Security Resources

A curated collection of security tools, frameworks, and resources for blue team operations, threat hunting, and incident response.

Interactive Training Tools

• Phishing Email Quiz - Test your ability to identify phishing emails with our interactive 10-question quiz. Get immediate feedback and learn key indicators to spot malicious emails.

Analysis Tools

Online Analysis Platforms

• CyberChef - The Cyber Swiss Army Knife for encoding, decoding, data analysis, and forensics
• VirusTotal - Analyze suspicious files, URLs, domains, and IP addresses
• Hybrid Analysis - Free malware analysis service powered by Falcon Sandbox
• ANY.RUN - Interactive malware analysis sandbox
• Joe Sandbox - Deep malware analysis platform
• URLScan.io - Scan and analyze websites for malicious content
• MXToolbox - Email and DNS analysis tools
• Censys - Internet-wide scan data for threat hunting
• Shodan - Search engine for Internet-connected devices

Decoders & Converters

• CyberChef - Encoding/decoding, encryption, compression, data analysis
• DCode - Forensic timestamp decoder
• IPVoid - IP address analysis and blacklist checking
• DNSdumpster - DNS recon and research tool

Detection & Threat Intelligence

YARA Rules

• Yara-Rules GitHub - Community YARA rules repository
• YARA Forge - Curated YARA rule feed
• Awesome YARA - Curated list of YARA resources
• Neo23x0’s Signature Base - YARA and Sigma rules by Florian Roth

Sigma Rules

• Sigma HQ - Generic signature format for SIEM systems
• SOC Prime Threat Detection Marketplace - Sigma rules and SIEM content
• SIGMA Rules Search - Search engine for Sigma detection rules

Threat Intelligence Feeds

• AlienVault OTX - Open Threat Exchange community
• Abuse.ch - Malware and botnet tracking (URLhaus, ThreatFox, MalwareBazaar)
• MISP Threat Sharing - Threat intelligence sharing platform
• OpenCTI - Open Cyber Threat Intelligence platform
• ThreatConnect - Threat intelligence aggregation

Frameworks & Standards

Attack Frameworks

• MITRE ATT&CK - Knowledge base of adversary tactics and techniques
• MITRE D3FEND - Knowledge graph of cybersecurity countermeasures
• Atomic Red Team - Library of tests mapped to ATT&CK
• LOLBAS - Living Off The Land Binaries and Scripts (Windows)
• GTFOBins - Unix binaries that can be used to bypass security
• LOLDrivers - Living Off The Land Drivers database

Security Standards

• NIST Cybersecurity Framework - Framework for improving critical infrastructure cybersecurity
• CIS Controls - Prioritized set of security best practices
• OWASP Top 10 - Top 10 web application security risks
• SANS 25 Most Dangerous Software Errors - Common programming errors

Malware Analysis

Sandboxes & Analysis

• CAPE Sandbox - Automated malware analysis system
• Cuckoo Sandbox - Open source malware analysis system
• REMnux - Linux toolkit for reverse-engineering malware
• FLARE VM - Windows malware analysis VM by Mandiant
• Ghidra - NSA’s reverse engineering framework
• IDA Free - Disassembler and debugger
• x64dbg - Open source debugger for Windows
• dnSpy - .NET debugger and assembly editor

Malware Repositories

• MalwareBazaar - Malware sample sharing platform
• VirusBay - Community malware repository
• Malpedia - Resource for malware families
• VX Underground - Malware collection and research

Network Analysis

Packet Analysis

• Wireshark - Network protocol analyzer
• NetworkMiner - Network forensic analysis tool
• Zeek (Bro) - Network security monitoring framework
• Suricata - Network IDS/IPS engine
• Security Onion - Linux distribution for threat hunting and network security monitoring

Traffic Analysis

• PacketTotal - PCAP analysis platform
• A-Packets - Online pcap file analyzer
• CloudShark - Web-based packet analysis

