| Resource | Description |
|---|---|
| Enterprise Security Pipeline | End-to-end security lifecycle with vendor mapping across all 6 stages |
| Starred Repositories | Curated repos structured around Cybersecurity Technology |
| Cybersecurity Book List | Books, labs, and companion repos grouped for practical learning, with cert roadmaps and learning paths |
| YouTube Channel Library | Active channels across multiple security disciplines |
| X / Twitter Follow List | Vetted accounts that regularly share original research, tooling, or operational insight |
| Career Paths | 15+ cybersecurity roles with skill maps, salary ranges, cert roadmaps, and career transition paths |
| Certifications Reference | Detailed reference for 40+ security certifications — cost, difficulty, DoD 8570, and who should pursue each |
| Hands-On Labs | Free lab environments, CTF platforms, and home lab builds mapped to each security discipline |
| Security Tools Reference | Quick-reference matrices of 100+ security tools organized by category with OSS/commercial tags |
| Frameworks Reference | Side-by-side comparison of NIST CSF, 800-53, ISO 27001, SOC 2, PCI DSS, CMMC, GDPR, and 10+ other frameworks |
| Security Glossary | 100+ cybersecurity terms, acronyms, and definitions from APT to ZTNA |
| Threat Actors | Nation-state APTs, ransomware groups, and eCrime actors mapped to ATT&CK TTPs |
| IR Playbooks | Step-by-step response procedures for ransomware, BEC, data exfiltration, DDoS, cloud incidents, and more |
| HTB Machine Index | 127 retired HackTheBox machines indexed by difficulty, OS, and skills learned |
| Resources | Books, courses, YouTube channels, podcasts, CTF platforms, and communities |
| HTB Learning Tracks | 45 curated HackTheBox learning tracks mapped to disciplines and certification paths |
| Interview Prep | Common interview questions by role — SOC analyst, pentester, DFIR, cloud security, AppSec |
| Home Lab Setup | Hardware, hypervisors, network architecture, and detection stacks for building a security lab |
| Pentest Checklists | Step-by-step checklists for external, internal, AD, web app, cloud, and post-exploitation testing |
| CTF Methodology | Systematic approach to web, forensics, crypto, reverse engineering, binary exploitation, and OSINT challenges |
| Privilege Escalation Reference | Linux and Windows privilege escalation techniques with ATT&CK mappings and automated tools |
| Cloud Attack Reference | AWS, Azure, and GCP attack techniques, IAM escalation paths, and defensive controls |
| Network Attacks Reference | ARP poisoning, VLAN hopping, LLMNR poisoning, MITM, network pivoting, tunneling, evasion techniques, and Scapy/Nmap reference |
| Network Monitoring Reference | Zeek logs/scripts, Suricata rules, JA3/JARM, NetFlow/SiLK, beaconing detection, DGA hunting, Security Onion |
| Digital Forensics Reference | Order of volatility, chain of custody, disk acquisition, Windows/Linux artifacts, Volatility 3 memory forensics, and log analysis |
| Incident Response Reference | NIST/SANS IR frameworks, live response commands, Velociraptor/KAPE, ransomware playbook, BEC response, AD compromise |
| Malware Analysis Reference | Static/dynamic analysis, PE structure, process injection, YARA rules, ransomware, memory forensics, Volatility 3 |
| GRC Reference | Security governance, risk management (FAIR), SOC 2, ISO 27001, PCI DSS, TPRM, compliance program management |
| Threat Modeling Reference | STRIDE, PASTA, LINDDUN, attack trees, MITRE ATT&CK integration, DFDs, pytm, cloud microservices threat modeling |
| Detection Rules Reference | Sigma, YARA, and Suricata rule writing with examples and conversion to Splunk, Elastic, and Sentinel |
