Security Resources & Literature

A concise reference guide for incident responders and security operations. Covers incident handling procedures, log analysis, network forensics, and threat intelligence in a quick-reference format ideal for SOC analysts.

A certification that demonstrates proficiency in ethical hacking methodologies and tools. Covers footprinting, scanning, enumeration, system hacking, malware threats, sniffing, social engineering, and web application hacking.

An advanced-level certification covering eight domains of information security: security and risk management, asset security, security architecture, communication and network security, identity and access management, security assessment, security operations, and software development security.

Consensus-based configuration guidelines for secure system hardening. Provides prescriptive guidance for over 100 technologies including operating systems, cloud platforms, network devices, and applications.

An entry-level cybersecurity certification validating baseline skills in threat assessment, network security, compliance, identity management, and cryptography. Widely recognized as a foundational credential for IT security professionals.

An online cyber security training platform offering free and premium courses. Covers topics from CompTIA certifications to advanced penetration testing, with virtual labs and career paths.

A massive hacking playground with hundreds of vulnerable machines, challenges, and guided learning paths. Offers real-world scenarios for practicing penetration testing skills in a safe, legal environment.

A classic text covering the technical foundations of hacking including programming, networking, and cryptography. Features hands-on exercises with a bootable Linux environment for practicing buffer overflows, shellcode, and network attacks.

The international standard for information security management systems (ISMS). Provides a systematic approach to managing sensitive company information through risk assessment, security controls, and continual improvement processes.

An investigative journalism blog covering cybercrime, data breaches, and internet security. Known for in-depth reporting on major breaches, cybercriminal operations, and security industry developments.

A comprehensive knowledge base documenting adversary tactics, techniques, and procedures (TTPs) based on real-world observations. Essential for threat intelligence, detection engineering, and red team operations.

A voluntary framework providing a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks. Organized into five core functions: Identify, Protect, Detect, Respond, Recover.

A hands-on penetration testing certification requiring a 24-hour practical exam. Widely regarded as one of the most rigorous and respected certifications in the offensive security field, emphasizing real-world skills over theoretical knowledge.

A peer-reviewed methodology for performing security tests and metrics. Covers operational security testing across five channels: human, physical, wireless, telecommunications, and data networks.

The definitive guide to web application security testing. Covers methodology, information gathering, configuration testing, authentication, session management, input validation, error handling, and cryptography testing.

A standard designed to provide a common language and scope for performing and reporting penetration tests. Covers pre-engagement interactions, intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and reporting.

A free, online web security training resource from the creators of Burp Suite. Provides comprehensive, hands-on labs covering all major web vulnerability categories with detailed explanations and interactive exercises.

The hands-on guide to dissecting malicious software. Covers static analysis, dynamic analysis, debugging, disassembly, and anti-analysis techniques with real-world malware samples and lab exercises.

The most trusted source for cybersecurity training and certification. Offers intensive courses in incident handling, penetration testing, digital forensics, and security management taught by industry experts.

An extensive library of over 3,000 security white papers and research documents. Covers topics from incident handling to secure coding, written by SANS instructors and GIAC-certified professionals.

A leading cybersecurity news platform covering the latest vulnerabilities, data breaches, malware, and hacking techniques. Provides timely updates on emerging threats and security advisories.

A comprehensive guide to discovering and exploiting security flaws in web applications. Covers authentication, session management, access controls, input validation, and application logic vulnerabilities with practical techniques.

An online platform for learning cybersecurity through short, gamified real-world labs. Offers guided learning paths from beginner to advanced, covering topics from Linux basics to advanced exploitation techniques.