Reference Files
| File | Description |
|---|---|
| Enterprise Security Pipeline | End-to-end security lifecycle with vendor mapping |
| Enterprise Infrastructure Reference | Every OS, server role, and network component in the enterprise |
| Security Tools Reference | 100+ tools organized by category |
| Open Source Toolkit | OSS security tools and bookmarks by discipline |
| Frameworks Reference | NIST CSF, ISO 27001, PCI DSS, CMMC, GDPR, and 10+ frameworks |
| Controls Mapping | Vendor → NIST 800-53 → ATT&CK cross-reference |
| Coverage Schema | Gap scoring model, JSON schemas, Python scoring functions |
| Security Glossary | 100+ cybersecurity terms, acronyms, and definitions |
Threat Intelligence & Incidents
| File | Description |
|---|---|
| Threat Actors | Nation-state APTs, ransomware groups, and eCrime actors |
| Notable Incidents | Historic hacks, Sandworm, ransomware campaigns, and recent events |
| Malware Families | Ransomware, RATs, APT tools, rootkits, and loaders |
| Cloud Attack Reference | AWS, Azure, and GCP attack techniques and escalation paths |
| Privilege Escalation Reference | Linux, Windows, and cloud privilege escalation techniques |
| Conference Talks & Papers | Black Hat, DEF CON, BSides, CCC, and landmark talk archives |
Playbooks, Checklists & Methodology
| File | Description |
|---|---|
| IR Playbooks | Ransomware, BEC, data exfiltration, DDoS, cloud incidents |
| Pentest Checklists | External, internal, AD, web app, cloud, and post-exploitation |
| CTF Methodology | Web, forensics, crypto, RE, binary exploitation, and OSINT challenges |
| Detection Rules Reference | Sigma, YARA, and Suricata rule writing with examples |
Career & Learning
| File | Description |
|---|---|
| Career Paths | 15+ roles with skill maps, salary ranges, and cert roadmaps |
| Certifications Reference | 40+ certifications — cost, difficulty, DoD 8570 mapping |
| Interview Prep | Role-specific questions, GRC/CTI sections, salary negotiation |
| Hands-On Labs | Free lab platforms mapped to each security discipline |
| Home Lab Setup | AD lab, cloud lab, VPS hosting, defensive stack, hardware guide |
| HTB Machine Index | 127 retired HackTheBox machines by difficulty, OS, and skills |
| HTB Learning Tracks | 45 curated HackTheBox paths mapped to certs and disciplines |
| Cybersecurity Book List | Books grouped by discipline with cert roadmaps |
| YouTube Channel Library | Active channels across all security disciplines |
| X / Twitter Follow List | Vetted accounts sharing research, tooling, and operational insight |
| Starred Repositories | Curated repos structured around cybersecurity technology |
| Resources | Courses, podcasts, CTF platforms, and communities |
Disciplines (47 Learning Paths)
| Discipline | Focus |
|---|---|
| Active Defense & Deception | Honeypots, honeytokens, canary tokens, deception grids, adversary engagement |
| Active Directory Security | AD attack paths, Kerberoasting, DCSync, BloodHound, detection strategies |
| Adversarial AI Attacks | Attacking AI/ML — adversarial examples, model inversion, data poisoning, LLM jailbreaks |
| AI & LLM Security | Securing AI systems, red-teaming LLMs, prompt injection, adversarial ML |
| AI / ML Security | ML pipeline security, adversarial robustness, MITRE ATLAS, MLOps security |
| Application Security | Web/API security, OWASP Top 10, secure SDLC, SAST/DAST, threat modeling |
| Blockchain & Web3 Security | Smart contract auditing, DeFi exploits, reentrancy, Slither/Echidna/Mythril |
| Bug Bounty | Web/API/mobile vuln research, recon methodology, responsible disclosure |
| Cloud Security | Securing cloud infrastructure, containers, serverless, and cloud identity |
