A public resource library for the cybersecurity community.
Offensive Security
| Reference | Coverage |
|---|---|
| Penetration Testing Methodology | Structured methodology for external, internal, web, and AD engagements |
| Red Team Reference | ROE, C2 frameworks, OPSEC, payload dev, lateral movement tradecraft |
| Active Directory Attacks | Kerberoasting, DCSync, Golden tickets, BloodHound, AD CS attacks |
| Web Application Pentesting | SQLi, XSS, SSRF, JWT attacks, Burp Suite, auth bypass |
| Social Engineering Reference | Phishing, vishing, AiTM, pretexting, campaign ops |
| Privilege Escalation Reference | Windows and Linux privesc with detection and remediation |
| Exploit Development Reference | Buffer overflows, ROP chains, shellcode, pwntools |
| CTF Methodology | Web, forensics, crypto, reversing, pwn — systematic approach and tooling |
Defensive Security
| Reference | Coverage |
|---|---|
| Incident Response Reference | NIST/SANS IR frameworks, live response, forensic triage |
| Threat Hunting Reference | Hypothesis-driven hunting, KQL/SPL queries, data sources |
| SIEM Reference | Splunk, Sentinel, QRadar, Elastic — query languages and detection engineering |
| Digital Forensics Reference | Disk, memory, network, and cloud forensics workflows |
| Malware Analysis Reference | Static/dynamic analysis, sandbox, behavioral detection |
| Purple Team Reference | Adversary emulation, Atomic Red Team, detection validation |
| Detection Rules Reference | Sigma, YARA, Suricata rule writing with examples |
| Network Defense Reference | IDS/IPS, firewall policy, network segmentation, NDR |
Cloud & Infrastructure
| Reference | Coverage |
|---|---|
| Cloud Security Reference | AWS/Azure/GCP controls, IAM, CSPM, cloud-native threats |
| Cloud Attack Reference | Cloud privilege escalation, lateral movement, exfiltration, persistence |
| Container Security Reference | Docker hardening, Kubernetes security, container escapes |
| DevSecOps Reference | SAST/DAST/SCA, GitHub Actions security, secrets in CI/CD |
| Supply Chain Security Reference | SBOM, Sigstore/cosign, SLSA, dependency security |
| Network Security Architecture | DMZ design, VLAN segmentation, firewall policy |
| Windows Hardening Reference | Sysmon, WEF, Defender, AppControl, GPO, ASR rules |
| Linux Hardening Reference | CIS benchmarks, sysctl, SELinux, auditd, service hardening |
Identity, Access & Cryptography
| Reference | Coverage |
|---|---|
| Identity Access Management Reference | IAM architecture, MFA, PAM, JIT, SSO |
| Active Directory Security Reference | AD hardening, tiered admin, MDI, Kerberos defense |
| Zero Trust Reference | NIST SP 800-207, CISA ZTMM, microsegmentation, BeyondCorp |
| Secrets Management Reference | Vault, AWS Secrets Manager, rotation, detection |
| Cryptography Reference | Symmetric/asymmetric, TLS, PKI, HSM, quantum-resistant algorithms |
| Password Security Reference | Hash formats, hashcat/John, credential stuffing defense |
Governance, Risk & Compliance
| Reference | Coverage |
|---|---|
| GRC Compliance Reference | NIST 800-53, ISO 27001, SOC 2, PCI DSS, HIPAA, CMMC |
| Security Metrics Reference | MTTD/MTTR, vulnerability SLAs, SOC KPIs, FAIR model |
| Threat Modeling Reference | STRIDE, PASTA, attack trees, MITRE ATT&CK integration |
| Vulnerability Management Reference | CVSS, EPSS, CISA KEV, VEX, patch prioritization |
| Privacy Engineering Reference | GDPR/CCPA, PbD, data minimization, PIA |
| Security Architecture Reference | Zero trust, defense-in-depth, SABSA, enterprise patterns |
Specialized Domains
| Reference | Coverage |
|---|---|
| Automotive Security Reference | CAN bus, ECU, V2X, OTA updates, ISO 21434 |
| ICS/OT Security Reference | SCADA, PLC, Purdue model, IEC 62443, OT incident response |
| Hardware Security Reference | TPM, HSM, side-channel attacks, JTAG/SWD, fault injection |
| Firmware & IoT Security Reference | Binwalk, UART/JTAG extraction, firmware emulation |
| Mobile Security Reference | OWASP MASVS, Android/iOS RE, Frida, MDM/MAM |
| AI Security Reference | LLM threat models, prompt injection, adversarial ML, MCP security |
| SDR & RF Security Reference | HackRF, Flipper Zero, sub-GHz analysis, RF attack surface |
Research & Analysis
| Reference | Coverage |
|---|---|
| OSINT Reference | Passive recon, Shodan/Censys, GEOINT, SOCMINT, automation |
| Reverse Engineering Reference | Ghidra/IDA/Binary Ninja, dynamic analysis, firmware RE |
| Threat Intelligence Reference | Intel lifecycle, STIX/TAXII, threat actor tracking |
| Network Protocols Reference | TCP/IP, DNS, TLS, authentication protocols, analysis tools |
| Packet Analysis Reference | Wireshark, tcpdump, Zeek, JA3, attack pattern detection |
| Network Forensics Reference | PCAP forensics, NetFlow, encrypted traffic analysis, cloud |
Coverage & Data
ATT&CK Navigator layer and machine-readable edge tables mapping the TeamStarWolf vendor stack to NIST 800-53 controls and ATT&CK techniques.
