PurpleTeamResourceCollection.md

Purple Teaming Resource Collection

CTI

Periodic Watch

• Trellix Threat Reports
  • https://www.trellix.com/en-ca/advanced-research-center/threat-reports/
• Checkpoint TI Reports
  • https://research.checkpoint.com/category/threat-intelligence-reports/
• Anomali Cyber Watch
  • https://www.anomali.com/blog Filter by Cyber Watch
• Talos Threat Roundup
  • https://blog.talosintelligence.com/category/threat-roundup/
• Red Canary Intelligence Insights
  • https://redcanary.com/blog/
• ISC Podcast
  • https://isc.sans.edu/podcast.html
• Avertium Threat Reports
  • https://www.avertium.com/resources

Malware focus

• Malware Hunters
  • https://malwarehunters.org/
• Any Run Malware Trends
  • https://any.run/malware-trends/
• Hatching Blog
  • https://hatching.io/blog/
  • https://tria.ge/kb/
• Malpedia
  • https://malpedia.caad.fkie.fraunhofer.de/

Others

• https://attack.mitre.org/groups/
• https://thedfirreport.com/
• https://github.com/BushidoUK/Breach-Report-Collection
• https://github.com/blackorbird/APT_REPORT
• https://www.crowdstrike.com/adversaries/
• https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide
• https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit
• https://apt.etda.or.th/cgi-bin/aptgroups.cgi
• https://unit42.paloaltonetworks.com/atoms/
• https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/wochenrueckblicke.html
• https://www.ncsc.gov.uk/section/keep-up-to-date/threat-reports
• https://thehackernews.com/
• https://therecord.media/
• https://securelist.com/
• https://thisweekin4n6.com/

Vulnerabilities

• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://cvetrends.com/

Collection

• https://github.com/hslatman/awesome-threat-intelligence
• https://github.com/signalscorps/awesome-threat-Intel-blogs

Red|Purple

(E|Si)mulation

• https://atomicredteam.io/atomics/
• https://github.com/center-for-threat-informed-defense/adversary_emulation_library
• https://scythe.io/threat-thursday
• https://github.com/preludeorg/community

Tools

• https://github.com/SecurityRiskAdvisors/VECTR
• https://github.com/facebookincubator/TTPForge
• https://github.com/mitre/caldera
• https://github.com/preludeorg
• https://github.com/mvelazc0/PurpleTeamPlaybook
• https://github.com/mvelazc0/PurpleSharp
• https://github.com/PlumHound/PlumHound
• https://www.thec2matrix.com/
• https://github.com/guardicore/monkey
• https://nsacyber.github.io/unfetter/
• https://github.com/Telefonica/ATTPwn
• https://github.com/uber-common/metta
• https://github.com/NextronSystems/APTSimulator
• https://github.com/alphasoc/flightsim

Blue

Prevention

• https://attack.mitre.org/mitigations/enterprise/
• https://www.cisecurity.org/cis-benchmarks
• https://github.com/atc-project/atc-mitigation
• https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide
• https://github.com/MicrosoftDocs/windowsserverdocs/tree/main/WindowsServerDocs/security

Telemetry

• Windows Events
  • https://github.com/Yamato-Security/EnableWindowsLogSettings
  • https://what2log.com/
  • https://www.malwarearchaeology.com/cheat-sheets
  • https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol
• Sysmon
  • https://github.com/olafhartong/sysmon-modular
  • https://github.com/SwiftOnSecurity/sysmon-config
• EDR Telemetry
  • https://github.com/tsale/EDR-Telemetry

Detection

• Sigma

  • https://sigmasearchengine.com/
  • https://github.com/SigmaHQ/sigma
  • https://sigconverter.io/

• Elastic

  • https://github.com/elastic/detection-rules

• Splunk

  • https://research.splunk.com/detections/

• MITRE CAR

  • https://car.mitre.org/analytics/

• Microsoft

  • https://github.com/Azure/Azure-Sentinel

• Google

  • https://github.com/chronicle/detection-rules

• Carbon Black

  • https://github.com/0xAnalyst/CB-Threat-Hunting
  • https://github.com/Sam0x90/CB-SecOps

• Falcon Force

  • https://github.com/FalconForceTeam/FalconFriday

• Panther Labs

  • https://github.com/panther-labs/panther-analysis

• TheDFIRReport

  • https://github.com/The-DFIR-Report/Sigma-Rules

• Joe Sandbox

  • https://github.com/joesecurity/sigma-rules

• Hayabusa

  • https://github.com/Yamato-Security/hayabusa-rules/

• Sublime

  • https://github.com/sublime-security/sublime-rules/

• Others

  • https://github.com/mbabinski/Sigma-Rules
  • https://github.com/jatrost/awesome-detection-rules/
  • https://github.com/mthcht/awesome-lists

• Yara

  • https://github.com/Yara-Rules/rules

• Reversing Labs

  • https://github.com/reversinglabs/reversinglabs-yara-rules