View difference between Paste ID: Uu2yyxhT and axGi2aih
SHOW: | | - or go back to the newest paste.
1
SOC Core Skills w/ John Strand (16 Hours)
2-
Day 1 - Mon, Dec 14, 2020 4-9PM UCT
2+
Mon, Dec 14, 2020 4-9PM UCT
3-
Day 2 - Tue, Dec 15, 2020 5-9PM UCT
3+
4-
Day 3 - Wed, Dec 16, 2020 5-9PM UCT
4+
5-
Day 4 - Thu, Dec 17, 2020 5-9PM UCT
5+
6
training@wildwesthackinfest.com
7-
Bonus Job Hunting talk w/ Jason Blanchard:
7+
8-
Tue, Dec 15, 2020 9-10PM UCT
8+
9
Dedicated SOC Core Skills Discord Server:
10-
Extra bonus links from (at the end of this document):
10+
11-
The SOC Age Or, A Young SOC Analyst's Illustrated Primer | John Strand | 1 Hour (26 Oct 2020)
11+
12
Preparation instructions and hands-on labs installation guide:
13
https://wildwesthackinfest.com/training/soc-core-skills-instructions/
14
15
Slides:
16
https://handouts-live.s3.amazonaws.com/b0b53ddc19754bb7b2e376b85646a1ae?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20201214T160824Z&X-Amz-SignedHeaders=host&X-Amz-Expires=86400&X-Amz-Credential=AKIAJICNIQWVMWBRIUMQ%2F20201214%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a0c42d706063156eaf7aa6e368dd7e333d1d7fa32ac23852b4785f474d33d207
17
18
ADHD Win VM:
19
https://introclassjs.s3.us-east-1.amazonaws.com/WINADHD.7z
20
Checksums:
21
Algorithm: SHA256
22
Hash: 54C461A0BFC6E9599B0A9BC92D3BD16CB21E5020100D4C2532FE7C43B1807129
23
https://www.activecountermeasures.com/free-tools/adhd/
24
GitHub Labs:
25
https://github.com/strandjs/IntroLabs
26
https://github.com/strandjs/IntroLabs/blob/master/IntroClassFiles/navigation.md
27
28
Security Onion:
29
https://github.com/Security-Onion-Solutions/security-onion
30
https://securityonionsolutions.com/software/
31
32
SOC Core Skills w/ John Strand (16 Hours - Pay What You Can)
33
Tue-Fri 2-5 Feb 2021 11AM-3PM CST
34
https://register.gotowebinar.com/register/5912460362618462478
35
36
Getting Started in Security with BHIS and MITRE ATT&CK w/ John Strand (16-Hours - Pay What You Can)
37
Tue-Fri 23-26 Feb 2021 11AM-3PM CST
38-
https://www.linkedin.com/in/john-strand-a1b4b62/
38+
39
40
Active Defense & Cyber Deception w/ John Strand (16 Hours - Pay What You Can)
41
Tue-Fri 16-19 Mar 2021 11AM-3PM CDT
42
https://register.gotowebinar.com/register/3272325136631560973
43
44
LINKS (BHIS):
45
46
https://www.blackhillsinfosec.com/
47
https://wildwesthackinfest.com/online-training/
48
https://www.activecountermeasures.com/
49
50
Your 5 Year Path: Success in Infosec:
51
https://youtu.be/Uv-AfK7PkxU
52
https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_Your5YearPlanIntoInfoSec.pdf
53
54
Contacts:
55
https://www.twitch.tv/banjocrashland
56
https://www.twitch.tv/banjocrashland/schedule
57
https://twitter.com/BanjoCrashland
58
https://www.linkedin.com/in/jasonsblanchard/
59
https://twitter.com/debthedeb
60
https://www.linkedin.com/in/deborahwigley/
61
https://twitter.com/BHinfoSecurity
62
63
Training:
64-
====================
64+
65
https://www.blackhillsinfosec.com/webcast-the-soc-age-or-a-young-soc-analysts-illustrated-primer/
66
https://www.youtube.com/channel/UCJ2U9Dq9NckqHMbcUupgF0A
67-
*****DAY 1*****
67+
68
How to Hunt for Jobs like a Hacker w/ Jason Blanchard
69
https://youtu.be/Air1c697tjw
70
71
Cyber Range:
72
https://www.blackhillsinfosec.com/services/cyber-range/
73
74
4-hours of free intro Threat Hunting Training from Chris Brenton:
75
https://youtu.be/FzYPT1xTVHY
76
77
How to build your own home lab to use to get experience:
78
https://youtu.be/t7bhnK47Ygo
79
80
Pillage the Village:
81
https://www.youtube.com/watch?v=n2nptntIsn4
82
83
Backdoors and Breaches:
84
https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/
85
86
RITA:
87
https://www.activecountermeasures.com/free-tools/rita/
88
89
Videos:
90
