositories

    Please take extra precautions when analysing and playing with malware.

Malshare

MalwareBazaar

URLhaus Database

theZoo

vx-underground

DasMalwerk.eu

Mac Malware

PacketTotal

VirusSign

The-MALWARE-Repo

Malware Feed


    Steganography
Xiao Steganography

Steghide

S-Tools

Hide'N'Send

Camouflage

InvisibleSecrets




    Training

    Formal Training

Applied Network Defense

Cybrary

Basis Technology

CyberDefenders

Security Blue Team

SOC Core Skills

ACM Threat Hunting

DFIR Beginner to Expert

Sam's Class


    CTFs & Ranges
awesome-ctf

Flare-On

MalwareTrafficAnalysis

Blue Team Labs Online

Antisyphon Cyber Range

SOC Prime




    Frameworks & Projects

    Frameworks
ATT&CK Framework

NIST

CIS Benchmarks

NCSC EiaB

OSINT


    Projects & Datasets
No More Ransom

LOTS

OWASP

What2Log

CFReDS

iOS & macOS Images

ATT&CK Navigator

D3FEND

Engage

UNIT42 Playbook Viewer

Threat Hunting Playbook

MalAPI

DFIRMindMaps

Security Datasets

OSSEM

ThreatHunting Project

Playbooks

Playbooks

CobaltStrike Defence

CyberBattleSim

PCAP-ATTACK




    Virtual Machines

SIFT

REMnux

CSI Linux

Tsurugi

Paladin

CAINE

ADHD

SOF-ELK

Security Onion

RedHunt OS

FLARE






  With great power, comes great responsibility; this material has been collated to encourage learning and development, and not to be leveraged for unethical and/or illegal behaviour.
  By visiting any of these sites, you are doing so at your own risk.

  I would like to thank all of the authors, instructors, publishers, developers (and others) - both individuals and teams - for the content collated on this site. I must stress that none of the content referenced/linked on this site is my own.
  If you have any suggestions and/or content you feel is missing or would like included, please email me at oscybershop [at] gmail [dot] com