Cheat Sheets
MindMaps
| MindMaps | Descriptions |
|---|---|
| PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS | Includes URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking] sites |
| FORENSIC CHALLENGES | Includes FORENSIC CHALLENGES |
| FORENSIC | Includes FORENSIC |
| SECURING HOME COMPUTERS | SECURING HOME COMPUTERS |
| WEB APPLICATION SECURITY TESTS | WEB APPLICATION SECURITY TESTS |
| USEFUL BROWSER PLUGINS for PENETRATION TESTING / WEB APPLICATION SECURITY TESTING | USEFUL BROWSER PLUGINS for PENETRATION TESTING / WEB APPLICATION SECURITY TESTING |
| VIRTUAL MACHINES AND LIVE CDS | VIRTUAL MACHINES AND LIVE CDS |
SANS-Posters and Cheat Sheets [Free]
Cloud SECURITY
| Posters | Descriptions |
|---|---|
| Enterprise Cloud Forensics & Incident Response Poster | The new SANS Enterprise Cloud Forensics & Incident Response poster provides guidance on terminology and log sources across the major cloud providers (AWS, Google, and Microsoft), along with a CLI cheat sheet for gathering evidence from each cloud |
| Nine Key Cloud Security Concentrations & SWAT Checklist | The Nine Key Cloud Security Concentrations poster describes top cloud security concentrations broken down by each of the Big 3 Cloud providers: AWS, Azure, and GCP. |
| Cloud & Enterprise Vulnerability Management Maturity Model | Key Metrics: Cloud and Enterprise delivers a set of essential metrics to generate, provide, and review with the Technical, Operational, and Executive partners of the organization |
| SOC 2 Examination | This cheat sheet presents an overview of the SOC 2 reporting framework. It outlines key components of the compliance framework to help leaders make informed decisions when pursuing a SOC 2. |
| Secure Service Configuration in AWS, Azure, & GCP | This poster compares and contrasts the popular security services of each major cloud provider - Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. |
| Powershell For Enterprise & Cloud Compliance | The SEC557 Powershell Cheatsheet provides a comprehensive set of Powershell commands, cmdlets, and scripts that compliance professionals can use to automate compliance measurements in their enterprise and cloud environments. |
| Fix Security Issues Left of Prod | if you are looking to fix security issues left of production, then look no further than this Cloud Security and DevOps cheat sheet. |
| Multicloud Cheat Sheet | Use CLIs to interact with the three most popular cloud platforms: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. |
Cyber Defense
| Posters | Descriptions |
|---|---|
| IPv6 Pocket Guide | The IPv6 Pocket Guide is an excellent resource for students of SEC503: Intrusion Detection In-Depth. In addition to information on IPv6 headers and addresses, it includes quick-reference material on commonly used acronyms, tcpdump usage, routing and fragment headers, and more. |
| TCP/IP and tcpdump | The SEC503 TCP/IP and tcpdump Cheatsheet is an excellent resource for students of SEC503: Intrusion Detection In-Depth. |
| Guide to Security Operations | If you work in a SOC or cyber defense operations role then the SANS Guide To Security Operations is for you |
CyberSecyrity and IT Essentials
| Posters | Descriptions |
|---|---|
| Google Dorking Hacking and Defense Cheat Sheet | This document aims to be a quick reference outlining all Google operators, their meaning, and examples of their usage. |
| SANS SIEM: A Log Lifecycle | m. A SIEM can be an incredibly valuable tool for the SOC when implemented correctly. Leverage the Log Lifecycle Poster to add context and enrich data to achieve actionable intelligence – enabling detection techniques that do not exist in your environment today. |
Digital Forensics and Incident Response
| Posters | Descriptions |
|---|---|
| Windows Forensic Analysis | Use this poster as a cheat-sheet to help you remember where you can discover key Windows artifacts for computer intrusion, intellectual property theft, and other common cyber crime investigations. |
| Malware Analysis: Tips & Tricks Poster | Uncovering the capabilities of malicious software allows security professionals to respond to incidents, fortify defenses, and derive threat intelligence |
| SANS DFIR Cheatsheet Booklet | This booklet contains the most popular SANS DFIR Cheatsheets and provides a valuable resource to help streamline your investigations. Download this booklet, keep it in digital form, or print it & keep it handy wherever you go! |