| Container & Kubernetes Security | Container runtime security, K8s RBAC, image scanning, Falco, OPA |
| Cryptography & PKI | Certificate lifecycle, key management, TLS hardening, post-quantum readiness |
| Cyber Risk Quantification | FAIR methodology, Monte Carlo simulation, ALE/ROSI, board-level communication |
| Data Security | Data classification, DLP, encryption, DSPM, database activity monitoring |
| Detection Engineering | Building, tuning, and validating detections across SIEMs and EDR platforms |
| DevSecOps | SAST, SCA, IaC scanning, secrets detection, CI/CD pipeline security |
| Digital Forensics | Disk, memory, and network forensics; evidence handling; DFIR methodology |
| Exploit Development | Buffer overflows, ROP chains, heap exploitation, format strings, fuzzing |
| Governance, Risk & Compliance | Risk frameworks, NIST CSF/800-53, ISO 27001, SOC 2, CMMC, GRC tooling |
| Hacker Hobbies & Community | Locksport, SDR, badge hacking, ham radio, DEF CON villages, hacking culture |
| Hardware Security | Firmware analysis, secure boot, TPM/HSM, hardware hacking, side-channel attacks |
| ICS / OT Security | Securing industrial control systems, SCADA, PLCs, and critical infrastructure |
| Identity & Access Management | IAM/PAM architecture, SSO/MFA, Zero Trust identity, AD security, CIEM |
| Incident Response | Responding to, containing, and recovering from security incidents |
| IoT Security | IoT attack surface, firmware analysis, MQTT testing, OWASP IoT Top 10 |
| Malware Analysis | Static and dynamic analysis, reverse engineering, sandbox investigation |
| Mobile Security | iOS/Android app security, MASVS, MDM/EMM, mobile threat defense |
| Network Security | NSM, IDS/IPS, Zero Trust networking, protocol attacks, wireless security |
| Offensive Security | Penetration testing, red teaming, adversary emulation, vulnerability research |
| OSINT | Open source intelligence collection, SOCMINT/GEOINT, recon methodology |
| Penetration Testing | Scoping, methodology, web/AD/cloud pentesting, reporting |
| Physical Security | Physical pen testing, RFID cloning, lock bypass, access control systems |
| Privacy Engineering | PII detection, data minimization, consent management, GDPR/CCPA |
| Purple Teaming | Adversary emulation, BAS, detection validation, ATT&CK coverage measurement |
| Radio Frequency Security | RF attack techniques, SDR tooling, replay attacks, protocol analysis |
| Red Teaming | APT simulation, C2 frameworks, payload evasion, infrastructure OPSEC |
| Reverse Engineering | x86/x64 assembly, static/dynamic analysis, anti-analysis bypasses |
| Security Architecture | Zero Trust design, threat modeling, defense-in-depth, reference architectures |
| Security Awareness | Phishing simulation, behavior change programs, human risk metrics |
| Security Operations | SOC operations, SIEM/SOAR, alert triage, threat hunting, SOC metrics |
| SIEM & SOAR | SIEM architecture, SPL/KQL query writing, SOAR playbook design |
| Social Engineering | Phishing, pretexting, vishing, physical SE, security awareness training |
| Supply Chain Security | SBOM generation, artifact signing, SLSA framework, dependency security |
| Threat Hunting | Hypothesis-driven hunting, ATT&CK-mapped procedures, hunting maturity model |
| Threat Intelligence | Collecting, analyzing, and acting on threat data; intelligence lifecycle |
| Threat Modeling | STRIDE/PASTA/LINDDUN, threat model as code, DFD-based analysis |
| Vulnerability Management | VM lifecycle, CVE/CWE/EPSS/KEV, ASM, automated response |
| Zero Trust Architecture | ZT principles, CISA ZTMM, microsegmentation, ZTNA tooling |
Coverage Data & ATT&CK Layers
| Resource | Description |
|---|---|
| ATT&CK Navigator Layer | NIST 800-53 R5 → ATT&CK heatmap (313 techniques). Load in Navigator ↗ |
