Skip to main content

Cheat Sheets

MindMaps

MindMapsDescriptions
PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMSIncludes URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites
FORENSIC CHALLENGESIncludes FORENSIC CHALLENGES
FORENSIC Includes FORENSIC
SECURING HOME COMPUTERSSECURING HOME COMPUTERS
WEB APPLICATION SECURITY TESTSWEB APPLICATION SECURITY TESTS
USEFUL BROWSER PLUGINS for PENETRATION TESTING / WEB APPLICATION SECURITY TESTINGUSEFUL BROWSER PLUGINS for PENETRATION TESTING / WEB APPLICATION SECURITY TESTING
VIRTUAL MACHINES AND LIVE CDSVIRTUAL MACHINES AND LIVE CDS

SANS-Posters and Cheat Sheets [Free]

Cloud SECURITY

PostersDescriptions
Enterprise Cloud Forensics & Incident Response PosterThe new SANS Enterprise Cloud Forensics & Incident Response poster provides guidance on terminology and log sources across the major cloud providers (AWS, Google, and Microsoft), along with a CLI cheat sheet for gathering evidence from each cloud
Nine Key Cloud Security Concentrations & SWAT ChecklistThe Nine Key Cloud Security Concentrations poster describes top cloud security concentrations broken down by each of the Big 3 Cloud providers: AWS, Azure, and GCP.
Cloud & Enterprise Vulnerability Management Maturity Model Key Metrics: Cloud and Enterprise delivers a set of essential metrics to generate, provide, and review with the Technical, Operational, and Executive partners of the organization
SOC 2 ExaminationThis cheat sheet presents an overview of the SOC 2 reporting framework. It outlines key components of the compliance framework to help leaders make informed decisions when pursuing a SOC 2.
Secure Service Configuration in AWS, Azure, & GCPThis poster compares and contrasts the popular security services of each major cloud provider - Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
Powershell For Enterprise & Cloud ComplianceThe SEC557 Powershell Cheatsheet provides a comprehensive set of Powershell commands, cmdlets, and scripts that compliance professionals can use to automate compliance measurements in their enterprise and cloud environments.
Fix Security Issues Left of Prodif you are looking to fix security issues left of production, then look no further than this Cloud Security and DevOps cheat sheet.
Multicloud Cheat SheetUse CLIs to interact with the three most popular cloud platforms: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

Cyber Defense

PostersDescriptions
IPv6 Pocket GuideThe IPv6 Pocket Guide is an excellent resource for students of SEC503: Intrusion Detection In-Depth. In addition to information on IPv6 headers and addresses, it includes quick-reference material on commonly used acronyms, tcpdump usage, routing and fragment headers, and more.
TCP/IP and tcpdumpThe SEC503 TCP/IP and tcpdump Cheatsheet is an excellent resource for students of SEC503: Intrusion Detection In-Depth.
Guide to Security OperationsIf you work in a SOC or cyber defense operations role then the SANS Guide To Security Operations is for you

CyberSecyrity and IT Essentials

PostersDescriptions
Google Dorking Hacking and Defense Cheat SheetThis document aims to be a quick reference outlining all Google operators, their meaning, and examples of their usage.
SANS SIEM: A Log Lifecyclem. A SIEM can be an incredibly valuable tool for the SOC when implemented correctly. Leverage the Log Lifecycle Poster to add context and enrich data to achieve actionable intelligence – enabling detection techniques that do not exist in your environment today.