https://www.youtube.com/c/BlackHillsInformationSecurity/videos
91
News:
92
https://youtu.be/QZOW0itnyLU
93
94
The SOC Age Or, A Young SOC Analyst's Illustrated Primer | John Strand | 1 Hour
95
https://www.youtube.com/watch?v=Lhol4rZo_ts
96
97
How to update the VM labs:
98
•Delete:  C:\IntroLabs\
99
•Double-click:  C:\labupdate.bat
100
•Note:  don't run as an Administrator, the files will not be placed in the correct directory
101
If this fails somehow, or the labupdate.bat file is not present:
102
•Open Notepad and paste the following in, then save as C:\labupdate.bat and run it again:
103
@ECHO OFF
104
git clone https://github.com/strandjs/IntroLabs
105-
News 20201214:
105+
106
LABS shortcut on the Desktop is missing/broken:
107
•Update the labs again
108
•or manually open:  C:\IntroLabs\IntroClassFiles\index.html
109
110
Stop Windows 10 updates:
111
•In the Run command (Win+R), type in "services. msc" and hit Enter
112
•Select the Windows Update service from the Services list
113
•Click on the "General" tab and change the "Startup Type" to "Disabled"
114
•Restart your machine
115
116
VMware Workstation does not support nested virtualization on this host.
117
Module 'MonitorMode' power on failed.
118
Failed to start the vitual machine.
119
Fixed:  bcdedit /set hypervisorlaunchtype off
120
121
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
122
123
netstat:
124
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat
125
tasklist:
126
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/tasklist
127
DeepBlueCLI:
128
https://github.com/sans-blue-team/DeepBlueCLI
129
DeepWhiteCLI:
130
https://github.com/darkoperator/Posh-VirusTotal
131
VirusTotal:
132
https://www.virustotal.com/gui/
133
VirusTotal API Key:
134
https://www.virustotal.com/en/documentation/public-api/
135
136
https://www.opendns.com/
137
https://github.com/davehull/Kansa
138
https://adblockplus.org/
139
https://pi-hole.net/
140
https://portswigger.net/daily-swig/sad-dns-researchers-pull-source-code-as-dns-cache-poisoning-technique-deemed-too-dangerous
141
https://www.windows-commandline.com/get-computer-model/
142
https://requestpolicycontinued.github.io/
143
https://www.virustotal.com/gui/
144
https://www.velocidex.com/
145
https://github.com/ComodoSecurity/openedr
146
https://www.activecountermeasures.com/free-tools/passer/
147
https://github.com/activecm/passer
148
https://github.com/sans-blue-team/DeepBlueCLI
149
150
151
LINKS (Students):
152
153
https://www.timeanddate.com/time/map/
154
155
https://jensoroger.wordpress.com/2020/07/22/if-you-are-attending-getting-started-in-security-with-bhis-and-mitre-attck-with-strandjs-next-week-and-running-linux-and-virtualbox-how-to-import-the-machine-bhinfosecurity-wwhackinfest/
156
157
I was able to run the Soc VM in Hyper-v. Just follow Converting a VMDK virtual disk copied from ESXi and The entry 1 is not a supported disk database entry for the descriptor in this guide:
158
https://www.nakivo.com/blog/how-to-convert-vmware-vm-to-hyper-v/#:~:text=The%20entry%201%20is%20not,of%20the%20disk%20database%20entries
159
In the entry 1 error guide section, you don't need to run boot repair, just uncomment the dbtools lline and run dsfi to save back. I converted it to vhdx and created a gen 2 vm in hyper-v. It booted up just fine, but FYI they don't support you running it like this. This is also handy if you want to run vmware images from vulnhub on hyper-v. Just note that depending on errors you may need to uncomment other lines in descriptor.txt. On some of them on vulnhub, especially old linux ones, I have had to make vm gen 1. Also convert vmdk to vhd, and use a legacy network adapter in hyper-v. Sometimes this doesn't work so your just stuck only running it in vmware or virtualbox.