| Malware Families | Ransomware, banking trojans, RATs, APT malware, rootkits, and loaders with TTPs and analysis resources |
| Enterprise Infrastructure Reference | Every OS, server role, and network component encountered in enterprise environments — with security context and ATT&CK relevance |
| Open Source Toolkit | Comprehensive open source security tooling reference and bookmarks organized by category across 20+ disciplines |
| Conference Talks & Papers | Black Hat, DEF CON, BSides, CCC, USENIX, and landmark talk archives — with guidance on finding associated research repos |
| Security Metrics Reference | SOC KPIs, vulnerability management SLAs, detection coverage scoring, risk metrics, and executive reporting frameworks |
| API Security Reference | OWASP API Top 10, REST and GraphQL attack techniques, JWT attacks, SSRF, BOLA/BFLA, and API security testing methodology |
| Windows Hardening | CIS benchmarks, GPO hardening, ASR rules, Defender for Endpoint, AppLocker/WDAC, and compliance scanning |
| Linux Hardening | CIS Benchmark, STIG, kernel hardening (sysctl), SELinux/AppArmor, auditd rules, SSH hardening, service sandboxing |
| Network Security Architecture | DMZ design, VLAN segmentation, firewall policy, IDS/IPS placement, NAC/802.1X, DDoS protection, and network monitoring |
| Wireless Security Reference | WiFi attacks (WPA2/WPA3, evil twin, PMKID), Bluetooth, SDR, RFID/NFC, and enterprise wireless hardening |
| Social Engineering Reference | Phishing taxonomy, AiTM attacks, vishing, pretexting, physical SE, simulation programs, and awareness training |
| Deception Technology | Honeypots, honeytokens, canary tokens, deception platforms, breadcrumb strategy, and detection rules |
| Threat Intelligence Reference | Intel lifecycle, STIX/TAXII, threat actor profiles, IOC enrichment, TIP platforms, and intelligence-driven detection |
| Container Security Reference | Docker/container security, image hardening, runtime protection (Falco/seccomp/AppArmor), container escape defense, registry security, secrets management, SBOM, MITRE ATT&CK containers |
| Cryptography Reference | Symmetric/asymmetric crypto, TLS configuration, PKI, key management, post-quantum cryptography, and attack reference |
| Password Security Reference | Hash formats, hashcat/John mastery, Argon2/bcrypt/PBKDF2 storage, NIST 800-63B policy, LAPS, gMSA, HIBP API |
| Purple Team Reference | Adversary emulation, Atomic Red Team, CALDERA, detection validation, Sigma rules, BAS tools, ATT&CK Navigator coverage |
| Zero Trust Reference | NIST SP 800-207, CISA ZTMM v2.0, identity/device/network/data pillars, ZTNA, micro-segmentation, and implementation roadmap |
| Blockchain Security Reference | Smart contract vulnerabilities, DeFi hack case studies, auditing tools, consensus security, exchange security, and on-chain incident response |
| Web App Pentesting | Testing methodology, SQLi/XSS/SSRF/SSTI payloads, JWT attacks, auth bypass, business logic testing, Burp Suite and ffuf reference |
| Exploit Development Reference | Buffer overflows, ROP chains, heap exploitation, format strings, shellcode, pwntools, Windows exploit dev, CTF resources |
| Active Directory Attacks | BloodHound, Kerberoasting, DCSync, Golden/Silver/Diamond tickets, RBCD, ADCS ESC1-8, NTLM relay, lateral movement |
| Networking Fundamentals | OSI model, TCP/IP deep dive, subnetting, ARP/VLANs/STP, routing protocols (OSPF/BGP), DNS, and essential troubleshooting commands for security practitioners |
| Vendor Prevention Policies | Authoritative policy settings from Microsoft (ASR/MDE), CrowdStrike, SentinelOne, Palo Alto, Proofpoint, Zscaler, CISA, NSA, Elastic, and Splunk |
| Cloud Security Reference | AWS/Azure/GCP security services, IAM attacks, SSRF to IMDS, Pacu/ROADtools/AzureHound, CSPM, K8s security, cloud IR |
