0% found this document useful (0 votes)

615 views4 pages

FOR509 - in Class Links

The document provides links to resources for investigating security incidents involving cloud services and platforms: Day 1 lists tools and resources for hunting threats in Azure Active Directory and investigating serverless attacks in cloud platforms. Day 2 focuses on incident response teams and resources for auditing and enabling logging in AWS. Day 3 covers comparing cloud services, capturing volatile memory, and dumping credentials from Azure AD Connect. Day 4 summarizes automation tools for digital forensics, techniques for privilege escalation in GCP, and security tools for Kubernetes environments.

Uploaded by

Jeel Vora

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

615 views4 pages

FOR509 - in Class Links

Uploaded by

Jeel Vora

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 4

Day 1 1

Day 2 2

Day 3 3

Day 4 4

Day 1
Adaz: Active Directory Hunting Lab in Azure
https://github.com/christophetd/Adaz

Turbinia: deploying, managing, and running distributed forensic workloads

https://github.com/google/turbinia

Azure SimuLand
https://www.microsoft.com/security/blog/2021/05/20/simuland-understand-adversary-
tradecraft-and-improve-detection-strategies/

LimaCharlie (Commercial Tool)

https://www.limacharlie.io/

Attacking Serverless Servers: Reverse-Engineering the AWS, Azure, and GCP Function
Runtime
https://youtu.be/DegAofI3fR0

Microsoft Security—detecting empires in the cloud (APT40)

https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/

Cloud post mortems

https://github.com/danluu/post-mortems

Google Workspace Data Retention and Lag Times

https://support.google.com/a/answer/7061566

Hawk: Powershell based tool for gathering information related to O365 intrusions
https://github.com/T0pCyber/hawk

Microsoft Graph Explorer

https://developer.microsoft.com/en-us/graph/graph-explorer

AlteredSecurity/365-Stealer
365-Stealer is a phishing tool written in python3 which abused App registration to grant
consent from victim which leads to Illicit Consent Grant Attack
https://github.com/AlteredSecurity/365-Stealer

Phishing playbooks:
https://www.dragonadvancetech.com/reports/O365-IR%20Playbook_v1.0.pdf
https://github.com/PwC-IR/Business-Email-Compromise-Guide
https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/publication/
T_MS365_eng_sivut200919HR.pdf

Microsoft Incident Response Playbooks

https://docs.microsoft.com/en-us/security/compass/incident-response-playbooks

PwC-IR/Office-365-Extractor
https://github.com/PwC-IR/Office-365-Extractor

Day 2
FIRST: Global Forum of Incident Response and Security Teams
https://www.first.org/

AWS Accounts as Security Boundaries

https://matthewdf10.medium.com/aws-accounts-as-security-boundaries-97-ways-data-can-
be-shared-across-accounts-b933ce9c837e

How to Enable Logging on every AWS Service

https://matthewdf10.medium.com/how-to-enable-logging-on-every-aws-service-in-existence-
circa-2021-5b9105b87c9

The AWS exploitation framework

https://github.com/RhinoSecurityLabs/pacu

ScoutSuite - Multi-Cloud Security Auditing Tool

https://github.com/nccgroup/ScoutSuite

Amazon Control Tower

https://aws.amazon.com/controltower/

AWS to Azure services comparison - Azure Architecture Center

https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services

GCP to Azure Services Comparison - Azure Architecture Center

https://docs.microsoft.com/en-us/azure/architecture/gcp-professional/services
AWS forensics package
https://libcloudforensics.readthedocs.io/en/latest/source/libcloudforensics.providers.aws.html

Learn AWS security with the flAWS challenge

http://flaws.cloud/

Event-Driven Response - AWS Security Incident Response Guide

https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/
event-driven-response.html

AWS Digital Forensics Automation at Goldman Sachs - AWS Online Tech Talks
https://www.youtube.com/watch?v=CR4_a-TO_gw

AVML - Acquire Volatile Memory for Linux

https://github.com/microsoft/avml

AWS Forensics: EC2 Volatile Memory Capture

https://www.linkedin.com/pulse/aws-forensics-ec2-volatile-memory-capture-stephen-
mcmaster/

AWS Security Incident Response Guide

https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/
using-hibernation-for-memory-capture.html

Day 3
Cloud services comparison table
https://comparecloud.in/

USB-over-TCP or USB-over-RDP
https://www.net-usb.com/usb-over-rdp/
https://www.net-usb.com/usb-over-tcp/

Microsoft RemoteFX USB Redirection

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-
microsoft-remotefx-usb-redirection-part-1/ba-p/247035

Dump Azure AD Connect credentials for Azure AD and Active Directory

https://github.com/fox-it/adconnectdump
Azure AD Connect for Red Teamers
https://blog.xpnsec.com/azuread-connect-for-redteam/

Day 4
Automation and Scaling of Digital Forensics Tools
https://github.com/google/turbinia
https://turbinia.readthedocs.io/en/latest/user/how-it-works.html

Gcploit from decon/blackhat talk

https://github.com/dxa4481/gcploit
https://www.youtube.com/watch?v=Ml09R38jpok

Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform
environments
https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-
cloud-platform/

SygniaLabs/security-cloud-scout
https://github.com/SygniaLabs/security-cloud-scout
Bloodhound for Azure & AWS

forsetisecurity.org
Tools to secure Google Cloud Platform
https://forsetisecurity.org/

BloodHoundAD/AzureHound
https://github.com/BloodHoundAD/AzureHound

GCP Packet Mirroring

https://cloud.google.com/vpc/docs/packet-mirroring

Docker Security - OWASP Cheat Sheet Series

https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

keikoproj/kube-forensics
https://github.com/keikoproj/kube-forensics

Kube-Query: A Simpler Way to Query Your Kubernetes Clusters

https://blog.aquasec.com/kube-query-osquery-kubernetes-clusters

Web Application Penetration Testing - Final Project
No ratings yet
Web Application Penetration Testing - Final Project
50 pages
Azure Automation New
No ratings yet
Azure Automation New
1,375 pages
001 PROD-DECK-AZ-305-Exam-Prep-Designing-Microsoft-Azure-Infrastructure-Solutions
No ratings yet
001 PROD-DECK-AZ-305-Exam-Prep-Designing-Microsoft-Azure-Infrastructure-Solutions
697 pages
SANS DFPS FOR509 v1.4 0924
No ratings yet
SANS DFPS FOR509 v1.4 0924
2 pages
2 - Kubernetes On Azure Pitch Deck
100% (1)
2 - Kubernetes On Azure Pitch Deck
103 pages
Az MCQ 1 PDF
No ratings yet
Az MCQ 1 PDF
78 pages
Mohammed Bin Rashid Al Maktoum - Wikipedia
No ratings yet
Mohammed Bin Rashid Al Maktoum - Wikipedia
37 pages
1Z0-997 - OCI Architect Professional Study Guide PDF
0% (1)
1Z0-997 - OCI Architect Professional Study Guide PDF
6 pages
AWS Serverless Microservices
No ratings yet
AWS Serverless Microservices
264 pages
Interview Questions Coding and Non-Coding
No ratings yet
Interview Questions Coding and Non-Coding
52 pages
No Provisioned Concurrency: Fast RDMA-codesigned Remote Fork For Serverless Computing
No ratings yet
No Provisioned Concurrency: Fast RDMA-codesigned Remote Fork For Serverless Computing
21 pages
GCP ACE Notes 1
No ratings yet
GCP ACE Notes 1
109 pages
Backdoors - Breaches Cloud Security Expansion
No ratings yet
Backdoors - Breaches Cloud Security Expansion
37 pages
FinOps Foundation - US Gov Playbook
No ratings yet
FinOps Foundation - US Gov Playbook
33 pages
Bespin Global Company Profile_AWS
No ratings yet
Bespin Global Company Profile_AWS
40 pages
TRAINING PROPOSAL
No ratings yet
TRAINING PROPOSAL
3 pages
Lotchi Dagbo
No ratings yet
Lotchi Dagbo
5 pages
ADFS Lab Questions
50% (2)
ADFS Lab Questions
2 pages
Mohamed Bin Zayed Al Nahyan - Wikipedia
No ratings yet
Mohamed Bin Zayed Al Nahyan - Wikipedia
26 pages
Nucamp Syllabus Python 2021
No ratings yet
Nucamp Syllabus Python 2021
18 pages
Practical Spring Cloud Function: Developing Cloud-Native Functions for Multi-Cloud and Hybrid-Cloud Environments 1st Edition Banu Parasuraman all chapter instant download
100% (4)
