Security tools, platforms, and technology evaluations
216 total articles
Systematic security assessment of cloud infrastructure evaluating misconfigurations, IAM policies, and cloud-specific attack vectors.
Systematic discovery and assessment of Amazon S3 storage buckets to identify publicly accessible or misconfigured cloud storage.
Manipulating mechanical lock mechanisms during authorized security assessments to evaluate physical access control effectiveness.
Systematic assessment of wireless network security through active testing of Wi-Fi, Bluetooth, and RF protocols.
Evaluating security of NFC short-range wireless systems used in payments, access control, and device authentication.
Collection and analysis of publicly available information to map attack surfaces and produce actionable security intelligence.
Using advanced search engine operators to discover sensitive exposed information and configuration details for reconnaissance.
Scripted workflows and toolchains for systematically discovering and enumerating external attack surfaces at scale.
Search engine for internet-connected devices enabling discovery of exposed systems and vulnerable services through passive reconnaissance.
Guide to syslog protocol security covering the evolution from plaintext UDP to TLS-encrypted transport, structured data, and reliable delivery mechanisms.
Guide to SNMPv3 security features including USM authentication, VACM access control, encryption options, and migration from legacy SNMP versions.
Guide to Terraform security scanning tools and techniques including tfsec, Checkov, Sentinel policies, plan analysis, and CI/CD integration.
Guide to OpenVPN architecture covering TUN/TAP modes, TLS control channel, authentication options, common misconfigurations, and hardening recommendations.
Overview of NetFlow analysis for network security, covering flow data collection, export formats, threat detection use cases, and integration with security monitoring.
Overview of SCP protocol covering its SSH-based operation, known vulnerabilities, deprecation status, and migration path to SFTP for secure file transfers.
Guide to PCAP analysis for security investigations, covering capture methods, protocol dissection, Wireshark usage, and forensic investigation techniques.
Overview of WireGuard VPN protocol covering its cryptographic design, Cryptokey Routing, performance advantages, and enterprise deployment considerations.
Guide to SSH protocol security covering the layered architecture, authentication methods, common weaknesses, and hardening best practices for remote access.
Guide to CloudFormation security including cfn-guard rules, stack policies, hooks for pre-provisioning validation, and StackSet governance.
Commercial adversary simulation platform whose Beacon implant is widely used in red team operations and real-world attacks for post-exploitation.
Graph-based analysis tool that reveals hidden attack paths in Active Directory by mapping relationships between domain objects.
Open-source .NET Core C2 framework providing collaborative red team operations with web-based management and Grunt implants.
Systematic techniques for compromising Active Directory environments including enumeration, lateral movement, and domain dominance.
Cross-platform Go-based C2 framework with unique implant generation, multiple communication protocols, and collaborative operation support.
Overview of Google Cloud Security Command Center for asset inventory, vulnerability detection, threat monitoring, and compliance across GCP.
Overview of Azure Key Vault for managing keys, secrets, and certificates with RBAC, managed identities, HSM protection, and audit logging.
Deep dive into AWS KMS for encryption key lifecycle management including key policies, envelope encryption, rotation, and compliance requirements.
Guide to configuring Microsoft Sentinel SIEM/SOAR including data connectors, KQL analytics rules, automation playbooks, and cost optimization.
Guide to AWS Security Hub for centralized finding aggregation, continuous compliance monitoring, and automated remediation across AWS organizations.
Deep dive into AWS Lambda security covering execution roles, event validation, layer management, VPC placement, and function-level hardening.
Guide to Istio service mesh security including mutual TLS, authorization policies, SPIFFE identities, and zero-trust service communication.
Guide to container runtime security using eBPF, Falco, and behavioral analysis for detecting zero-day exploits and anomalous container behavior.
Comprehensive guide to securing AWS IAM with least privilege, MFA enforcement, temporary credentials, permission boundaries, and access analysis.
Overview of container image scanning tools and practices including vulnerability detection, CI/CD integration, policy enforcement, and supply chain security.