| SIEM Detection Content | Official detection rules from Sigma, Elastic, Splunk ESCU, Microsoft Sentinel, MITRE ATT&CK mitigations, CIS Controls, and DISA STIGs |
| Vulnerability Management | CVSS v3.1/v4.0 scoring, EPSS prioritization, CISA KEV, scanning tools, patch management, and program KPIs |
| Packet Analysis Reference | Wireshark display filters, tcpdump BPF syntax, Zeek logs and scripting, JA3 fingerprinting, and attack pattern detection in pcaps |
| Mobile Security Reference | OWASP MASVS, Android/iOS security architecture, APK/IPA analysis, Frida/objection, MDM/MAM policies, and mobile threats |
| Cloud Network Security | AWS VPC/Security Groups/WAF/Network Firewall, Azure NSG/Firewall/Private Endpoints, GCP VPC/Cloud Armor, and flow log analysis |
| Secure Coding Reference | OWASP Top 10 (2021), input validation, auth/session security, cryptography in code, SAST/DAST tools, and supply chain security |
| AI Security Reference | OWASP LLM Top 10, prompt injection attacks, adversarial ML, LLM deployment security, guardrails, and AI in security operations |
| Supply Chain Security | SolarWinds/XZ Utils/3CX attack analysis, SBOM (Syft/CycloneDX/SPDX), SLSA framework, Sigstore/Cosign, and CI/CD pipeline hardening |
| Red Team Reference | Red team methodology, ROE, C2 framework comparison (Cobalt Strike/Sliver/Havoc/Mythic), LOLBAS, persistence, lateral movement tradecraft |
| DevSecOps Reference | SAST/DAST/SCA tools, GitHub Actions security, Semgrep/CodeQL/Trivy/Snyk, secrets detection, IaC scanning, pipeline security gates |
| Browser Security Reference | SOP, CORS attacks, CSP bypass, security headers, CSRF, clickjacking, cookie security, extension analysis, prototype pollution |
Focused starting points by area of practice. Each page includes a learning path, free training resources, tools, books, certifications, and who to follow.
| Discipline | Focus |
|---|---|
| Threat Intelligence | Collecting, analyzing, and acting on threat data to understand adversary capabilities and intent |
| Detection Engineering | Building, tuning, and validating detections across log sources, SIEMs, and EDR platforms |
| Incident Response | Responding to, containing, and recovering from security incidents |
| Offensive Security | Penetration testing, red teaming, adversary emulation, and vulnerability research |
| Vulnerability Management | Identifying, prioritizing, and remediating vulnerabilities across the environment |
| Cloud Security | Securing cloud infrastructure, containers, serverless, and cloud identity |
| Network Security | Monitoring and defending network traffic; NSM, IDS/IPS, Zero Trust networking |
| Malware Analysis | Static and dynamic malware analysis, reverse engineering, and sandbox investigation |
| ICS / OT Security | Securing industrial control systems, SCADA, PLCs, and critical infrastructure |
| Application Security | Web/API security, secure SDLC, SAST/DAST, threat modeling, and bug bounty |
| Adversarial AI Attacks | Attacking AI and ML systems — adversarial examples, model inversion, data poisoning, and LLM jailbreaks |
| AI & LLM Security | Securing AI systems, red-teaming LLMs, prompt injection, and adversarial ML |
| Governance, Risk & Compliance | Risk frameworks, compliance programs, NIST CSF/800-53, ISO 27001, GRC tooling |
| Hacker Hobbies & Community | Locksport, SDR, electronics, badge hacking, ham radio, car hacking, DEF CON villages, and the broader hacker community |
| Digital Forensics | Disk, memory, and network forensics; evidence handling; DFIR methodology |
| Security Architecture | Zero Trust design, threat modeling, defense-in-depth, and architectural frameworks |