| Resource | Description |
|---|---|
| ATT&CK Navigator Layer | NIST 800-53 R5 -> ATT&CK heatmap (313 techniques, CTID-sourced) Load in Navigator |
| Vendor -> Control edges | 100+ vendor -> NIST 800-53 control mappings |
| Control -> Technique edges | NIST 800-53 R5 -> ATT&CK technique mappings (CTID) |
| Vendor -> Technique edges | Derived vendor -> ATT&CK technique coverage via control join |
| Controls Mapping | Full vendor -> NIST 800-53 -> ATT&CK cross-reference |
| Coverage Schema | Gap scoring data model, JSON schemas, and Python scoring functions |
Learning & Career
| Reference | Coverage |
|---|---|
| Career Paths | 15+ security roles with skill maps, salary ranges, and cert roadmaps |
| Certifications Reference | 40+ certifications with cost, difficulty, and domain coverage |
| Interview Prep | Questions by role: SOC analyst, pentester, DFIR, cloud security |
| Home Lab Setup | Hardware, hypervisors, network design, detection stacks |
| Hands-On Labs | Free lab environments and CTF platforms mapped to each security domain |
| Cybersecurity Book List | Curated reading organized by discipline and level |
| Starred Repositories | Curated GitHub repos structured around the security technology landscape |
Free Training
| Platform | What You Get |
|---|---|
| Antisyphon Training | Pay-what-you-can live courses — SOC, pentesting, active defense |
| Black Hills Information Security | Hundreds of free webcasts on every security discipline |
| TCM Security Academy | Practical ethical hacking and SOC content, free tier |
| PortSwigger Web Security Academy | Best free web security training — interactive labs for every major vuln class |
| Hack The Box Academy | Free Student tier — SOC, DFIR, pentesting, and cloud paths |
| TryHackMe | Browser-based labs from beginner to advanced, no local setup required |
| IppSec | HackTheBox walkthroughs with full attack methodology |
| Blue Team Labs Online | Free investigation challenges for detection, forensics, and IR |
| LetsDefend | Free SOC simulator for alert triage and threat analysis |
| CISA Training Catalog | No-cost federal training — ICS/OT, cloud, and IR |
| Anthropic Courses | Free AI and LLM security courses |
MITRE ATT&CK workbench for coverage review, detection engineering, exposure mapping, and threat-intelligence correlation. Supports Enterprise, ICS, and Mobile ATT&CK domains.
| Capability | Details |
|---|---|
| Heatmap modes | Coverage, detection, exposure, compliance, and risk |
| Live integrations | MISP, OpenCTI, EPSS, CISA KEV, NVD, Elastic, Splunk, Sigma, Atomic Red Team, ExploitDB, Nuclei |
| Data | STIX 2.1 import/export, custom technique editing, collection sharing |
| Deployment | Docker or GitHub Pages |
Repository | Live Site | Docs
| Project | Description |
|---|---|
| LimeWire | Python desktop audio studio — download, analysis, editing, stem separation, and batch processing |
| PokeNav | Offline-first Pokemon encyclopedia with game-aware browsing and trainer archives |