AZ-500 Course Introduction


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

PYTHON CRASH COURSE


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

OSINT All in one

https://start.me/p/L1rEYQ/osint4all


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Advanced Persistent Threat -APT Reference:

https://attack.mitre.org/groups/

https://github.com/cyber-research/APTMalware

https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?usp=sharing

https://www.fireeye.com/current-threats/apt-groups.html

https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections

https://gist.github.com/Neo23x0/c4f40629342769ad0a8f3980942e21d3

https://malpedia.caad.fkie.fraunhofer.de/actors

https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf

https://apt.thaicert.or.th/cgi-bin/aptsearch.cgi

https://github.com/jeevansio/APT_Digital_Weapon


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

يك مديريت وصله در سازمان شما رو ٣ هيچ از نفوذگران جلو مي اندازد
لطفا دارايي هاي سازمان را بروز - در لحظه بروز رساني كنيد
رفع عدم وصله و ميس كانفيگ

ترندي هست در كشور - اين آسيب پذيري قديمي


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

BTFM
Blue Team Field Manual
كتابچه ارزشمند - تيم هاي امنيت دفاعي/آبي
https://edu.heibai.org/Blue%20Team%20Field%20Manual.pdf


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

In looking into compromised systems, often what is needed by incident responders and investigators is not enabled or configured when it comes to logging. 
https://www.malwarearchaeology.com/cheat-sheets
To help get system logs properly Enabled and Configured, below are some cheat sheets to help you do logging well and so the needed data we all need is there when we look

https://www.malwarearchaeology.com/s/Windows-Logging-Cheat-Sheet_ver_Feb_2019.pdf

https://www.malwarearchaeology.com/s/Windows-Advanced-Logging-Cheat-Sheet_ver_Feb_2019_v12.pdf

https://www.malwarearchaeology.com/s/Windows-Humio-Logging-Cheat-Sheet-v10-fw66.pdf

https://www.malwarearchaeology.com/s/Windows-Splunk-Logging-Cheat-Sheet-v222.pdf

https://www.malwarearchaeology.com/s/Windows-File-Auditing-Cheat-Sheet-ver-Nov-2017-3fwr.pdf

https://www.malwarearchaeology.com/s/Windows-Registry-Auditing-Cheat-Sheet-ver-Aug-2019.pdf

https://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-Sept-2018-v22.pdf

https://www.malwarearchaeology.com/s/Windows-Sysmon-Logging-Cheat-Sheet_Jan_2020-g7sl.pdf

https://www.malwarearchaeology.com/s/Windows-ATTCK_Logging-Cheat-Sheet_ver_Sept_2018.pdf

https://www.malwarearchaeology.com/s/Windows_LOG-MD_ATTCK_Cheat_Sheet_ver_Sept_2018.pdf

https://github.com/MalwareArchaeology/ATTACK


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://musclewiki.com
وب سايت جالبي براي ورزش، ابزار هاي استانداردي هم براي رژيم و مصرف كالري داره🤓


‎-سلامتي-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://www-socinvestigation-com.cdn.ampproject.org/c/s/www.socinvestigation.com/linux-audit-logs-cheatsheet-detect-respond-faster/amp/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Threat Research
1. Quick Analysis for the SSID Format String Bug in iOS Wi-Fi service
https://blog.chichou.me/2021/06/20/quick-analysis-wifid
2. Apple account takeover vulnerability
https://thezerohack.com/apple-vulnerability-bug-bounty
3. XXE in JDOM library (PoC for CVE-2021-33813)
https://alephsecurity.com/vulns/aleph-2021003

Red Team Tactics
1. Bypassing Image Load Kernel Callbacks
https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks
2. Pwning Home Router - Linksys WRT54G
https://elongl.github.io/exploitation/2021/05/30/pwning-home-router.html

exploit
CVE-2021-30658:
M1 Macs GateKeeper bypass (PoC)
https://wojciechregula.blog/post/m1-macs-gatekeeper-bypass-aka-cve-2021-30658

Offensive security
1. Exploiting the notoriously unsafe gets() on a PAC-protected ARM64 binary
https://blog.ret2.io/2021/06/16/intro-to-pac-arm64
2. A Little More on the Task Scheduler's Service Account Usage...
https://www.tiraniddo.dev/2021/06/a-little-more-on-task-schedulers.html?m=1


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

CISO Series: Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2
This is the sixth blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center (SOC) protecting Microsoft and our Detection and Response Team (DART) helping our customers with their incidents. For a visual depiction of our SOC philosophy, download our Minutes Matter poster.
https://lnkd.in/dn9wgyN