| DevSecOps | Integrating security into CI/CD pipelines; SAST, SCA, IaC scanning, secrets detection |
| Cryptography & PKI | Certificate lifecycle, key management, HSMs, TLS hardening, and post-quantum readiness |
| Supply Chain Security | SBOM generation, artifact signing, dependency security, and SLSA framework |
| Privacy Engineering | PII detection, data minimization, consent management, DSR automation, GDPR/CCPA |
| Identity & Access Management | IAM/PAM architecture, SSO/MFA, Zero Trust identity, AD security, and CIEM |
| Security Operations | SOC operations, SIEM/SOAR, threat hunting, detection lifecycle, and SOC metrics |
| Data Security | Data classification, DLP, encryption, DSPM, and database activity monitoring |
| Active Defense & Deception | Honeypots, honeytokens, canary tokens, deception grids, and adversary engagement |
| Hardware Security | Firmware analysis, secure boot, TPM/HSM, hardware hacking, side-channel attacks |
| Mobile Security | iOS/Android app security, MASVS, MDM/EMM, mobile threat defense, dynamic analysis |
| Purple Teaming | Adversary emulation, BAS, detection validation, ATT&CK coverage measurement |
| Radio Frequency Security | RF attack techniques, SDR tooling, replay attacks, protocol analysis, and wireless security testing |
| Bug Bounty | Web/API/mobile vulnerability research, recon methodology, responsible disclosure |
| Social Engineering | Phishing simulations, pretexting, vishing, security awareness training, human risk management |
| Physical Security | Physical pen testing, RFID cloning, badge bypass, access control systems, facility security |
| Threat Modeling | STRIDE/PASTA/LINDDUN methodologies, threat model as code, DFD-based analysis, DevSecOps integration |
| OSINT | Open source intelligence collection, recon methodology, SOCMINT/GEOINT, OpSec for analysts |
| Zero Trust Architecture | ZT principles, CISA ZTMM, microsegmentation, ZTNA tooling, BeyondCorp, NIST SP 800-207 |
| IoT Security | IoT attack surface, firmware analysis, MQTT/CoAP testing, device identity, OWASP IoT Top 10 |
| Container & Kubernetes Security | Container runtime security, K8s RBAC, image scanning, Falco, OPA Gatekeeper, CKS prep |
| Cyber Risk Quantification | FAIR methodology, Monte Carlo simulation, ALE/ROSI calculation, board-level risk communication |
| Blockchain & Web3 Security | Smart contract auditing, DeFi exploits, reentrancy, Slither/Echidna/Mythril, Ethernaut CTF |
| Security Awareness | Phishing simulation, behavior change programs, KnowBe4/GoPhish, human risk metrics |
| Active Directory Security | AD attack paths, Kerberoasting, DCSync, BloodHound, defensive controls, and detection strategies |
| AI / ML Security | Adversarial ML, model inversion, data poisoning, MITRE ATLAS, and MLOps security |
| Exploit Development | Buffer overflows, ROP chains, heap exploitation, format strings, fuzzing, and CVE research |
| Penetration Testing | Scoping, methodology, CVSS scoring, tooling by phase, and report structure |
| Red Teaming | APT simulation, C2 frameworks, payload evasion, infrastructure OPSEC, and engagement types |
| Reverse Engineering | x86/x64 assembly, static/dynamic analysis, anti-analysis bypasses, and platform-specific RE |
| SIEM & SOAR | SIEM architecture, SPL/KQL query writing, SOAR playbook design, and log source onboarding |
| Threat Hunting | Hypothesis-driven hunting, ATT&CK-mapped procedures, Splunk/KQL queries, and maturity model |
| DevSecOps Reference | SAST/DAST/SCA tools, GitHub Actions security, Semgrep/CodeQL/Trivy/Snyk, secrets detection, IaC scanning, pipeline security gates |
High-quality training does not require a large budget. These platforms offer free or pay-what-you-can content taught by working practitioners.
