セキュリティ関連メモで集めたまとめ集や参考になりそうなものを集めたリンク集です。

#Cheat Sheets

The Ultimate List of SANS Cheat Sheets

https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/

 

Web-Attack-Cheat-Sheet

https://github.com/riramar/Web-Attack-Cheat-Sheet

 

Windows Red Team Cheat Sheet

https://morph3sec.com/Cheat-Sheets/Windows-Red-Team-Cheat-Sheet/

 

SQL injection cheat sheet

https://portswigger.net/web-security/sql-injection/cheat-sheet

 

XML External Entity (XXE) Injection Payload List

https://www.kitploit.com/2019/11/xml-external-entity-xxe-injection.html

 

Mobile Application Penetration Testing Cheat Sheet

https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

 

WMI 101 for Pentesters

https://www.ethicalhacker.net/features/root/wmi-101-for-pentesters/

 

SQL Injection Payload List

https://www.kitploit.com/2019/11/sql-injection-payload-list.html

 

Incident Response- Linux Cheatsheet

https://www.hackingarticles.in/incident-response-linux-cheatsheet/

#OSINT

普段の調査で利用するOSINTまとめ

https://qiita.com/00001B1A/items/4d8ceb53993d3217307e

 

Updated OSINT Flowcharts

https://inteltechniques.com/blog/2018/03/06/updated-osint-flowcharts/

#情報収集／勉強

セキュリティエンジニアになり、そこから2年間分の勉強内容と参考になった資料とか

https://brutalgoblin.hatenablog.jp/entry/2020/02/15/153805

 

私のセキュリティ情報収集法を整理してみた（2020年版）

https://foxsecurity.hatenablog.com/entry/2020/01/01/090000

 

Top 5 Steps to Immerse yourself into the cybersecurity field

https://www.sans.org/blog/top-5-steps-to-immerse-yourself-into-the-cybersecurity-field/

#WriteUp関連

SECCON Beginners CTF 2020 Writeup

https://qiita.com/nicklegr/items/3a4134d1a8d79300f8b2#%E4%BD%9C%E5%95%8F%E8%80%85%E9%81%8B%E5%96%B6%E3%81%AE%E6%96%B9%E3%81%AEwriteup

 

ContrailCTF 2019のwriteup

https://szarny.hatenablog.com/entry/2020/01/04/ContrailCTF_2019%E3%81%AEwriteup

 

TMCIT and 大和セキュリティ MAIR忍者チャレンジ writeup

https://ox0xo.github.io/ctf/tmcityamasec

 

KOSENセキュリティコンテスト2019 Writeup

https://medium.com/@konnyaku256/kosen%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%B3%E3%83%B3%E3%83%86%E3%82%B9%E3%83%882019-writeup-cf408db840fc

 

【Hack the Box write-up】Remote

https://sanposhiho.com/posts/2020-09-06-qiita-fbb2689111821d99de85/

 

CTF Writeup SECCON 2020

https://raintrees.net/projects/a-painter-and-a-black-cat/wiki/CTF_Writeup_SECCON_2020

 

InterKosenCTF 2020 作問writeup

https://furutsuki.hatenablog.com/entry/2020/09/07/101417

 

ctf] Open xINT CTF 2020 の write-up

https://st98.github.io/diary/posts/2020-11-01-open-xint-ctf-2020.html

#未分類

PayloadsAllTheThings

https://github.com/swisskyrepo/PayloadsAllTheThings

 

Awesome-Hacking

https://github.com/Hack-with-Github/Awesome-Hacking/blob/master/README.md

 

100 HACKING TOOLS AND RESOURCES

https://www.hackerone.com/blog/100-hacking-tools-and-resources

 

RE&CT

https://atc-project.github.io/atc-react/

 

Why "Cyber Threat Intelligence-Informed Services" Should Be Part of Your Cyber Security Strategy

http://correlatedsecurity.com/why-cyber-threat-intelligence-informed-security-operations-is-important/

 

Ten process injection techniques: A technical survey of common and trending process injection techniques

https://www.elastic.co/jp/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process

 

Top 16 Active Directory Vulnerabilities

https://www.infosecmatter.com/top-16-active-directory-vulnerabilities/

 

Android Application Penetration Testing / Bug Bounty Checklist

https://blog.softwaroid.com/2020/05/02/android-application-penetration-testing-bug-bounty-checklist/

 

The Ultimate PCAP

https://weberblog.net/the-ultimate-pcap/

 

Trust Me, I'm Certified

https://www.giac.org/podcasts

 

SecurityWeek

https://securityweekly.com/category-webcasts/on-demand/

 

自社だけでできる、コスパ最強の「サイバー演習」実施レシピ＆鉄則

https://www.atmarkit.co.jp/ait/articles/2003/10/news043.html#utm_term=share_sp

 

Shodan Pentesting Guide

https://community.turgensec.com/shodan-pentesting-guide/

 

PagerDuty Incident Response

https://response.pagerduty.com/

 

脆弱性診断士スキルマッププロジェクト

https://wiki.owasp.org/index.php/Pentester_Skillmap_Project_JP

 

APT グループを調べるときに便利なサイトまとめ

https://soji256.hatenablog.jp/entry/2019/10/30/202718

 

俺たちはマルチステークホルダー間のセキュリティインシデントから何を学ぶのか

https://speakerdeck.com/ken5scal/an-tatihamarutisutekuhorudajian-falsesekiyuriteiinsidentokarahe-woxue-bufalseka?slide=3

 

The Hacker's Hardware Toolkit

https://github.com/yadox666/The-Hackers-Hardware-Toolkit

haveibeenemotet.com

https://www.haveibeenemotet.com/

 

WELCOME TO EXPLOIT.EDUCATION

https://exploit.education/

 

すぐ貢献でききる！偽サイトの探索から通報まで

https://qiita.com/v_avenger/items/2eeef2d69c85eb1570e8

ランサムウェアによる攻撃が持つ多面性

https://medium.com/@Neutral8x9eR/%E3%83%A9%E3%83%B3%E3%82%B5%E3%83%A0%E3%82%A6%E3%82%A7%E3%82%A2%E3%81%AB%E3%82%88%E3%82%8B%E6%94%BB%E6%92%83%E3%81%8C%E6%8C%81%E3%81%A4%E5%A4%9A%E9%9D%A2%E6%80%A7-7f3e73f2c028

 

難読化されたラテラル・ムーブメント・ツールを動的解析するためのWindowsドメイン環境の構築

https://www.fireeye.com/blog/jp-threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html

 

2020 CWE Top 25 Most Dangerous Software Weaknesses

https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html

 

CIBOKメモ

https://at-virtual.net/legal/cibok%e3%83%a1%e3%83%a2/

 

Malware Trends Tracker

https://any.run/malware-trends/

 

プラットフォームセキュリティin Windows ブートタイム保護　概要編

https://www.slideshare.net/yurikamuraki5/in-windows

 

2020年上半期に公開されたセキュリティ関連文書まとめ

https://security.nekotricolor.com/entry/highly-public-documents-about-security-published-in-first-half-of-2020

 

AllThingsSSRF

https://github.com/jdonsec/AllThingsSSRF

 

AVTokyo 2020 Phishing Kit Analysis Workshop

https://speakerdeck.com/ninoseki/avtokyo-2020-phishing-kit-analysis-workshop?slide=39

 

日本を取り巻くばらまき型攻撃メールのまとめ(2020/7/17-2020/11/6)

https://kataware.hatenablog.jp/entry/2020/11/08/174658