Velociraptor Course: Digging deeper (May 2021)
FOR508
Credential defense analyst reference
Appendix F - Securing Domain Admins Groups in Active Directory
Protect privileged ad accounts with five free controls
Securing privileged access Enterprise access model - Privileged access
Eric Zimmerman's Results in Seconds at the Command-Line Poster | SANS Poster
Hunt Evil | SANS Poster
Windows Forensic Analysis | SANS Poster
LOLBAS
Month of PowerShell: 5 Tips for Getting Started with PowerShell | SANS Institute
Getting Started with Microsoft PowerShell
Power shell quick reference
Light side of the force pdf
Bear Hunting: Tracking Down COZY BEAR Backdoors
Exposing the Steps of the Kimsuky APT Group
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
How Microsoft names threat actors - Microsoft's unified security operations platform
Nist
Essential Eight explained | Cyber.gov.au
The 18 CIS Critical Security Controls
Matrix - Enterprise | MITRE ATT&CK®
FOR508 Cloud Share K01 on Egnyte
FREE Resources for Cyber Security Professionals | Applied Incident Response
'Applied Incident Response Scripts
olafhartong/sysmon-modular: A repository of sysmon configuration modules
GitHub - SwiftOnSecurity/sysmon-config: Sysmon configuration file template with default high-quality event tracing
Greater Visibility Through PowerShell Logging | Mandiant
CyberChef
The Key to Identify PsExec
Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018