Digital Forensics and Incident Response

PostersDescriptions
Windows Forensic AnalysisUse this poster as a cheat-sheet to help you remember where you can discover key Windows artifacts for computer intrusion, intellectual property theft, and other common cyber crime investigations.
Malware Analysis: Tips & Tricks PosterUncovering the capabilities of malicious software allows security professionals to respond to incidents, fortify defenses, and derive threat intelligence
SANS DFIR Cheatsheet BookletThis booklet contains the most popular SANS DFIR Cheatsheets and provides a valuable resource to help streamline your investigations. Download this booklet, keep it in digital form, or print it & keep it handy wherever you go!
Windows Third Party Apps Forensics PosterThis poster is a detailed exploration of artifacts from 46 third-party applications commonly found on devices running the Windows operating system.
SIFT Cheat SheetDFIR Forensic Analysts are on the front lines of computer investigations. This guide aims to support Forensic Analysts in their quest to uncover the truth.
DFIR Memory ForensicsMemory analysis is the decisive victory on the battlefield between offense and defense, giving the upper hand to incident responders by exposing injection and hooking techniques that would otherwise remain undetected.
Android Third-Party Apps ForensicsThe aim of this poster is to provide a list of the most interesting files and folders in the “Data” folder for the most commonly used third-party apps.
Malware Analysis and Reverse-Engineering Cheat SheetThis cheat sheet presents tips for analyzing and reverse-engineering malware. It outlines the steps for performing behavioral and code-level analysis of malicious software.
Cheat Sheet for Analyzing Malicious DocumentsThis cheat sheet outlines tips and tools for analyzing malicious documents, such as Microsoft Office, RTF and Adobe Acrobat (PDF) files.
REMnux Usage Tips for Malware Analysis on LinuxThis cheat sheet outlines some of the commands and tools for analyzing malware using the REMnux.
Tips for Reverse-Engineering Malicious CodeCheat sheet for reversing malicious Windows executables via static and dynamic code analysis.
Linux Shell Survival Guideit covers some of what we consider the more useful Linux shell primitives and core utilities. These can be exceedingly helpful when automating analysis processes, generating output that can be copied and pasted into a report or spreadsheet document, or supporting quick-turn responses when a full tool kit is not available.
JSON and jq Quick Start Guide. It covers the basics of JSON and some of the fundamentals of the jq utility. The jq utility filters, parses, formats, and restructures JSON—think of it as sed, awk, and grep, but for JSON
DFIR Advanced Smartphone Forensics Interactive PosterUse this poster as a cheat-sheet to help you remember how to handle smartphones, where to obtain actionable intelligence, and how to recover and analyze data on the latest smartphones and tablets.
SQlite Pocket Reference GuideIt covers some of the core methods to extracting data from SQLite databases. Definitions, sample queries, and SQLite terminology will help you conduct manual extractions from databases of interest found on Macs, smartphones, and PCs
Windows to Unix Cheat SheetCreated by Didier Stevens the "oledump" cheat sheet is valuable reference for the author's popular open source tool to help in the analysis of MSFT Office documents
Eric Zimmerman's tools Cheat SheetThis cheat sheet covers the basics of using several command line programs by Eric Zimmerman.
Rekall Cheat SheetThis cheatsheet provides a quick reference for memory analysis operations in Rekall, covering acquisition, live memory analysis and parsing plugins used in the 6-Step Investigative Process.
Memory Forensics AnalysisThis cheat sheet supports the SANS FOR508 Advanced Digital Forensics, Incident Response, and Threat Hunting & SANS FOR526 Memory Forensics InDepth courses
Hex and Regex Forensics Cheat SheetForensic Analysts are on the front lines of computer investigations. This guide aims to support Forensic Analysts in their quest to uncover the truth..
SANS FOR518 Reference SheetThe FOR518 Reference Guide Sheet provides valuable information for those students taking or will take the Mac and iOS Forensic Analysis and Incident Response class
Developing Process for Mobile Device ForensicsWith the growing demand for examination of cellular phones and other mobile devices, a need has also developed for the development of process guidelines for the examination of these devices.
Network Forensics PosterNetwork Forensic Analysis techniques can be used in a traditional forensic capacity as well as for continuous incident response/threat hunting operations
Eric Zimmerman's Results in Seconds at the Command-Line PosterUsing the EZ tools provides scriptable, scalable, and repeatable results with astonishing speed and accuracy. Go from one investigation a week to several per day. This type of performance is common with the command line versions of EZ Tools. This poster will show you how.
Hunt EvilKnowing what’s normal on a Windows host helps cut through the noise to quickly locate potential malware. Use this information as a reference to know what’s normal in Windows and to focus your attention on the outliers.
Advanced Smart Phone forensicsDFIR Advanced Smartphone Forensics
Cyber Threat Intelligence ConsumptionThere are three levels of threat intelligence: strategic, operational, and tactical. The levels should be used as a reference guide to remember that different audiences have different requirements of threat intelligence.
iOS Third-Party Apps Forensics Reference Guide PosterThe aim of this poster is to provide a list of the most interesting files and folders in the “Data” folder for the most commonly used third-party apps.

