MITRE ATT&CK
Adversary tactics and techniques knowledge base
Essential Security Resources
Frameworks, standards, catalogs, and references every team should know
ATT&CK Navigator
Plan, annotate, and share ATT&CK matrices
MITRE D3FEND
Countermeasures mapped to attack behaviors
MITRE CAPEC
Common attack pattern enumeration and classification
OWASP Top 10
Most critical web application security risks
OWASP API Security Top 10
Top API security risks and guidance
OWASP ASVS
Security requirements for designing and testing apps
OWASP Cheat Sheet Series
Concise best practices across common security topics
OWASP SAMM
Software Assurance Maturity Model for AppSec
CIS Controls v8
Prioritized safeguards to defend against attacks
CIS Benchmarks
Hardening guidance for operating systems and platforms
NIST Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover
NIST SP 800-53
Security and privacy controls for information systems
NIST SP 800-61
Computer security incident handling guide
NIST SP 800-171
Protecting CUI in nonfederal systems
ISO/IEC 27001
Information security management system standard
PCI DSS
Payment Card Industry Data Security Standard
SOC 2
Service Organization Control 2 overview (AICPA)
CVE Program
Common vulnerabilities and exposures registry
NVD
National Vulnerability Database with CVSS scoring
Exploit Database
Public exploits and proof-of-concepts
Vulners
Unified vulnerability database and search
CERT/CC Vulnerability Notes
Coordinator vulnerability notes database
FIRST CVSS Calculator
Calculate CVSS severity scores
CWE
Common software weaknesses catalog
MISP
Open-source threat intelligence platform
AlienVault OTX
Community threat intelligence pulses and IOCs
AbuseIPDB
Report and check malicious IP addresses
PhishTank
Community-curated phishing URL database
URLHaus
Malicious URLs database by abuse.ch
MalwareBazaar
Malware sample sharing by abuse.ch
ThreatFox
Indicators of compromise feed
GreyNoise
Context on Internet scanning and noise
Spamhaus
Blocklists and threat intelligence
Team Cymru MHR
Malware Hash Registry lookup
ANY.RUN
Interactive malware analysis sandbox
VirusTotal
Analyze files and URLs for malware and indicators
Have I Been Pwned
Email breach and password exposure checks
SANS DFIR Resources
Incident response and forensics tools and posters
The Sleuth Kit
Open-source digital forensics toolkit
Autopsy
GUI for The Sleuth Kit forensic analysis
Velociraptor
Endpoint visibility and DFIR collection
KAPE
Rapid triage and artifact collection
Timesketch
Collaborative forensic timeline analysis
OSQuery
Query your endpoints like a database
GRR Rapid Response
Incident response framework focused on remote live forensics
Volatility
Advanced memory forensics framework
YARA
Pattern matching for malware research and hunting
CAPA
Identify capabilities in suspicious binaries
CyberChef
The Cyber Swiss Army Knife
Ghidra
Open-source reverse engineering suite
IDA Free
Free version of the IDA disassembler
radare2
Open-source reverse engineering framework
Cutter
Qt GUI for radare2
Binary Ninja Blog
Reverse engineering techniques and articles
Malpedia
Knowledge base of malware families
PEStudio
Static investigation of Windows executables
Hybrid Analysis
Automated malware analysis reports
UnpacMe
Automated unpacking of obfuscated binaries
AWS Well-Architected (Security)
AWS Security Pillar best practices
AWS Security Hub
AWS security findings aggregation
Azure Security Benchmark
Security guidance for Azure services
Microsoft Defender for Cloud
Cloud-native application protection
GCP Security Foundations
Google Cloud security best practices
Checkov Docs
Static analysis for IaC (Terraform/K8s/Cloud)
tfsec Docs
Static analysis for Terraform
Semgrep Registry
Curated rules for code and IaC scanning
Prowler
AWS/Azure/GCP security best practices auditing
ScoutSuite
Multi-cloud security auditing
Terrascan
Detect compliance and security violations across IaC
OWASP WSTG
Web Security Testing Guide
Burp Suite Academy
PortSwigger Web Security Academy
OWASP ZAP Docs
ZAP documentation and guides
Nuclei Templates
Community templates for fast scanning
FFUF Wordlists
SecLists: wordlists for discovery and fuzzing
CodeQL Docs
Semantic code analysis by GitHub
OWASP Dependency-Check
Dependency vulnerability scanning
OWASP Mobile Top 10
Top mobile application security risks
OWASP MASVS
Mobile AppSec Verification Standard
Atomic Red Team
ATT&CK-mapped tests for adversary behaviors
MITRE CTID Adversary Emulation
Adversary emulation plans and resources
LOLBAS
Living off the land binaries and scripts
GTFOBins
Unix binaries that help bypass security controls
PayloadsAllTheThings
Payloads and bypasses for various attack scenarios
Red Team Operator Handbook
Tactics and techniques compendium
Sigma HQ
Generic signature format for SIEM detections
Elastic Detection Rules
Community rules mapped to ATT&CK
ThreatHunting Book
Playbooks and analytics for hunting
DetectionLab
Automated lab for detection engineering
Elastic Common Schema
Unified field names for event data
OSSEM
Open Source Security Events Metadata
Sigma Tools
Backends and tools for Sigma rules
BloodHound Docs
Graph-based Active Directory analysis
SpecterOps Blog
Advanced AD/Windows security research
ADSecurity.org
Active Directory security guidance
Windows Event Logging Cheat Sheets
Event ID references for defenders
OSINT Framework