160
161
https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network
162-
*****DAY 2*****
162+
163
SANS Webcast tonight about it:
164-
2020-12-14 – RECORDING – SOC Core Skills – Day 1 – John Strand
164+
165-
https://attendee.gotowebinar.com/register/3061585041642106382
165+
166-
FOR FREE ACCESS USE CODE:
166+
167-
JOHNSMISSINGSOCS0187
167+
168
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
169-
Now That’s What I Call ADHD! 4:
169+
170-
https://www.blackhillsinfosec.com/now-thats-what-i-call-adhd-4/
170+
171
SwiftOnSecurity:
172-
Anagram Solver:
172+
173-
https://word.tips/anagram-solver/
173+
174
Countermeasures:
175-
Discord CLI:
175+
176-
https://github.com/RickvanLoo/discord-cli
176+
177
https://pastebin.com/N0bfywTB
178-
12 Days of Cyber Defense:
178+
179-
https://www.youtube.com/playlist?list=PLUze0rzlzxgJ2Ys5lpm3HCCa2xC6oNMuK
179+
180
SAML tokens were forged, learn more about SAML here:
181-
CIS Benchmarks:
181+
182-
https://cisecurity.org/cis-benchmarks/
182+
183-
https://www.cisecurity.org/controls/cis-controls-list/
183+
184-
https://www.cisecurity.org/white-papers/cis-controls-sme-guide/
184+
185-
https://public.cyber.mil/stigs/
185+
186
https://www.professormesser.com/
187-
How to Build a Home Lab – Bill Stearns:
187+
188-
https://www.youtube.com/watch?v=t7bhnK47Ygo
188+
189
https://linuxjourney.com/
190-
Code Combat:
190+
191-
https://codecombat.com/
191+
192
https://pentesterlab.com/
193-
Infosec Mentoring | How to Find and Be a Mentor & Mentee | John Strand & Jason Blanchard | 1 Hour:
193+
194-
https://youtu.be/j3_xXgNOmQM
194+
195
196-
Holiday Hack Challenge 2020:
196+
197-
https://holidayhackchallenge.com/2020/
197+
198
https://www.youtube.com/watch?v=8armE3Wz0jk
199-
How SPF, DKIM, and DMARC Authentication Works to Increase Inbox Pen... (Testing) Rates:
199+
200-
https://tinyurl.com/y92s4o8d
200+
201-
https://www.blackhillsinfosec.com/how-spf-dkim-and-dmarc-authentication-works-to-increase-inbox-pen...-testing-rates/
201+
202-
^^^use the tinyurl or spell out the word with "..." in the link (pastebin was flagging as potentially offensive)
202+
203
204-
ActiveCountermeasures:
204+
205-
https://www.activecountermeasures.com/blog/
205+
206
https://nostarch.com/rootkits
207-
Alert (AA20-302A)
207+
208-
Ransomware Activity Targeting the Healthcare and Public Health Sector:
208+
209-
https://us-cert.cisa.gov/ncas/alerts/aa20-302a
209+
210
https://ublockorigin.com/
211-
Atomic Red Team:
211+
212-
https://github.com/redcanaryco/atomic-red-team
212+
213
214-
Hacking a Security Career - Deviant Ollam:
214+
215-
https://www.youtube.com/watch?v=jZFuCYyQB6c
215+
216
https://www.amazon.com/Standing-Sitting-Perching-Ergonomic-Computer/dp/B00HCLJDSK
217-
Exploit-DB
217+
218-
https://www.exploit-db.com/
218+
219
220-
115 How to Social Engineer your way into your dream job Jason Blanchard:
220+
221-
https://youtu.be/__lvS2pjuSg
221+
222
https://support.opendns.com/hc/en-us/articles/227986647-Can-I-Block-Advertisers-and-Ad-Servers-
223
224-
https://www.youtube.com/watch?v=Air1c697tjw&feature=youtu.be
224+
225
226-
Kroll:
226+
227-
https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape
227+
228-
https://ericzimmerman.github.io/#!index.md
228+
229
https://processhacker.sourceforge.io/
230-
*****DAY 3*****
230+
231
https://github.com/Tripwire/tripwire-open-source
232-
2020-12-15 – RECORDING – SOC Core Skills – Day 2 – John Strand
232+
233-
https://attendee.gotowebinar.com/register/1681441762585925903
