tools
resources
Tools, references, cheat sheets, and labs — everything you need to build real skills.
tools
curated tools
Network Scanning
Nmap
The go-to network discovery and security auditing tool. Map hosts, open ports, and running services.
Visit Site →
Packet Analysis
Wireshark
Industry-standard packet analyzer. Capture and inspect network traffic in real time.
Visit Site →
Web App Testing
Burp Suite
The leading web vulnerability scanner and proxy. Essential for web application penetration testing.
Visit Site →
Exploitation
Metasploit
The world's most used penetration testing framework. Develop, test, and execute exploits.
Visit Site →
Password Cracking
John the Ripper
Fast and flexible password cracker. Supports hundreds of hash and cipher types.
Visit Site →
OS / Platform
Kali Linux
The penetration testing distro of choice. Hundreds of pre-installed security tools out of the box.
Visit Site →templates
Security analyst Workbook
Security Analyst Workbook
Interactive Templates
Incident Investigation Journal
5 W's Framework
// Document the who, what, when, where, why + how of every security incident
Case Metadata
The 5 W's + How
WHO
Who is involved?
WHAT
What happened?
WHEN
When did it occur?
WHERE
Where did it happen?
WHY
Why did it happen?
HOW
How was it executed?
Evidence & IOCs Collected
Containment & Remediation Actions
Lessons Learned & Recommendations
Alert Triage Worksheet
// Systematically evaluate and prioritize security alerts from SIEM / EDR / IDS
Alert Details
Severity Assessment
Rate each dimension 1 (low) – 5 (high) to calculate overall triage priority.
Overall Disposition
Investigation Notes
Chain of Custody / Evidence Log
// Track digital evidence handling for investigations and forensic analysis
⚠ Every person who touches evidence must be logged. Gaps in custody can invalidate evidence in legal proceedings.
Case Information
Evidence Items
| # | Item Description | Type | Hash (SHA256) | Size / Format | Collected By | Date/Time Collected | Location Stored |
|---|---|---|---|---|---|---|---|
Transfer / Access Log
| Date/Time | Evidence Item # | Released By | Received By | Purpose / Action | Returned? |
|---|---|---|---|---|---|
Certifications
Threat Hunting Log
// Document hypothesis-driven hunts across your environment
Hunt Metadata
Hypothesis
Data Sources & Queries
Findings
Recommended Detections / Follow-up
IOC Tracker — Indicators of Compromise
// Track IPs, domains, hashes, URLs, and other threat indicators
Campaign / Case Reference
IOC Table
| Type | Indicator | Confidence | TLP | Tags | First Seen | Last Seen | Status | Source |
|---|---|---|---|---|---|---|---|---|
Notes & Context
Penetration Test Planning Template
// Scope, rules of engagement, methodology, and pre-engagement checklist
⚠ LEGAL REMINDER: Obtain signed written authorization before testing. This document does NOT constitute authorization. Never test systems you do not own or have explicit written permission to test.