Directory of OSINT resources and tools
Shodan Docs
Documentation for the Shodan search engine
Censys Docs
Guides for Internet-wide search and assets
SpiderFoot Docs
Automated OSINT collection and analysis
theHarvester
E-mail, subdomain and names harvesting
ATT&CK for ICS
Adversary behaviors in industrial control systems
SANS ICS Resources
Industrial control systems security resources
SLSA
Supply-chain Levels for Software Artifacts
Sigstore
Signing and verifying software artifacts
SPDX
Software Package Data Exchange (SBOM)
CycloneDX
Lightweight SBOM standard
OpenSSF Scorecard
Automated security checks for projects
Dependency-Track
SBOM analysis and risk management
HackerOne Resources
Guides and reports for bug bounty hunters
Bugcrowd University
Educational content for bug bounty
TryHackMe
Hands-on cybersecurity training
Hack The Box Academy
Interactive cybersecurity courses
OWASP Juice Shop
Deliberately insecure app for training
PortSwigger Academy Labs
Free hands-on web security labs
Sigma Rules Wiki
How to write and use Sigma rules
Sysmon
Windows system monitoring driver
Elastic Security
SIEM and endpoint security with Elastic
OSSEC
Host-based intrusion detection system
Let’s Encrypt Docs
ACME certificates and guidance
OWASP Cryptographic Storage Cheat Sheet
Best practices for crypto storage
CISA Alerts
Current security alerts and advisories
US-CERT Vulnerability Notes
Vulnerability notes from CERT/CC
Microsoft Security Blog
Security research and incident analysis
Google TAG
Threat Analysis Group research
Mandiant Blog
Threat intelligence and incident reports
NIST NICE
Cybersecurity workforce framework
OWASP SAMM Toolbox
Resources for SAMM implementation
FIRST Traffic Light Protocol
Data sharing and classification standard
MITRE Shield
Active defense knowledge base
ATT&CK Workbench
Curate and share ATT&CK content
OpenCTI
Open cyber threat intelligence platform
Criminal IP
Attack surface and threat intel platform
CIRCL Passive DNS
Historical DNS records lookup
RiskIQ Community
Passive DNS, WHOIS, and threat intel
Shodan Exploits
Exploit search mapped to services
Rapid7 AttackerKB
Exploitability and impact discussions
Metasploit Docs
Exploit development and usage docs
MITRE CALDERA
Automated adversary emulation platform
Huntress Library
Tradecraft, guides, and IR content
RITA
Beacon analysis of network traffic
Suricata Rules
IDS/IPS rule language reference
Zeek Docs
Network security monitoring platform docs
Sigma Rules Repository
Community detection rules
MITRE CAR
Cyber analytics repository mapped to ATT&CK
MITRE Engage (Shield)
Adversary engagement and active defense
Microsoft D3FEND Mapping
Mitigations mapped to D3FEND
Google BeyondCorp
Zero trust access model
NCSC Cyber Essentials
UK baseline security standard
NCSC Guidance
UK National Cyber Security Centre guidance
CISA Known Exploited Vulnerabilities
Catalog of actively exploited CVEs
ATT&CK Navigator Layers
Shareable ATT&CK layer files
Sigma to Splunk Converter
Convert Sigma rules to SIEM backends
Sysmon Config (SwiftOnSecurity)
Community Sysmon configuration
Procmon
Advanced Windows monitoring tool
RegRipper
Windows Registry forensic analysis
Floss
Extract obfuscated strings from malware
CAPE Sandbox
Config and payload extraction sandbox
Remnux
Linux toolkit for malware analysis
X-Force Exchange
Threat intelligence sharing platform
AlienVault Open Threat Exchange Docs
Using and integrating OTX
Abuse.ch Feeds
Project index for abuse.ch (malware feeds)
Exploit-DB Papers
Whitepapers and tutorials on exploitation
Rapid7 DB
Modules and vulnerability content
OWASP CRS
ModSecurity Core Rule Set
Container Security (NIST SP 800-190)
Application container security guide
Kubernetes Hardening (NSA/CISA)
Kubernetes hardening guidance
OWASP Top 10 for LLMs
Risks for LLM applications
OpenAI Security Eval Resources
Eval harness for model behaviors
Safeguarding AI (NIST AI RMF)
AI Risk Management Framework
MITRE ATLAS
Adversarial threats to machine learning
Okta Security Best Practices
Identity and access best practices
Auth0 Attack Protection
Protect against automated attacks
Cloudflare Security Center
Threat data and security insights
Mozilla Observatory
Site security scanning and guidance
Security Headers
Analyze HTTP security headers
TLS Observatory
TLS configuration scanner
Qualys SSL Labs
SSL/TLS server test and reports
OWASP Threat Dragon
Open-source threat modeling
Microsoft Threat Modeling Tool
Model and analyze threats
Attack Surface Management (ASM) Guide
CISA guidance on ASM
NCSC Logging Made Easy
Logging patterns and deployment
MITRE CVE Services
CVE program and partners
OpenSSF Best Practices Badge
Best practices for open source projects
Docker Bench for Security
Script to check for common Docker best-practices
Kube-bench
CIS Benchmark tests for Kubernetes
kube-hunter
Kubernetes security assessment
Trivy
Comprehensive container and artifact scanner
Grype
Container image vulnerability scanner
Suricata
High-performance IDS/IPS and NSM
Zeek
Network security monitoring framework
Sigma HQ Examples
Testing and validating Sigma rules
Awesome Incident Response
Curated list of IR resources
Awesome Threat Intelligence
Curated list of threat intel resources
Awesome Malware Analysis
Curated malware analysis tools and resources
Awesome Red Teaming
Curated red team resources
Awesome Blue Team
Curated blue team resources