Book 1

Velociraptor Course: Digging deeper (May 2021)

Credential defense analyst reference

Appendix F - Securing Domain Admins Groups in Active Directory

Protect privileged ad accounts with five free controls

Securing privileged access Enterprise access model - Privileged access

Eric Zimmerman's Results in Seconds at the Command-Line Poster | SANS Poster

Hunt Evil | SANS Poster

Windows Forensic Analysis | SANS Poster

LOLBAS

Month of PowerShell: 5 Tips for Getting Started with PowerShell | SANS Institute

Getting Started with Microsoft PowerShell

Power shell quick reference

Light side of the force pdf

Bear Hunting: Tracking Down COZY BEAR Backdoors

Exposing the Steps of the Kimsuky APT Group

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang

How Microsoft names threat actors - Microsoft's unified security operations platform

Nist

Essential Eight explained | Cyber.gov.au

The 18 CIS Critical Security Controls

Matrix - Enterprise | MITRE ATT&CK®

FOR508 Cloud Share K01 on Egnyte

FREE Resources for Cyber Security Professionals | Applied Incident Response

aws-incident-response-playbooks/playbooks at master · aws-samples/aws-incident-response-playbooks

Kansa for Enterprise Scale Threat Hunting, Jonathan Ketchum.pdf

Structured & Task-Driven Threat Hunting

Demystifying the “SVCHOST.EXE” Process and Its Command Line Options

Windows 10 Services - batcmd.com

Per-user services in Windows 10 and Windows Server - Windows Application Management

Developing a privileged access strategy