Practical Spring Cloud Function: Developing Cloud-Native Functions for Multi-Cloud and Hybrid-Cloud Environments 1st Edition Banu Parasuraman all chapter instant download
66 pages
AWS Services Supported With AWS Educate Starter Account: Service Notes
No ratings yet
AWS Services Supported With AWS Educate Starter Account: Service Notes
7 pages
00 - Welcome and Introduction: AWS Cloud Practitioner
No ratings yet
00 - Welcome and Introduction: AWS Cloud Practitioner
19 pages
ESI Azure Training Journey A
No ratings yet
ESI Azure Training Journey A
45 pages
Online Training Course Catalog
No ratings yet
Online Training Course Catalog
32 pages
Active Directory Lab
No ratings yet
Active Directory Lab
30 pages
IEEE2023 Cloud-Based Software Development Lifecycle A Simplified Algorithm For Cloud Service Provider Evaluation With Metric Analysis
No ratings yet
IEEE2023 Cloud-Based Software Development Lifecycle A Simplified Algorithm For Cloud Service Provider Evaluation With Metric Analysis
12 pages
AZ-900T00 Microsoft Azure Fundamentals-02
75% (4)
AZ-900T00 Microsoft Azure Fundamentals-02
43 pages
AZ 900 Official Course Study Guide v1.8.1
100% (1)
AZ 900 Official Course Study Guide v1.8.1
27 pages
XMS Company Profile Upd 1
No ratings yet
XMS Company Profile Upd 1
8 pages
Supabase Cloud Functions Summary
No ratings yet
Supabase Cloud Functions Summary
4 pages
Serverless Best Practices - Paul Johnston - Medium
No ratings yet
Serverless Best Practices - Paul Johnston - Medium
7 pages
Dump1 - Try To Grab
No ratings yet
Dump1 - Try To Grab
90 pages
GCP Associate Cloud Engineer Master Cheatsheet
No ratings yet
GCP Associate Cloud Engineer Master Cheatsheet
45 pages
Intro To Ethical Hacking - PPT
No ratings yet
Intro To Ethical Hacking - PPT
37 pages
SophosCloudOptix WeeklyReport
No ratings yet
SophosCloudOptix WeeklyReport
2 pages
SC 100t00a Enu Powerpoint 02
No ratings yet
SC 100t00a Enu Powerpoint 02
74 pages
CD & DevOps On Security Compliance PDF
No ratings yet
CD & DevOps On Security Compliance PDF
120 pages
Custom View
No ratings yet
Custom View
130 pages
sc-900 B9aaad101de9
No ratings yet
sc-900 B9aaad101de9
118 pages
Prompt-Engineering-Content-Creation
No ratings yet
Prompt-Engineering-Content-Creation
5 pages
VAPT_Project_Report
100% (1)
VAPT_Project_Report
46 pages
Document
No ratings yet
Document
475 pages
(Resume) Harikrushn Dhanani - Final
No ratings yet
(Resume) Harikrushn Dhanani - Final
2 pages
Examen sc-200-01-07-2024
No ratings yet
Examen sc-200-01-07-2024
13 pages
Bramha Astra
No ratings yet
Bramha Astra
11 pages
Slide Deck Data Analysis With Databricks
No ratings yet
Slide Deck Data Analysis With Databricks
115 pages
Privilege Escalation Attack Detection and Mitigation in Cloud Using Machine Learning
No ratings yet
Privilege Escalation Attack Detection and Mitigation in Cloud Using Machine Learning
69 pages
Assessment Submission 1: Dissertation Proposal: Student Name: Student Number: Project Title: Supervisor: Partner College
No ratings yet
Assessment Submission 1: Dissertation Proposal: Student Name: Student Number: Project Title: Supervisor: Partner College
6 pages
Dissertation Christian Dietrich PDF
No ratings yet
Dissertation Christian Dietrich PDF
139 pages
Gbenga Adewale 16023455 CC6051 Ethical Hacking
No ratings yet
Gbenga Adewale 16023455 CC6051 Ethical Hacking
16 pages
Diskusi Soal Latihan PKK - Ryan Septian Gandi - INF-A2
No ratings yet
Diskusi Soal Latihan PKK - Ryan Septian Gandi - INF-A2
5 pages
cs0-003_7
No ratings yet
cs0-003_7
33 pages
L0Phtcrack: Made By:-Surabhi Varma
No ratings yet
L0Phtcrack: Made By:-Surabhi Varma
