¶
General (multi-OS)
¶
Automation
Ansible
¶
Traffic analysis
Wireshark
¶
Antivirus
ClamAV
¶
Scanners
Openvas
Nessus
NMAP
¶
Log aggregation
Splunk
Netdata
ELK
¶
Threat Hunting/EDR
Velociraptor
¶
Firewalls
Palo Alto
¶
Linux
¶
Logging
Kunai
SysmonForLinux
Auditd
This one is the most low-level and works well on most systems
Config
¶
Threat Hunting/EDR
Chopchopgo
Louis
AIDE
bluebpf
¶
IDS/IPS
Snort
Suricata
Zeek
¶
Firewalls
IPTables
¶
Traffic Protection
Fail2Ban
¶
Process analysis
Pspy
htop
ps
¶
Network analysis
ss
/
netstat
(ss is better)
¶
Users
w
who
¶
Scanners
LinPEAS
RKHunter
¶
Other
Linux Hardening Checklist
Linux Backdoor Guide
¶
Windows
¶
Logging
Sysinternals
- Sysmon
Config
SysmonView
(helps look through sysmon logs)
Windows Security Event Logs
¶
Process analysis
Sysinternals
- Procmon
Sysinternals
- Process Explorer
Windows Task Manager
¶
Network analysis
Sysinternals
- TCPView
¶
Firewall
Windows Firewall
¶
Antivirus
Windows Defender
MalwareBytes
¶
Threat Hunting/EDR
DeepBlueCLI
PersistenceSniper
Chainsaw
¶
IDS/IPS
(insert tools)
¶
Scanners
WinPEAS
¶
Other
SecureAD
Powershell Incident Cheat Sheet
Awesome Windows Domain Hardening