| Vendor → Control edges | 100+ vendor → NIST 800-53 control mappings |
| Control → Technique edges | NIST 800-53 R5 → ATT&CK technique mappings (CTID) |
| Vendor → Technique edges | Derived vendor → ATT&CK coverage via control join |
| Arsenal Crosswalk | Black Hat Arsenal tools mapped to ATT&CK |
| Resource | Description |
|---|---|
| Enterprise Security Pipeline | End-to-end security lifecycle with vendor mapping across all 6 stages |
| Starred Repositories | Curated repos structured around Cybersecurity Technology |
| Cybersecurity Book List | Books, labs, and companion repos grouped for practical learning, with cert roadmaps and learning paths |
| YouTube Channel Library | Active channels across multiple security disciplines |
| X / Twitter Follow List | Vetted accounts that regularly share original research, tooling, or operational insight |
| Career Paths | 15+ cybersecurity roles with skill maps, salary ranges, cert roadmaps, and career transition paths |
| Certifications Reference | Detailed reference for 40+ security certifications — cost, difficulty, DoD 8570, and who should pursue each |
| Hands-On Labs | Free lab environments, CTF platforms, and home lab builds mapped to each security discipline |
| Security Tools Reference | Quick-reference matrices of 100+ security tools organized by category with OSS/commercial tags |
| Frameworks Reference | Side-by-side comparison of NIST CSF, 800-53, ISO 27001, SOC 2, PCI DSS, CMMC, GDPR, and 10+ other frameworks |
| Security Glossary | 100+ cybersecurity terms, acronyms, and definitions from APT to ZTNA |
| Threat Actors | Nation-state APTs, ransomware groups, and eCrime actors mapped to ATT&CK TTPs |
| IR Playbooks | Step-by-step response procedures for ransomware, BEC, data exfiltration, DDoS, cloud incidents, and more |
| HTB Machine Index | 127 retired HackTheBox machines indexed by difficulty, OS, and skills learned |
| Resources | Books, courses, YouTube channels, podcasts, CTF platforms, and communities |
| HTB Learning Tracks | 45 curated HackTheBox learning tracks mapped to disciplines and certification paths |
| Interview Prep | Common interview questions by role — SOC analyst, pentester, DFIR, cloud security, AppSec |
| Home Lab Setup | Hardware, hypervisors, network architecture, and detection stacks for building a security lab |
| Pentest Checklists | Step-by-step checklists for external, internal, AD, web app, cloud, and post-exploitation testing |
| CTF Methodology | Systematic approach to web, forensics, crypto, reverse engineering, binary exploitation, and OSINT challenges |
| Privilege Escalation Reference | Linux and Windows privilege escalation techniques with ATT&CK mappings and automated tools |
| Cloud Attack Reference | AWS, Azure, and GCP attack techniques, IAM escalation paths, and defensive controls |
| Detection Rules Reference | Sigma, YARA, and Suricata rule writing with examples and conversion to Splunk, Elastic, and Sentinel |
| Malware Families | Ransomware, banking trojans, RATs, APT malware, rootkits, and loaders with TTPs and analysis resources |
| Enterprise Infrastructure Reference | Every OS, server role, and network component encountered in enterprise environments — with security context and ATT&CK relevance |
| Open Source Toolkit | Comprehensive open source security tooling reference and bookmarks organized by category across 20+ disciplines |
| Conference Talks & Papers | Black Hat, DEF CON, BSides, CCC, USENIX, and landmark talk archives — with guidance on finding associated research repos |
Focused starting points by area of practice. Each page includes a learning path, free training resources, tools, books, certifications, and who to follow.