| Windows Third Party Apps Forensics Poster | This poster is a detailed exploration of artifacts from 46 third-party applications commonly found on devices running the Windows operating system. |
| SIFT Cheat Sheet | DFIR Forensic Analysts are on the front lines of computer investigations. This guide aims to support Forensic Analysts in their quest to uncover the truth. |
| DFIR Memory Forensics | Memory analysis is the decisive victory on the battlefield between offense and defense, giving the upper hand to incident responders by exposing injection and hooking techniques that would otherwise remain undetected. |
| Android Third-Party Apps Forensics | The aim of this poster is to provide a list of the most interesting files and folders in the “Data” folder for the most commonly used third-party apps. |
| Malware Analysis and Reverse-Engineering Cheat Sheet | This cheat sheet presents tips for analyzing and reverse-engineering malware. It outlines the steps for performing behavioral and code-level analysis of malicious software. |
| Cheat Sheet for Analyzing Malicious Documents | This cheat sheet outlines tips and tools for analyzing malicious documents, such as Microsoft Office, RTF and Adobe Acrobat (PDF) files. |
| REMnux Usage Tips for Malware Analysis on Linux | This cheat sheet outlines some of the commands and tools for analyzing malware using the REMnux. |
| Tips for Reverse-Engineering Malicious Code | Cheat sheet for reversing malicious Windows executables via static and dynamic code analysis. |
| Linux Shell Survival Guide | it covers some of what we consider the more useful Linux shell primitives and core utilities. These can be exceedingly helpful when automating analysis processes, generating output that can be copied and pasted into a report or spreadsheet document, or supporting quick-turn responses when a full tool kit is not available. |
| JSON and jq Quick Start Guide | . It covers the basics of JSON and some of the fundamentals of the jq utility. The jq utility filters, parses, formats, and restructures JSON—think of it as sed, awk, and grep, but for JSON |
| DFIR Advanced Smartphone Forensics Interactive Poster | Use this poster as a cheat-sheet to help you remember how to handle smartphones, where to obtain actionable intelligence, and how to recover and analyze data on the latest smartphones and tablets. |
| SQlite Pocket Reference Guide | It covers some of the core methods to extracting data from SQLite databases. Definitions, sample queries, and SQLite terminology will help you conduct manual extractions from databases of interest found on Macs, smartphones, and PCs |
| Windows to Unix Cheat Sheet | Created by Didier Stevens the "oledump" cheat sheet is valuable reference for the author's popular open source tool to help in the analysis of MSFT Office documents |
| Eric Zimmerman's tools Cheat Sheet | This cheat sheet covers the basics of using several command line programs by Eric Zimmerman. |
| Rekall Cheat Sheet | This cheatsheet provides a quick reference for memory analysis operations in Rekall, covering acquisition, live memory analysis and parsing plugins used in the 6-Step Investigative Process. |
| Memory Forensics Analysis | This cheat sheet supports the SANS FOR508 Advanced Digital Forensics, Incident Response, and Threat Hunting & SANS FOR526 Memory Forensics InDepth courses |
| Hex and Regex Forensics Cheat Sheet | Forensic Analysts are on the front lines of computer investigations. This guide aims to support Forensic Analysts in their quest to uncover the truth.. |
| SANS FOR518 Reference Sheet | The FOR518 Reference Guide Sheet provides valuable information for those students taking or will take the Mac and iOS Forensic Analysis and Incident Response class |
| Developing Process for Mobile Device Forensics | With the growing demand for examination of cellular phones and other mobile devices, a need has also developed for the development of process guidelines for the examination of these devices. |
| Network Forensics Poster | Network Forensic Analysis techniques can be used in a traditional forensic capacity as well as for continuous incident response/threat hunting operations |
| Eric Zimmerman's Results in Seconds at the Command-Line Poster | Using the EZ tools provides scriptable, scalable, and repeatable results with astonishing speed and accuracy. Go from one investigation a week to several per day. This type of performance is common with the command line versions of EZ Tools. This poster will show you how. |
