Free Resources for Incident Response Professionals

To help make your tough job a bit easier.

Lateral Movement Analyst Reference

Learn to detect lateral movement within your environment.

Lateral Movement Analyst Reference

Event Log Analyst Reference

Windows Event Logs store an increasingly rich set of data. This reference walks you through configuring, storing and analyzing Windows events.

Windows Event Log Analyst Reference

Memory Analysis with Volatility Analyst Reference

The battle for our boxes is increasingly being fought in RAM. Learn to use Volatility to hunt for evil on your systems.

Volatility Analyst Reference

Python Analyst Reference

A quick reference for Python coders, based on Mark Baggett’s Automating Information Security with Python course.

Python Analyst Reference

Default Windows Processes Quick Reference

Quick Reference on normal system processes on a Windows system, including their executable’s path on disk, the usual process tree, and descriptions of each process. Perfect to help during memory analysis and system triage.

Default Windows Processes Quick Reference

WMIC Quick Reference

Windows Management Instrumentation Command-line utility is a great resource for incident responders. This quick reference will help you with examples and syntax.

WMIC Quick Reference

PowerShell Quick Reference

A quick reference starting point for exploring the immense value of PowerShell for incident response. Also see the Light Side of the Force presentation below for more on PowerShell.

PowerShell Quick Reference

The Light Side of the Force:PowerShell for Incident Response

High profile tools like Empire and Death Star harness PowerShell for offensive purposes. This presentation examines ways that IT security professionals can leverage PowerShell to protect their assets.

Light Side of the Force Presentation

Pivot and Pillage: Lateral Movement within a Victim Network

Modern attackers are like ninjas, stealthily skulking in the shadows, using existing tools to blend in with everyday network activity. This presentation accompanies our Lateral Movement Analysis Analyst Reference PDF to highlight ways to detect and defeat these hidden adversaries.

Pivot and Pillage Presentation

BYOD or Bring Your Own Destruction

Bring Your Own Device is a paradigm that allows employees to access critical data from almost anywhere using devices that cost the employer nothing. Or do they? We’ll take a look at many of the challenges and assumptions that have gone into BYOD policies, or lack thereof, and take a moment to evaluate how reasonable our rush to embrace this approach has been. We’ll consider technical challenges such as vulnerability management, mobile device management platforms, and mobile device forensic challenges and look at what countermeasures we can employ to acknowledge and address the reality of this model.

BYOD Presentation

Do You Want to Build a Test Lab?

You can get free Microsoft licenses from here:

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
https://www.microsoft.com/en-us/evalcenter/

You can configure a test domain using the Config-LabSystem.ps1 script and the associated UserList.csv here ⤵

External Resources

This is a list of external resources for your reference. None of these links is affiliated with us in any way, but we respect their work and their contribution to the IT Security community. You will find a mixture of offensive and defensive resources on this page, since to do either well-requires knowledge of both.

Learning Resources

Need to brush up on Linux? Try https://linuxjourney.com/ 

Want help understanding a Linux command? https://explainshell.com/

Interested to explore coding? Check out https://www.codecademy.com/ 

Want to review the basics of different types of attacks? Here’s some lessons for you

https://www.hacksplaining.com/exercises 

How would you like to learn more about Metasploit and help out a great charity? Go here to find out https://www.offensive-security.com/metasploit-unleashed/ 

Need some more information on Windows Event Logs https://www.ultimatewindowssecurity.com/securitylog/default.aspx

How about some free PowerShell video training direct from Microsoft?

https://mva.microsoft.com/en-US/training-courses/getting-started-with-microsoft-powershell-8276 

https://mva.microsoft.com/en-US/training-courses/whats-new-in-powershell-v5-16434 

For great sample policies and procedures, look here:

https://www.incidentresponse.com/resources/policies-plans/

Looking for great video training in digital forensics?  Check out https://www.youtube.com/13cubed 

Capture the Flag and Other Challenges

Pentesting

Want to learn more about web application pentesting? Check out https://www.owasp.org (a good overview of their projects is here https://www.owasp.org/images/0/01/Owasp_Dev_Guide.pdf) and also explore https://pentesterlab.com/

https://www.hackthebox.eu/

Need some good wordlists for password cracking? Try:

https://wiki.skullsecurity.org/passwords

https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm 

Other

And here’s some other sites with great information for continuing your journey into penetration testing and incident response: