This page provides links to further reading, resources, presentations, and other material referenced in Paralus training courses and workshops. This is designed to be a curated list, and not necessarily all-encompassing. If you think something important is missing, please let us know!

Cyber Threat Intelligence

• General Intelligence Resources
  • JP-2-0 Intelligence (older version; waiting for latest version to be publicly published)
  • Psychology of Intelligence Analysis
  • A Top 10 Reading List if You’re Getting Started in Cyber Threat Intelligence – Katie Nickles
  • A Threat Driven Approach to Cyber Security (Lockheed Martin Kill Chain)
  • Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (Lockheed Martin Kill Chain)
  • The Diamond Model of Intrusion Analysis
  • MITRE ATT&CK Design and Philosophy
  • The Targeting Process: D3A and F3EAD
• IOCs and Threat Intelligence
  • OpenIOC: Back to the Basics
  • OpenIOC Series: Investigating with Indicators of Compromise Part I (Original Source No Longer Available)
  • Investigating with Indicators of Compromise Part II (Original Source No Longer Available)
  • The Origin of the Term Indicators of Compromise
  • Indicators and Network Defense
  • Misunderstanding Indicators of Compromise
  • Threat Intelligence and the Limits of Malware Analysis
  • The Pyramid of Pain – David Bianco
  • Analyzing Network Infrastructure as Composite Objects
  • Formulating a Robust Pivoting Methodology
  • Thrunting Grounds – Amitai Cohen
• Threat Intelligence and Threat Attribution
  • Beyond Attribution: Seeking National Responsibility for Cyber Attacks – Jason Healey
  • Conceptualizing a Continuum of Cyber Threat Attribution
  • Attribution of Advanced Persistent Threats – Timo Steffens (Book)
  • Strategies for Resolving the Cyber Attribution Challenge – Panayotis A. Yannakogeorgos
  • Attribution of Malicious Cyber Incidents – Herbert Lin

Threat Hunting and Operations

• Threat Hunting
  • A Practical Model for Conducting Cyber Threat Hunting – Dan Gunter
  • Generating Hypotheses for Successful Threat Hunting – Robert M. Lee, David Bianco
  • Developing an Intelligence-driven Threat Hunting Methodology
  • Threat Hunting Series:
    • Improving through Hunting – Ben Miller
    • Hunting on ICS Networks – Dan Gunter
  • Threat Hunting with Python Series:
    • Part 1
    • Part 2 – Detecting NMAP Behavior with Bro HTTP Logs
    • Part 3 – Taming SMB
    • Part 4 – Examining Microsoft SQL Based Historian Traffic
• Detection Engineering
  • About Detection Engineering – Florian Roth
  • On the Road to Detection Engineering – Leo Bastidas
  • So, You Want to Be a Detection Engineer? – Josh Day
  • Revisiting the Idea of the “False Positive”
  • Focusing on “Left of Boom”
• Intelligence-Driven Threat Operations
  • Intelligence-Driven Incident Response (book)
  • Threat Modeling (book)

Tools and Resources

• Network Resources
  • Hurricane Electric Who Is
  • DomainTools (Requires Account)
  • RiskIQ Community (Requires Account)
  • SilentPush Community Edition
  • Censys.io
  • Urlscan.io
  • URLhaus
  • MXToolBox SuperTool
  • Shodan.io (Requires Account)
• Host Resources
  • VirusTotal
  • Any.run
  • HybridAnalysis
  • VirusBay
  • Malshare
  • MalwareBazaar
• Links to Tools
  • CyberChef
  • FLOSS Strings Tool
  • OLETools
  • Didier Stevens Tools
  • PE Analyzer:
    • Python2
    • Python3
  • CAPA Executable Analyzer
  • Aldeid Digital Forensics List
  • NewDomain Search
  • Analysis VMs:
    • SANS SIFT Workstation
    • Remnux
    • FireEye FLARE