233+
234-
FOR FREE ACCESS USE CODE:
234+
235-
JOHNSMISSINGSOCS0187
235+
236
https://www.crowdstrike.com/resources/reports/2020-crowdstrike-global-threat-report/
237-
Shodan:
237+
238-
https://shodan.io/
238+
239
240-
Active Countermeasures:
240+
241-
https://www.activecountermeasures.com/blog/
241+
242-
https://www.activecountermeasures.com/category/video-blog/
242+
243-
https://www.activecountermeasures.com/malware-of-the-day-backoff/
243+
244-
https://www.youtube.com/activecountermeasures
244+
245
246-
tcpdump:
246+
247-
https://www.tcpdump.org/
247+
248
https://lolbas-project.github.io/
249-
Wireshark:
249+
250-
https://www.wireshark.org/
250+
251
252-
Getting Started With TCPDump:
252+
253-
https://www.blackhillsinfosec.com/getting-started-with-tcpdump/
253+
254
https://wadcoms.github.io/
255-
Volatility:
255+
256-
https://www.volatilityfoundation.org/26
256+
257-
https://www.volatilityfoundation.org/releases
257+
258-
https://github.com/fireeye/win10_volatility
258+
259-
https://downloads.volatilityfoundation.org/releases/2.4/CheatSheet_v2.4.pdf
259+
260
https://blog.didierstevens.com/my-software/
261-
FTK Imager:
261+
262-
https://accessdata.com/product-download/ftk-imager-version-4-5
262+
263-
https://accessdata.com/products-services/forensic-toolkit-ftk/ftkimager
263+
264
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon#overview-of-sysmon-capabilities
265-
Rekall:
265+
266-
http://www.rekall-forensic.com/
266+
267-
https://github.com/google/rekall
267+
268-
https://github.com/fireeye/win10_rekall
268+
269
270-
Winpmem:
270+
271-
https://winpmem.velocidex.com/
271+
272-
https://github.com/google/rekall/tree/master/tools/windows/winpmem
272+
273
274-
Velociraptor:
274+
275
276-
https://github.com/Velocidex/velociraptor
276+
277-
https://www.velocidex.com/discord
277+
278
https://osquery.io/
279-
NetFlow (IPFIX):
279+
280-
https://en.wikipedia.org/wiki/NetFlow
280+
281-
https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html
281+
282-
https://en.wikipedia.org/wiki/IP_Flow_Information_Export
282+
283-
https://tools.ietf.org/html/rfc7011
283+
284
https://github.com/Cyb3rWard0g/HELK
285-
Zeek (Corelight):
285+
286-
https://zeek.org/
286+
287-
https://github.com/zeek/zeek
287+
288-
https://corelight.com/about-zeek/how-zeek-works/
288+
289-
https://www3.corelight.com/nsm@home
289+
290
291
https://nsacyber.github.io/unfetter/
292-
https://github.com/activecm/rita
292+
293-
https://www.blackhillsinfosec.com/projects/rita/
293+
294
295-
https://www.blackhillsinfosec.com/webcast-rita/
295+
296-
Real Intelligence Threat Analytics (RITA) Overview & AI-Hunter Demo:
296+
297-
https://youtu.be/h8KNyhSMoig
297+
298
299-
Gigamon:
299+
300-
https://www.gigamon.com/
300+
301
https://github.com/fireeye/red_team_tool_countermeasures/blob/master/all-snort.rules
302-
JA3:
302+
303-
https://github.com/salesforce/ja3
303+
304
305
https://github.com/kitabisa/teler
306
307
https://www.youtube.com/watch?v=iB_xCLsgQZI
308
https://www.youtube.com/watch?v=Uv-AfK7PkxU
309-
Suricata:
309+
310-
https://suricata-ids.org/
310+
311-
https://github.com/OISF/suricata
311+
312
https://www.cyberseek.org/index.html#
313-
Webcast: Attack Tactics 7 – The Logs You Are Looking For:
313+
314-
https://www.blackhillsinfosec.com/webcast-attack-tactics-7-the-logs-you-are-looking-for/
314+
315
316-
Cyber Threat Hunting | Chris Brenton | October 2020 | 4 Hours:
316+
317-
https://www.youtube.com/watch?v=FzYPT1xTVHY
317+