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Cloud Adoption Framework (Secure Methodology) - https://aka.ms/CAFsecure - Security Program and Strategy Guidance
Microsoft Cybersecurity Reference Architectures (MCRA) - https://aka.ms/MCRA
Microsoft Security Documentation - https://lnkd.in/eufX45M
Best Practice Documentation and Videos - https://lnkd.in/emVhNnT
Cybersecurity Training (CISO Workshop) - https://lnkd.in/eqaNAkh
Mapping to NIST CSF and ISO 27001 - https://lnkd.in/erZctXq

Recent Events
Solorigate / SUNBURST - https://aka.ms/solorigate


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Privileged Access and Identity
Your Pa$$word Doesn't Matter - https://lnkd.in/emdNd5t
Securing Privileged Access Main Page (https://aka.ms/SPA) - Complete strategy, prescriptive roadmap, and implementation steps for reducing organizational risk from these attack techniques (used in human operated ransomware as well as advanced targeted data theft attacks). This includes a
Rapid Modernization Plan (RAMP) – https://aka.ms/SPA-RAMP
Securing Workstations – https://aka.ms/PAW 
Privileged Access Strategy - https://lnkd.in/eCYZrfc
Success criteria for strategy - https://aka.ms/SPA-Success
Security levels - https://aka.ms/SPA-levels
Securing Accounts – https://aka.ms/spa-account 
Securing Intermediaries – https://lnkd.in/eDySjRb
Securing Interfaces – https://lnkd.in/eVqJpnF
Deploying a privileged access solution - https://aka.ms/deploySPA
Enterprise access model (update of Tier Model) - https://aka.ms/AccessModel
Additional Resources:
Credential Theft Demonstration (~10 minutes) - https://lnkd.in/eUeBMXT
RSA Conference Presentation - Co-presentation with Tony Sager of the Center for Internet Security (CIS) on this aspect of critical hygiene - https://lnkd.in/eYVkrAF


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Incident Response and Recovery
IR Resource Page (https://aka.ms/IR) with links and pointers
IR Reference Guide - Lessons learned and recommendations from Microsoft, EY, Edelman, and Orrick to manage major incidents based on our collective experience (technical, operational, legal, and communications)
NIST Guide for Cybersecurity Event Recovery - https://lnkd.in/g_fUe5B
Microsoft's Detection and Response Team (DART) - https://aka.ms/DART


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Cybersecurity for Business Leaders
Security Return on Investment (ROI) Video (1.5 minutes) - https://lnkd.in/gwAs8Nf
Cybersecurity Resilience - https://lnkd.in/gHTjScp
Zero Trust Business Plan - and metrics for leaders and executives

Security Operations (SecOps) / [Center] (SOC)
CDOC Blog Series - Part 1 | Part 2a | Part 2b | Part 3a | Part 3b | Part 3c | Part 3d
SOC Process Framework - Azure Sentinel Workbook with detailed guidance on roles, processes, and much more.
Poster - https://lnkd.in/g_UnYWa
Video from Microsoft’s Virtual Security Summit (starting at 1:05:48) -


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Enterprise Patch Management
Patching as a Social Responsibility

Microsoft Azure
Azure Security Top 10 best practices - documentation and videos
Azure Security Benchmarks - Microsoft's security best practices, including security baselines to rapidly configure security for the most popular azure services
Well Architected Framework - Security Guidance focused on protecting workloads
Azure Security Documentation - http://aka.ms/AzureSecInfo
Feature Updates - https://lnkd.in/gpT4QaR

Azure Sentinel
Microsoft's Cloud Native SIEM and SOAR capability
Azure Sentinel Documentation
Project VAST dashboard - Discover old insecure protocols creating risk

Office 365 Security
Prioritized Recommendations - Roadmap of security recommendations for protecting Office 365 against top attacks and prioritize by things to do in the first 30 days, first 90 days and beyond.
Feature updates - https://lnkd.in/gqmGdW2

Application/Development Security
Innovation Security - CAF Secure discipline describing program and strategy guidance
DevSecOps Controls - CAF Secure article describing key technical controls


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://lnkd.in/gddFnwU


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Chief Information Security Officer (CISO) Workshop Training
https://lnkd.in/gyRXiCW


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

What is Azure Sentinel?
https://lnkd.in/gS_AjpF


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://lnkd.in/gRqmv-k
دسته بندی سرویس و محصولات امنیت محور-مایکروسافت


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

What is Azure Security Center?
https://lnkd.in/gHBqkzE


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31