| Platform | Focus |
|---|---|
| Antisyphon Training | Pay-what-you-can live courses from John Strand and practitioners; SOC, pentesting, active defense |
| Black Hills Information Security | Hundreds of free webcasts on every security discipline |
| TCM Security Academy | Free tier with 25+ hours of on-demand content; practical ethical hacking and SOC |
| PortSwigger Web Security Academy | The best free web application security training available; interactive labs for every major vulnerability class |
| Hack The Box Academy | Free Student tier; SOC analyst, DFIR, penetration testing, and cloud security paths |
| TryHackMe | Browser-based beginner-to-advanced labs; no local setup required |
| IppSec | HackTheBox walkthroughs demonstrating real attack techniques with full methodology |
| Blue Team Labs Online | Free investigation challenges for detection, forensics, and IR |
| LetsDefend | Free SOC simulator for alert triage and threat analysis |
| CISA Training Catalog | No-cost federal training open to the public including ICS/OT, cloud, and IR content |
| Anthropic Courses | Free AI and LLM security courses from Anthropic |
| DevSecOps Reference | SAST/DAST/SCA tools, GitHub Actions security, Semgrep/CodeQL/Trivy/Snyk, secrets detection, IaC scanning, pipeline security gates |
Machine-readable data files and an ATT&CK Navigator layer connecting the TeamStarWolf vendor stack to NIST 800-53 controls and ATT&CK techniques.
| Resource | Description |
|---|---|
| ATT&CK Navigator Layer | NIST 800-53 R5 → ATT&CK coverage heatmap (313 techniques, CTID-sourced). Load in Navigator ↗ |
| Vendor → Control edges | JSONL edge table: 100+ vendor → NIST 800-53 control mappings |
| Control → Technique edges | JSONL edge table: NIST 800-53 R5 → ATT&CK technique mappings (CTID) |
| Vendor → Technique edges | JSONL derived edge table: vendor → ATT&CK technique coverage via control join |
| Controls Mapping | Full Vendor → NIST 800-53 → ATT&CK cross-reference |
| Coverage Schema | Gap scoring data model, JSON schemas, Python scoring functions |
| ICS/OT Security Reference | ICS/SCADA architecture, Stuxnet/TRITON/Industroyer analysis, Modbus/DNP3/S7 attacks, IEC 62443, NERC CIP, Dragos/Claroty |
| OSINT Reference | Comprehensive OSINT methodology: passive/active recon, Google dorks, domain/IP intelligence, SOCMINT, GEOINT, corporate and threat intel OSINT, full tools reference, and ATT&CK mapping |
| Network Protocols Security | DNS, HTTP, SMB, Kerberos, RDP, SSH, LDAP, SNMP, NTP, DHCP, BGP — how each protocol works and how attackers exploit it |
| DevSecOps Reference | SAST/DAST/SCA tools, GitHub Actions security, Semgrep/CodeQL/Trivy/Snyk, secrets detection, IaC scanning, pipeline security gates |
MITRE ATT&CK workbench for coverage review, detection engineering, exposure mapping, and threat-intelligence correlation. Supports Enterprise, ICS, and Mobile ATT&CK domains.
Capabilities
-
Multiple heatmap modes across coverage, detection, exposure, compliance, and risk
-
CVE mappings with live integrations: MISP, OpenCTI, EPSS, CISA KEV, NVD, Elastic, Splunk, Sigma, Atomic Red Team, ExploitDB, and Nuclei
-
STIX 2.1 import/export, custom technique editing, and collection sharing
-
Deployable via Docker or GitHub Pages
Repository | Live Site | Docs
| Project | Description |
|---|---|
| LimeWire | Python desktop audio studio — download, analysis, editing, stem separation, and batch processing |
| PokeNav | Offline-first Pokemon encyclopedia with game-aware browsing and trainer archives |
| Identity Security Reference | IAM, PAM, MFA bypass techniques, AD attacks, Okta/Entra/CyberArk/Vault vendor controls, identity detection |
