Bibliography - CastleDefender

# Bibliography A curated collection of all the links, videos, and references mentioned in my posts—plus additional helpful resources for further reading, learning, and exploration. --- **Table of Contents** - [[#Benchmarks|Benchmarks]] - [[#Burp|Burp]] - [[#CTF Resources|CTF Resources]] - [[#DeepBlueCLI|DeepBlueCLI]] - [[#Empire|Empire]] - [[#Enumeration|Enumeration]] - [[#Flare VM|Flare VM]] - [[#Frameworks|Frameworks]] - [[#Impacket|Impacket]] - [[#Local File Inclusion|Local File Inclusion]] - [[#Payloads|Payloads]] - [[#Powershell|Powershell]] - [[#Privilege Escalation|Privilege Escalation]] - [[#Reverse Shell|Reverse Shell]] - [[#Reverse Shell#Socat|Socat]] - [[#WordLists|WordLists]] - [[#Wazuh|Wazuh]] - [[#Windows|Windows]] --- ## Benchmarks #Benchmarks #cloud #Entra #NIST #CIS - Microsoft Cloud Security Benchmark: https://github.com/MicrosoftDocs/SecurityBenchmarks/blob/master/Microsoft%20Cloud%20Security%20Benchmark/Microsoft_cloud_security_benchmark_v1.xlsx ## Burp #Burp - Portswigger Website: https://portswigger.net/ ## CTF Resources #CTF - Zebbern: https://github.com/zebbern/CTF-Resources - Cybersec Cheat Sheets in all Flavors!: https://www.reddit.com/r/cybersecurity/comments/iu17uu/cybersec_cheat_sheets_in_all_flavors_huge_list/ - Awesome CTF resources: https://github.com/devploit/awesome-ctf-resources ## DeepBlueCLI #DeepBlue - DeepBlueCLI GitHub: [https://github.com/sans-blue-team/DeepBlueCLI](https://github.com/sans-blue-team/DeepBlueCLI) ## Empire #Empire - Empire Docs: [https://bc-security.gitbook.io/empire-wiki/](https://bc-security.gitbook.io/empire-wiki/) - Github of Empire Implants: https://github.com/BC-SECURITY/Empire/tree/main/empire/server/stagers/windows ## Enumeration #OSINT - DNSDumpster.com DNS info, subdomains, mapping - Shodan.io Finding internet-exposed devices #GoogleDorking - Google Hacking : [https://en.wikipedia.org/wiki/Google_hacking](https://en.wikipedia.org/wiki/Google_hacking) - Wappalyzer Website: [https://www.wappalyzer.com](https://www.wappalyzer.com/](https://www.wappalyzer.com/) ## Flare VM #FlareVM - Flare VM by Mandiant on Github: https://github.com/mandiant/flare-vm ## Frameworks #frameworks #OWASP #NIST #MitreAttack - **CAF:** [https://www.ncsc.gov.uk/collection/cyber-assessment-framework/caf-objective-a-managing-security-risk](https://www.ncsc.gov.uk/collection/cyber-assessment-framework/caf-objective-a-managing-security-risk) _The UK's Cyber Assessment Framework (CAF) helps organizations assess and improve their cybersecurity posture across four key objectives._ - **COBIT:** [https://www.isaca.org/resources/cobit](https://www.isaca.org/resources/cobit) _COBIT (Control Objectives for Information and Related Technologies) is a framework for IT governance and management that aligns IT goals with business strategy._ - **ISO 27001:** [https://www.iso.org/standard/27001](https://www.iso.org/standard/27001) _ISO/IEC 27001 is an international standard for managing information security through a systematic risk-based approach._ - **Mitre ATT&CK:** [https://attack.mitre.org/](https://attack.mitre.org/) _MITRE ATT&CK is a knowledge base of real-world adversary tactics and techniques used to model cyber threats and improve detection and response._ - https://medium.com/@tentotheminus9/python-mitre-att-ck-part-0-15-e6b203b14ecd - Blog on linking threat intelligence with MITRE - **NIST CSF 2.0:** [https://www.nist.gov/cyberframework](https://www.nist.gov/cyberframework) _The NIST Cybersecurity Framework 2.0 provides a flexible, risk-based approach to managing cybersecurity through five core functions: Identify, Protect, Detect, Respond, and Recover._ - **OSSTM 3:** [owasp-wte/temp-projects/wte-docs/contents/usr/share/doc/WTE-Documentation/OSSTMM/OSSTMM.3.pdf at master · mtesauro/owasp-wte · GitHub](https://github.com/mtesauro/owasp-wte/blob/master/temp-projects/wte-docs/contents/usr/share/doc/WTE-Documentation/OSSTMM/OSSTMM.3.pdf) _The Open Source Security Testing Methodology Manual (OSSTMM) is a peer-reviewed methodology for performing thorough security assessments._ - **OWASP:** [https://owasp.org/](https://owasp.org/) _OWASP (Open Worldwide Application Security Project) is a nonprofit foundation focused on improving software security through community-driven projects and standards._ - **Unified Kill Chain:** [https://www.unifiedkillchain.com/](https://www.unifiedkillchain.com/) _The Unified Kill Chain integrates MITRE ATT&CK and the Cyber Kill Chain into a full-spectrum model of adversarial behavior from reconnaissance to impact._ ## Impacket #impacket - https://github.com/fortra/impacket **Impacket** is a powerful Python library and collection of tools used for network protocol manipulation. It's popular in **penetration testing**, **red teaming**, and **network forensics**, especially for **Windows network attacks**. ## Local File Inclusion #LFI - The Cyber Mentor, *Web Application Hacking - File Upload Attacks Explained*: https://www.youtube.com/watch?v=YAFVGQ-lBoM ## Payloads #payloads - Payloads All The Things: https://github.com/swisskyrepo/PayloadsAllTheThings *A massive collection of payloads (XSS, SSRF, command injection, reverse shells, etc.)* - Command Injection Payload List: https://github.com/payloadbox/command-injection-payload-list ## Powershell #Powershell - Microsoft Powershell Documentation: : https://learn.microsoft.com/en-us/powershell/ ## Privilege Escalation #Escalation - >https://gtfobins.github.io/ *The project collects legitimate [functions](https://gtfobins.github.io/functions/) of Unix binaries that can be abused to ~~get the f**k~~ break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.* ## Reverse Shell #ReverseShell - PentestMonkey Reverse Shell Cheat Sheet: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet *Classic one-stop shop for reverse shell syntax across languages.* ### Socat - socat static compiled binary: https://github.com/andrew-d/static-binaries/blob/master/binaries/linux/x86_64/socat?raw=true *A version of Socat that is compiled to not have any dependencies ## WordLists - Daniel Miessler, *TryHackMe WordList*: https://github.com/danielmiessler/SecLists - Kali LInux Word list directories: /usr/share/wordlists ## Wazuh #Wazuh - Taylor Walton, *"# Wazuh Indexer Install - Installing our SIEM Backend Storage"https://www.youtube.com/@taylorwalton_socfortress - Taylor Walton, *"# Part 1. Wazuh Indexer — SIEM Backend*": https://socfortress.medium.com/part-1-wazuh-indexer-siem-backend-9b5ab37a477c - MyDFIR, *"SOC Automation Project (Home Lab) | Part 2"*: https://www.youtube.com/watch?v=YxpUx0czgx4 - *"Wazuh Website - Indexer Installation Guide"*: https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html ## Windows #Windows - Bypass UAC techniques, *Atomic Red Team Repository,*: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1548.002/T1548.002.md - Event ID reference: [https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/) ---