Digital Forensics

Forensic Suites

• Autopsy - Digital forensics platform
• SIFT Workstation - SANS Investigative Forensic Toolkit
• Volatility - Memory forensics framework
• FTK Imager - Forensic imaging tool
• Sleuth Kit - Collection of command line forensic tools

Forensic Analysis

• KAPE - Kroll Artifact Parser and Extractor
• Eric Zimmerman’s Tools - Windows forensics tools
• Plaso (log2timeline) - Timeline creation and analysis
• Arsenal Image Mounter - Mount forensic disk images

Threat Hunting & OSINT

OSINT Frameworks

• OSINT Framework - Collection of OSINT tools
• Maltego - Link analysis tool for OSINT
• SpiderFoot - Automated OSINT reconnaissance
• theHarvester - Email, domain, and name discovery
• Recon-ng - Web reconnaissance framework

Threat Hunting Platforms

• HELK - Hunting ELK stack
• Velociraptor - Endpoint visibility and collection tool
• GRR Rapid Response - Incident response framework
• osquery - SQL powered operating system instrumentation

Security Monitoring

Log Analysis

• Splunk Free - Data analysis platform (free tier)
• Elastic Stack (ELK) - Elasticsearch, Logstash, Kibana
• Graylog - Open source log management
• Wazuh - Security monitoring and compliance

Endpoint Detection

• Sysmon - System Monitor for Windows
• Sysmon for Linux - System Monitor for Linux
• Process Monitor - Advanced monitoring for Windows
• Auditd - Linux audit framework

Vulnerability Management

Vulnerability Databases

• NIST NVD - National Vulnerability Database
• CVE Details - Security vulnerability database
• Exploit DB - Exploits and vulnerable software archive
• VulnDB - Vulnerability intelligence database

Scanning Tools

• Nmap - Network discovery and security auditing
• Nessus Essentials - Vulnerability scanner (free for home use)
• OpenVAS - Open source vulnerability scanner
• Nuclei - Fast vulnerability scanner
• Metasploit - Penetration testing framework

Learning Resources

Training Platforms

• TryHackMe - Hands-on cybersecurity training
• HackTheBox - Penetration testing labs
• Blue Team Labs Online - Defensive security challenges
• CyberDefenders - Blue team CTF challenges
• LetsDefend - SOC analyst training platform

Documentation & Guides

• SANS Reading Room - Security research papers
• MITRE CAR - Cyber Analytics Repository
• DFIR Training - Digital forensics and incident response resources
• Cybersecurity and Infrastructure Security Agency (CISA) - Government cybersecurity resources

Communities

• Reddit r/blueteamsec - Blue team community
• Reddit r/AskNetsec - Network security Q&A
• SANS Internet Storm Center - Threat intelligence and handlers diary
• Krebs on Security - In-depth security news

Incident Response

IR Frameworks

• NIST SP 800-61 - Computer Security Incident Handling Guide
• SANS Incident Handler’s Handbook - Step-by-step IR guide
• Incident Response Consortium - IR resources and tools

IR Tools

• TheHive - Security incident response platform
• Cortex - Observable analysis and active response engine
• MISP - Threat intelligence sharing platform
• Velociraptor - Endpoint visibility and IR tool

Cheat Sheets & Quick References

• SANS Cheat Sheets - Comprehensive collection
• RTFM (Red Team Field Manual) - Commands reference
• Blue Team Field Manual - Defensive commands
• Windows Commands Cheat Sheet - Windows security commands
• Linux Commands Cheat Sheet - Linux security commands

Automation & Scripting

Security Automation

• Shuffle - Open source SOAR platform
• SOAR (Security Orchestration, Automation and Response) - Palo Alto SOAR
• Ansible Security Automation - Security playbooks

Scripting Resources

• PowerSploit - PowerShell security scripts
• Empire - Post-exploitation framework
• Invoke-Obfuscation - PowerShell obfuscation toolkit (for detection research)

---

Note: This list is continuously updated. If you have suggestions for additional resources, please reach out via GitHub or Twitter.

Last updated: October 2025