21 pages
Sonica Eswar resume
No ratings yet
Sonica Eswar resume
1 page
Learning and Understanding: Test-Driven Development in Software Development
No ratings yet
Learning and Understanding: Test-Driven Development in Software Development
5 pages
Create A File That Brbbot - Exe Might Understand and Allow The Specimen To Download It
No ratings yet
Create A File That Brbbot - Exe Might Understand and Allow The Specimen To Download It
23 pages
Lecture 7 Incident Response
No ratings yet
Lecture 7 Incident Response
26 pages
Lab 8 - Securing Azure Data Platforms
No ratings yet
Lab 8 - Securing Azure Data Platforms
8 pages
az-104_1
No ratings yet
az-104_1
13 pages
Share The Required Information For TCS NQT 2024 Graduating Batch
No ratings yet
Share The Required Information For TCS NQT 2024 Graduating Batch
48 pages
Google - Exambible.cloud Digital Leader - Free.draindumps.2023 Nov 02.by - Jeremy.94q.vce
No ratings yet
Google - Exambible.cloud Digital Leader - Free.draindumps.2023 Nov 02.by - Jeremy.94q.vce
19 pages
SoC interview questions
No ratings yet
SoC interview questions
24 pages
Comprehensive Strategies For Safeguarding Your Saas Applications
No ratings yet
Comprehensive Strategies For Safeguarding Your Saas Applications
39 pages
OSINT Challenge Report Template
No ratings yet
OSINT Challenge Report Template
3 pages
Forensic Analyses With FTK Imager PDF
0% (1)
Forensic Analyses With FTK Imager PDF
8 pages
Memory Forensics
No ratings yet
Memory Forensics
8 pages
Soc Handbook
No ratings yet
Soc Handbook
16 pages
pt0-002 0
No ratings yet
pt0-002 0
23 pages
Dvwa Report
No ratings yet
Dvwa Report
10 pages
Actualtests - Sun.310 301.examcheatsheet.v12.28.04
No ratings yet
Actualtests - Sun.310 301.examcheatsheet.v12.28.04
48 pages
Ccna
0% (1)
Ccna
47 pages
Creating A Response Toolkit: Gathering The Tools
No ratings yet
Creating A Response Toolkit: Gathering The Tools
26 pages
CF Lecture 05-Disk Boot and File System
No ratings yet
CF Lecture 05-Disk Boot and File System
62 pages
Secure Software Development
No ratings yet
Secure Software Development
5 pages
Firewall Types
No ratings yet
Firewall Types
8 pages
FTK Ug
No ratings yet
FTK Ug
378 pages
212-82 Updated Exam Dumps Questions
No ratings yet
212-82 Updated Exam Dumps Questions
15 pages
OWASP 2010 Top 10 Cheat Sheet
No ratings yet
OWASP 2010 Top 10 Cheat Sheet
2 pages
Itec413 15
100% (1)
Itec413 15
33 pages
Cisco - Premium.210 255.by .VCEplus.34q DEMO
No ratings yet
Cisco - Premium.210 255.by .VCEplus.34q DEMO
17 pages
LAB6
No ratings yet
LAB6
3 pages
Cyber Security - Network Intrusion Case Study
No ratings yet
Cyber Security - Network Intrusion Case Study
9 pages
Question 1
No ratings yet
Question 1
23 pages
Mayur Kumar Jain - (Resume)
No ratings yet
Mayur Kumar Jain - (Resume)
3 pages
Nessus and OpenVAS
No ratings yet
Nessus and OpenVAS
4 pages
Ethical Hacking Fundamentals Labs
No ratings yet
Ethical Hacking Fundamentals Labs
2 pages
OSINT for ICS_OT - Review Questions
No ratings yet
OSINT for ICS_OT - Review Questions
17 pages
Gcia Tools
No ratings yet
Gcia Tools
17 pages
OWASP Secure Software Contract Annex
No ratings yet
OWASP Secure Software Contract Annex
10 pages
CEH Notes
No ratings yet
CEH Notes
12 pages
PT0-003 CompTIA PenTest+ Exam Updated Dumps
No ratings yet
PT0-003 CompTIA PenTest+ Exam Updated Dumps
27 pages
OWASP Testing Checklist
No ratings yet
OWASP Testing Checklist
1 page
Microsoft AZURE® AZ-104 Administrator Practice Tests
From Everand
Microsoft AZURE® AZ-104 Administrator Practice Tests
iCertify Training
No ratings yet