Engagement Details
Scope — In Scope
Scope — Out of Scope / Exclusions
Rules of Engagement
Methodology / Phases
Phase 1 — Reconnaissance
Phase 2 — Scanning & Enumeration
Phase 3 — Exploitation
Phase 4 — Post-Exploitation
Phase 5 — Reporting
OSINT Collection Worksheet
// Structured open-source intelligence gathering for target reconnaissance
Target & Collection Details
Domain & Infrastructure
People & Organizational Intel
Leaked Data & Exposures
Findings Summary
| Finding | Severity | Confidence | Source | Notes |
|---|---|---|---|---|
Vulnerability Assessment Report
// Document vulnerabilities found, CVSS scores, and remediation priorities
Report Header
Vulnerability Findings
| # | Vulnerability | CVE | CVSS | Severity | Affected System | Remediation | Priority |
|---|---|---|---|---|---|---|---|
Attack Surface Mapping Worksheet
// Enumerate all external and internal exposure points for an organization
External Attack Surface
Internal Attack Surface
Human Attack Surface
Supply Chain & Third Parties
Threat Actor Profile
// Document known or suspected threat actors using MITRE ATT&CK-aligned intelligence
Actor Overview
MITRE ATT&CK TTPs
Known Tools & Infrastructure
Known IOCs & Detection Opportunities
MITRE ATT&CK Mapping Worksheet
// Map incident or threat actor TTPs to the MITRE ATT&CK framework
Reference
Tactic → Technique Mapping
| Tactic | Technique ID | Technique Name | Sub-Technique | Evidence / Observations | Detection? |
|---|---|---|---|---|---|
Detection Coverage Gaps
CTF Notes Template
// Capture the Flag challenge documentation — approach, tools, flags, and lessons learned
CTF Event & Challenge Info
Approach & Methodology
Initial Reconnaissance / Enumeration
Rabbit Holes & Dead Ends
Key Breakthrough / Solution Path
Commands / Code Used
Flag & Outcome
Lessons Learned & Tools to Study
Tool Learning Log
// Track security tools you're learning — commands practiced, use cases, and mastery level
Tool Overview
Mastery Level
Beginner
Expert
20%
Commands Practiced
| Command / Syntax | What It Does | Example Use Case | Practiced? |
|---|---|---|---|
Resources & Next Steps
Certification Tracker
// Track your cybersecurity certifications, study progress, and exam prep
My Certifications
| Certification | Vendor | Status | Exam Date | Score | Expiry | CEUs / Renewal |
|---|---|---|---|---|---|---|
Recommended Certification Roadmap
Common entry → advanced progression paths for cybersecurity professionals.
ENTRY LEVEL
INTERMEDIATE
ADVANCED
Current Study Plan
Risk Register
// Document, rate, and track organizational security risks and mitigation status
Risk Register
| # | Risk Description | Asset / System | Threat | Likelihood (1-5) | Impact (1-5) | Risk Score | Owner | Mitigation | Status |
|---|---|---|---|---|---|---|---|---|---|
Risk Score = Likelihood × Impact. Score 1-5: Low | 6-10: Medium | 11-15: High | 16-25: Critical
Security Controls Checklist
// CIS Controls v8 / NIST CSF aligned baseline security checklist
CIS Controls — Implementation Group 1 (Basic Hygiene)
Notes / Gaps Identified
SOC Analyst Shift Handover
// Ensure continuity between SOC shifts — active incidents, open alerts, and priorities
Shift Details
Overall Threat Level During Shift
Active Incidents Requiring Attention
| Ticket # | Severity | Description | Status | Next Action | Owner |
|---|---|---|---|---|---|
Alerts Reviewed & Closed This Shift
Watch Items for Incoming Shift
Tabletop Exercise Notes
// Document tabletop exercise scenarios, team responses, and improvement actions
Exercise Details
Scenario Description
Inject Log
| Time | Inject Description | Team Response | Decision Made | Gap Identified? |
|---|---|---|---|---|
After-Action Review
learning
reference docs & learning
-
OWASP Foundation The definitive resource for web application security. Top 10 vulnerabilities, testing guides, and more.Visit →
-
NIST Cybersecurity Framework The industry-standard framework for managing and reducing cybersecurity risk.Visit →
-
CVE Database (MITRE) Search and track Common Vulnerabilities and Exposures across all major software.Visit →
-
Exploit-DB Archive of public exploits and vulnerable software maintained by Offensive Security.Visit →
-
SANS Reading Room Thousands of free research papers covering every domain of information security.Visit →
hands-on
practice labs & platforms
Beginner Friendly
TryHackMe
Browser-based learning with guided rooms and structured learning paths. Great starting point for beginners.
Visit Site →
Intermediate+
Hack The Box
Realistic machines and challenges for intermediate to advanced practitioners. Highly respected in the industry.
Visit Site →
Blue Team
Blue Team Labs Online
Defensive security challenges focused on incident response, forensics, and threat hunting.
Visit Site →
Blue Team
CyberDefenders
Free blue team CTF challenges with real-world scenarios covering SIEM, DFIR, and network analysis.
Visit Site →