| Discipline | Focus |
|---|---|
| Threat Intelligence | Collecting, analyzing, and acting on threat data to understand adversary capabilities and intent |
| Detection Engineering | Building, tuning, and validating detections across log sources, SIEMs, and EDR platforms |
| Incident Response | Responding to, containing, and recovering from security incidents |
| Offensive Security | Penetration testing, red teaming, adversary emulation, and vulnerability research |
| Vulnerability Management | Identifying, prioritizing, and remediating vulnerabilities across the environment |
| Cloud Security | Securing cloud infrastructure, containers, serverless, and cloud identity |
| Network Security | Monitoring and defending network traffic; NSM, IDS/IPS, Zero Trust networking |
| Malware Analysis | Static and dynamic malware analysis, reverse engineering, and sandbox investigation |
| ICS / OT Security | Securing industrial control systems, SCADA, PLCs, and critical infrastructure |
| Application Security | Web/API security, secure SDLC, SAST/DAST, threat modeling, and bug bounty |
| Adversarial AI Attacks | Attacking AI and ML systems — adversarial examples, model inversion, data poisoning, and LLM jailbreaks |
| AI & LLM Security | Securing AI systems, red-teaming LLMs, prompt injection, and adversarial ML |
| Governance, Risk & Compliance | Risk frameworks, compliance programs, NIST CSF/800-53, ISO 27001, GRC tooling |
| Hacker Hobbies & Community | Locksport, SDR, electronics, badge hacking, ham radio, car hacking, DEF CON villages, and the broader hacker community |
| Digital Forensics | Disk, memory, and network forensics; evidence handling; DFIR methodology |
| Security Architecture | Zero Trust design, threat modeling, defense-in-depth, and architectural frameworks |
| DevSecOps | Integrating security into CI/CD pipelines; SAST, SCA, IaC scanning, secrets detection |
| Cryptography & PKI | Certificate lifecycle, key management, HSMs, TLS hardening, and post-quantum readiness |
| Supply Chain Security | SBOM generation, artifact signing, dependency security, and SLSA framework |
| Privacy Engineering | PII detection, data minimization, consent management, DSR automation, GDPR/CCPA |
| Identity & Access Management | IAM/PAM architecture, SSO/MFA, Zero Trust identity, AD security, and CIEM |
| Security Operations | SOC operations, SIEM/SOAR, threat hunting, detection lifecycle, and SOC metrics |
| Data Security | Data classification, DLP, encryption, DSPM, and database activity monitoring |
| Active Defense & Deception | Honeypots, honeytokens, canary tokens, deception grids, and adversary engagement |
| Hardware Security | Firmware analysis, secure boot, TPM/HSM, hardware hacking, side-channel attacks |
| Mobile Security | iOS/Android app security, MASVS, MDM/EMM, mobile threat defense, dynamic analysis |
| Purple Teaming | Adversary emulation, BAS, detection validation, ATT&CK coverage measurement |
| Radio Frequency Security | RF attack techniques, SDR tooling, replay attacks, protocol analysis, and wireless security testing |
| Bug Bounty | Web/API/mobile vulnerability research, recon methodology, responsible disclosure |
| Social Engineering | Phishing simulations, pretexting, vishing, security awareness training, human risk management |
| Physical Security | Physical pen testing, RFID cloning, badge bypass, access control systems, facility security |
| Threat Modeling | STRIDE/PASTA/LINDDUN methodologies, threat model as code, DFD-based analysis, DevSecOps integration |
| OSINT | Open source intelligence collection, recon methodology, SOCMINT/GEOINT, OpSec for analysts |
| Zero Trust Architecture | ZT principles, CISA ZTMM, microsegmentation, ZTNA tooling, BeyondCorp, NIST SP 800-207 |
| IoT Security | IoT attack surface, firmware analysis, MQTT/CoAP testing, device identity, OWASP IoT Top 10 |
| Container & Kubernetes Security | Container runtime security, K8s RBAC, image scanning, Falco, OPA Gatekeeper, CKS prep |
| Cyber Risk Quantification | FAIR methodology, Monte Carlo simulation, ALE/ROSI calculation, board-level risk communication |
| Blockchain & Web3 Security | Smart contract auditing, DeFi exploits, reentrancy, Slither/Echidna/Mythril, Ethernaut CTF |
| Security Awareness | Phishing simulation, behavior change programs, KnowBe4/GoPhish, human risk metrics |
| Active Directory Security | AD attack paths, Kerberoasting, DCSync, BloodHound, defensive controls, and detection strategies |
| AI / ML Security | Adversarial ML, model inversion, data poisoning, MITRE ATLAS, and MLOps security |
| Exploit Development | Buffer overflows, ROP chains, heap exploitation, format strings, fuzzing, and CVE research |
| Penetration Testing | Scoping, methodology, CVSS scoring, tooling by phase, and report structure |
| Red Teaming | APT simulation, C2 frameworks, payload evasion, infrastructure OPSEC, and engagement types |
| Reverse Engineering | x86/x64 assembly, static/dynamic analysis, anti-analysis bypasses, and platform-specific RE |
| SIEM & SOAR | SIEM architecture, SPL/KQL query writing, SOAR playbook design, and log source onboarding |
| Threat Hunting | Hypothesis-driven hunting, ATT&CK-mapped procedures, Splunk/KQL queries, and maturity model |
High-quality training does not require a large budget. These platforms offer free or pay-what-you-can content taught by working practitioners.