| Hunt Evil | Knowing what’s normal on a Windows host helps cut through the noise to quickly locate potential malware. Use this information as a reference to know what’s normal in Windows and to focus your attention on the outliers. |
| Advanced Smart Phone forensics | DFIR Advanced Smartphone Forensics |
| Cyber Threat Intelligence Consumption | There are three levels of threat intelligence: strategic, operational, and tactical. The levels should be used as a reference guide to remember that different audiences have different requirements of threat intelligence. |
| iOS Third-Party Apps Forensics Reference Guide Poster | The aim of this poster is to provide a list of the most interesting files and folders in the “Data” folder for the most commonly used third-party apps. |
Penetration testing and Red Teaming
| Posters | Descriptions |
|---|---|
| Windows Command Line Cheat Sheet | The purpose of this cheat sheet is to provide tips on how to use various Windows commands that are frequently referenced in SANS 504, 517, 531, and 560. |
| Netcat Cheat Sheet | All syntax is designed for the original Netcat versions, released by Hobbit and Weld Pond. The syntax here can be adapted for other Netcats, including ncat, gnu Netcat, and others. |
| BloodHound Cheat Sheet | This cheat sheet will help you in Active Directory data collection, analysis and visualization using BloodHound. Related course – SANS SEC560: Network Penetration Testing and Ethical Hacking. |
| Ultimate Pen Test Poster | The must-have tools for penetration testing, ethical hacking, and vulnerability assessment. Methodology, tips, and tricks for mobile device, web app, network, and wireless pen testing, as well as exploit development. |
| Pivot Cheat Sheet | Navigating a client/victim environment often requires pivoting from target to target, and there are many ways to do so. This cheat sheet runs through various options for different environments and situations. |
| Blueprint: Building a Better Pen Tester | High-value penetration testing involves modeling the techniques used by real-world computer attackers to find vulnerabilities, and, under controlled circumstances, to exploit those flaws in a professional, safe manner according to a carefully designed scope and rules of engagement |
| Burp Suite Cheat Sheet | This cheat sheet enables users of Burp Suite with quicker operations and more ease of use |
| Pen Test Rules of Engagement Worksheet | When planning a penetration test, if you don't formulate rules of engagement properly, you'll end up with a low-value pen test at best. |
| Pen Test: Attack Surfaces, Tools & Techniques | Tools and techniques that every security professional should know to maximize the value of your pen testing and vulnerability assessment work. |
| Penetration Testing | High-value penetration testing involves modeling the techniques used by real-world computer attackers to find vulnerabilities, and, under controlled circumstances, to exploit those flaws in a professional, safe manner according to a carefully designed scope and rules of engagement |
SANS-Posters and Cheat Sheets [miscellaneous]
| Posters | Descriptions |
|---|---|
| Purple Concepts: Bridging The Gap | Earn your Purple Pilot status by discovering Red and Blue Team tools and understanding how to bridge them with Purple Concepts, then jump around the stars learning how to apply actual Tactics, Techniques, and Procedures (TTPs) in emulator routes featuring real-life threat actors |
| Control Systems are a Target | [plugins/googledrive/README.md][PlGd] |
| What will your attack look like | What will your cyber attack look like? Adversary campaigns often use similar and recognizable techniques. As an ICS defender, your defensive actions (or lack of actions) will determine what your next attack will look like. Use this poster to take you through the steps of determining an attack. |
| CISO Scorecard and Cloud Security Maturity Model | The CISO Scorecard has been developed to help upcoming and aspiring leaders understand the specific skill sets required to become an industry-leading CISO |
| You Are A Target | You may not realize it, but you are a target for cyber criminals. Your computer, mobile devices, accounts and your information have tremendous value. Check out the different methods a criminal could use your information against you to make money or commit other crimes. |
| PowerShell Cheat Sheet | PowerShell Cheat Sheet |
| Windows Command Line | Windows Command Line Sheet |
| Perspective of a Cyber Attack | Use this poster to take you through the steps of determining an attack. |