Link List

Newspages

• https://www.heise.de/newsticker/
• https://thehackernews.com/
• https://news.ycombinator.com/
• https://www.bleepingcomputer.com/
• https://allinfosecnews.com/

Blogs

• https://www.malwarebytes.com/blog
• https://www.reddit.com/r/cybersecurity/
• https://isc.sans.edu/
• https://www.cisa.gov/news-events/cybersecurity-advisories

Social Media

Twitter

• https://twitter.com/vxunderground
• https://twitter.com/TheHackersNews
• https://twitter.com/a_greenberg
• https://twitter.com/_JohnHammond
• https://twitter.com/Threatlabz

Mastodon

• https://infosec.exchange/explore

CVE Pages

• National Vulnerability Database
• Mitre CVE
• OpenCVE
• CVE Details
• CVE Report
• cvepremium circl
• CVE Twitter Trends
• CVE search for Ubuntu

Exploits

• https://inthewild.io/feed
• https://www.exploit-db.com/
• GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
• Living Off The Land Binaries, Scripts and Libraries

Sources for Analytics

• https://car.mitre.org/analytics
  • “The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK® adversary model. CAR defines a data model that is leveraged in its pseudocode representations but also includes implementations directly targeted at specific tools (e.g., Splunk, EQL) in its analytics. With respect to coverage, CAR is focused on providing a set of validated and well-explained analytics, in particular with regards to their operating theory and rationale.”
• The DFIR Report - Real Intrusions by Real Attackers, The Truth Behind the Intrusion
• Any.run: Malware Trends

Tools

• Cyberchef
• CISA: Free Cybersecurity Services and Tools
• shellshark: Infosec tools

OSINT

• exploit DB - Google Hacking Database (dork)

domain informatin

• urlscan.io
• Malware Bazaar: A resource for sharing malware samples.
• Feodo Tracker: A resource used to track botnet command and control (C2) infrastructure linked with Emotet, Dridex and TrickBot.
• SSL Blacklist: A resource for collecting and providing a blocklist for malicious SSL certificates and JA3/JA3s fingerprints.
• URL Haus: A resource for sharing malware distribution sites.
• Thread Fox
  • A resource for IOCs
• osint.link

Malware

• https://bazaar.abuse.ch/browse/

Media

Podcasts

• https://darknetdiaries.com/episode/
• https://isc.sans.edu/podcast.html

Videos

• https://www.youtube.com/@TheTWSChannel
• https://www.youtube.com/@_JohnHammond

Detection Engineering

• https://medium.com/starting-up-security/lessons-learned-in-detection-engineering-304aec709856
• https://blog.palantir.com/alerting-and-detection-strategy-framework-52dc33722df2
• https://summitroute.com/blog/2016/11/22/how_to_write_security_alerts/