| Platform | Focus |
|---|---|
| Antisyphon Training | Pay-what-you-can live courses from John Strand and practitioners; SOC, pentesting, active defense |
| Black Hills Information Security | Hundreds of free webcasts on every security discipline |
| TCM Security Academy | Free tier with 25+ hours of on-demand content; practical ethical hacking and SOC |
| PortSwigger Web Security Academy | The best free web application security training available; interactive labs for every major vulnerability class |
| Hack The Box Academy | Free Student tier; SOC analyst, DFIR, penetration testing, and cloud security paths |
| TryHackMe | Browser-based beginner-to-advanced labs; no local setup required |
| IppSec | HackTheBox walkthroughs demonstrating real attack techniques with full methodology |
| Blue Team Labs Online | Free investigation challenges for detection, forensics, and IR |
| LetsDefend | Free SOC simulator for alert triage and threat analysis |
| CISA Training Catalog | No-cost federal training open to the public including ICS/OT, cloud, and IR content |
| Anthropic Courses | Free AI and LLM security courses from Anthropic |
Machine-readable data files and an ATT&CK Navigator layer connecting the TeamStarWolf vendor stack to NIST 800-53 controls and ATT&CK techniques.
| Resource | Description |
|---|---|
| ATT&CK Navigator Layer | NIST 800-53 R5 → ATT&CK coverage heatmap (313 techniques, CTID-sourced). Load in Navigator ↗ |
| Vendor → Control edges | JSONL edge table: 100+ vendor → NIST 800-53 control mappings |
| Control → Technique edges | JSONL edge table: NIST 800-53 R5 → ATT&CK technique mappings (CTID) |
| Vendor → Technique edges | JSONL derived edge table: vendor → ATT&CK technique coverage via control join |
| Controls Mapping | Full Vendor → NIST 800-53 → ATT&CK cross-reference |
| Coverage Schema | Gap scoring data model, JSON schemas, Python scoring functions |
MITRE ATT&CK workbench for coverage review, detection engineering, exposure mapping, and threat-intelligence correlation. Supports Enterprise, ICS, and Mobile ATT&CK domains.
Capabilities
-
Multiple heatmap modes across coverage, detection, exposure, compliance, and risk
-
CVE mappings with live integrations: MISP, OpenCTI, EPSS, CISA KEV, NVD, Elastic, Splunk, Sigma, Atomic Red Team, ExploitDB, and Nuclei
-
STIX 2.1 import/export, custom technique editing, and collection sharing
-
Deployable via Docker or GitHub Pages
Repository | Live Site | Docs
| Project | Description |
|---|---|
| LimeWire | Python desktop audio studio — download, analysis, editing, stem separation, and batch processing |
| PokeNav | Offline-first Pokemon encyclopedia with game-aware browsing and trainer archives |