| Physical Security Reference | Lock picking, RFID badge cloning (Proxmark3/Flipper Zero), physical pentesting, drop boxes, CCTV assessment, NIST PE controls |
| Endpoint Security Reference | MDE/CrowdStrike/SentinelOne config, all 19 ASR rules, Sysmon event IDs, Windows audit policy, KQL hunting queries |
| Privacy Engineering Reference | GDPR/CCPA/HIPAA, Privacy by Design, anonymization/pseudonymization, consent management, DPIA, field-level encryption |
| Hardware Security Reference | TPM 2.0, HSM/FIPS 140-3, Secure Boot/UEFI, side-channel attacks, fault injection, JTAG, confidential computing (SGX/TDX/SEV) |
| Email Security Reference | SPF/DKIM/DMARC deep dive, phishing analysis, HTML smuggling, BEC, M365 Defender config, SMTP hardening, email forensics |
| Kubernetes Security Reference | K8s RBAC attacks, container escape, Pod Security Standards, NetworkPolicy, secrets management, Falco, kube-bench |
| Fuzzing & Vulnerability Research | AFL++, libFuzzer, OSS-Fuzz, binary analysis, Ghidra/angr, symbolic execution, CVE process, bug bounty methodology |
| Security Architecture Reference | Defense-in-depth, Zero Trust architecture, cloud security design, application security patterns, identity architecture, SecOps architecture, and resilience design |
| Wireless Security Reference | Wi-Fi protocols (WEP/WPA/WPA3), Bluetooth, Cellular (4G/5G), RFID/NFC, IoT protocols, attack techniques, WIDS, hardening, standards |
| Automotive Security Reference | CAN bus attacks, ECU security, OTA update integrity, V2X/DSRC/C-V2X, key fob relay attacks, ADAS sensor spoofing, ISO 21434, UNECE WP.29 |
| Firmware & IoT Security Reference | IoT/Firmware attack surface, extraction, analysis, UEFI/BIOS, protocols, hardware interfaces, standards |
| HONEYPOT_DECEPTION_REFERENCE.md | Honeypot & Deception Technology Reference — OpenCanary, Cowrie, Dionaea, T-Pot, Canarytokens, MITRE D3FEND/ATT&CK mapping |
- AI & MCP Security Reference
- AI Offensive Security Reference — AI-powered offensive security tools (Glasswing, Clearwing, CVE exploitation, MITRE ATT&CK mapping, defensive frameworks) | PENETRATION_TESTING_METHODOLOGY.md | Comprehensive penetration testing methodology reference covering scoping, recon, exploitation, post-exploitation, web, cloud, reporting, and MITRE ATT&CK mapping | Security | | Windows Hardening Reference | Comprehensive Windows security hardening: architecture, accounts, GPO, Sysmon, WEF, PowerShell, Defender, AppControl, network, audit policy | Windows 10/11, Server 2019/2022 | | GRC Compliance Reference | Deep-dive reference for GRC fundamentals, NIST CSF 2.0, OSCAL, ComplianceAsCode/OpenSCAP, CIS Controls v8, PCI DSS v4.0, HIPAA/HITECH, SOC 2 Type II, ISO 27001:2022, and GRC automation tooling | | Secrets Management Reference | HashiCorp Vault, CyberArk Conjur, secret detection (gitleaks/ggshield/TruffleHog), cloud-native secrets (AWS/Azure/GCP), Kubernetes secrets security, PKI/SSH management, CI/CD OIDC federation, secrets operations | | Network Defense Reference | Suricata, Zeek, Security Onion, Arkime, DNS security, nDPI, NAC, DDoS protection, NSM operations | | Threat Hunting Reference | Comprehensive threat hunting reference: KQL, SPL, Sigma, YARA, ATT&CK playbooks, Velociraptor, osquery, TI integration, and hunt tracking | | SDR & RF Security Reference | Software-Defined Radio and RF security: hardware, GNU Radio, protocol analysis (GSM/LTE/Bluetooth/Zigbee/P25), replay attacks, RFID/NFC, Kismet, TEMPEST, and legal framework | | DevSecOps Reference | Shift-left philosophy, BSIMM/SAMM maturity models, SAST/SCA/DAST tooling, secrets management, pipeline security, container security, SLSA supply chain, and compliance-as-code | | Linux Hardening Reference | Linux system hardening, CIS Benchmarks, SELinux, auditd, firewall, compliance |