Penetration testing and Red Teaming

PostersDescriptions
Windows Command Line Cheat SheetThe purpose of this cheat sheet is to provide tips on how to use various Windows commands that are frequently referenced in SANS 504, 517, 531, and 560.
Netcat Cheat SheetAll syntax is designed for the original Netcat versions, released by Hobbit and Weld Pond. The syntax here can be adapted for other Netcats, including ncat, gnu Netcat, and others.
BloodHound Cheat SheetThis cheat sheet will help you in Active Directory data collection, analysis and visualization using BloodHound. Related course – SANS SEC560: Network Penetration Testing and Ethical Hacking.
Ultimate Pen Test PosterThe must-have tools for penetration testing, ethical hacking, and vulnerability assessment. Methodology, tips, and tricks for mobile device, web app, network, and wireless pen testing, as well as exploit development.
Pivot Cheat SheetNavigating a client/victim environment often requires pivoting from target to target, and there are many ways to do so. This cheat sheet runs through various options for different environments and situations.
Blueprint: Building a Better Pen TesterHigh-value penetration testing involves modeling the techniques used by real-world computer attackers to find vulnerabilities, and, under controlled circumstances, to exploit those flaws in a professional, safe manner according to a carefully designed scope and rules of engagement
Burp Suite Cheat SheetThis cheat sheet enables users of Burp Suite with quicker operations and more ease of use
Pen Test Rules of Engagement WorksheetWhen planning a penetration test, if you don't formulate rules of engagement properly, you'll end up with a low-value pen test at best.
Pen Test: Attack Surfaces, Tools & TechniquesTools and techniques that every security professional should know to maximize the value of your pen testing and vulnerability assessment work.
Penetration TestingHigh-value penetration testing involves modeling the techniques used by real-world computer attackers to find vulnerabilities, and, under controlled circumstances, to exploit those flaws in a professional, safe manner according to a carefully designed scope and rules of engagement

SANS-Posters and Cheat Sheets [miscellaneous]

PostersDescriptions
Purple Concepts: Bridging The GapEarn your Purple Pilot status by discovering Red and Blue Team tools and understanding how to bridge them with Purple Concepts, then jump around the stars learning how to apply actual Tactics, Techniques, and Procedures (TTPs) in emulator routes featuring real-life threat actors
Control Systems are a Target[plugins/googledrive/README.md][PlGd]
What will your attack look likeWhat will your cyber attack look like? Adversary campaigns often use similar and recognizable techniques. As an ICS defender, your defensive actions (or lack of actions) will determine what your next attack will look like. Use this poster to take you through the steps of determining an attack.
CISO Scorecard and Cloud Security Maturity ModelThe CISO Scorecard has been developed to help upcoming and aspiring leaders understand the specific skill sets required to become an industry-leading CISO
You Are A TargetYou may not realize it, but you are a target for cyber criminals. Your computer, mobile devices, accounts and your information have tremendous value. Check out the different methods a criminal could use your information against you to make money or commit other crimes.
PowerShell Cheat SheetPowerShell Cheat Sheet
Windows Command LineWindows Command Line Sheet
Perspective of a Cyber AttackUse this poster to take you through the steps of determining an attack.