Free open-source vulnerability scanner with over 100,000 network vulnerability tests for comprehensive security assessment without licensing costs.
GPU-accelerated password recovery tool supporting 350+ hash types for validating password security and conducting credential audits.
Fast multi-purpose HTTP toolkit for probing web servers at scale with technology fingerprinting and response metadata extraction.
Versatile open-source password auditing tool with intelligent mangling rules, auto-detection, and support for hundreds of hash formats.
Fast web fuzzer for directory discovery, virtual host enumeration, and parameter brute-forcing with flexible filtering and multi-position fuzzing.
Fast template-based vulnerability scanner with 8,000+ community detection templates for web applications, networks, and cloud infrastructure.
Fast Go-based brute-force tool for discovering hidden directories, files, subdomains, virtual hosts, and cloud storage buckets.
Post-exploitation tool for extracting Windows credentials from memory, enabling Pass-the-Hash, Golden Ticket, and DCSync attacks.
Fast passive subdomain discovery tool querying 40+ data sources for stealthy reconnaissance without sending requests to the target.
Open-architecture SIEM built on the Elastic Stack with schema-neutral data ingestion, behavioral ML detection, and transparent detection rules.
Industry-standard open-source network intrusion detection and prevention system with the most widely adopted rule language for threat signatures.
Free open-source security monitoring platform providing unified XDR and SIEM with file integrity monitoring, vulnerability detection, and compliance assessment.
Universal pattern-matching language for malware identification, enabling human-readable detection rules shared across the security community.
High-performance multi-threaded network threat detection engine providing IDS/IPS and rich protocol metadata extraction at multi-gigabit speeds.
Enterprise SIEM platform combining log correlation and network flow analysis with automated offense management for prioritized threat detection.
OWASP attack surface mapping tool for discovering internet-facing assets through DNS enumeration, certificate transparency, and 70+ data source integrations.
Premium SIEM platform providing risk-based alerting, advanced threat detection, and incident investigation across enterprise data sources.
ASIC-accelerated next-generation firewall platform combining network security, SD-WAN, and zero-trust access with hardware-speed inspection.
Comprehensive cloud-native application protection platform securing multi-cloud environments from code to runtime with unified CSPM, CWP, and CIEM.
Autonomous AI-powered endpoint protection platform with real-time behavioral detection, automated response, and ransomware rollback capabilities.
Cloud-native security platform providing vulnerability management, compliance scanning, and risk-based prioritization across hybrid environments.
Widely deployed vulnerability scanner by Tenable with over 200,000 plugins for identifying vulnerabilities and compliance gaps.
Cloud-native EDR platform combining AI-driven threat detection, managed hunting, and real-time endpoint response in a single lightweight agent.
Industry-standard open-source network scanner for port discovery, service enumeration, and OS fingerprinting.
Industry-leading web application security testing platform with intercepting proxy, automated scanning, and manual testing tools.
Free open-source web application security scanner from OWASP for automated vulnerability detection and manual testing.
Open-source network protocol analyzer for capturing and inspecting packet-level traffic across hundreds of protocols.
Leading open-source penetration testing framework with thousands of exploits and post-exploitation modules for security validation.
Enterprise endpoint security platform natively integrated with the Microsoft ecosystem for threat prevention, detection, and automated response.
Post-exploitation framework using PowerShell agents for in-memory operations, credential harvesting, and lateral movement.
Vendor-neutral SIEM detection rule format enabling portable, YAML-based log signatures convertible across any SIEM platform.
EDR continuously monitors endpoint behavior to detect and respond to threats that bypass traditional antivirus, including fileless malware and living-off-the-land attacks.
Overview of AWS GuardDuty managed threat detection including data sources, finding types, multi-account deployment, and automated response integration.
Vulnerability scanning automatically identifies known security weaknesses, misconfigurations, and missing patches to enable risk-based remediation.
Vendor assessment guide for Vanta Compliance Platform.
Vendor assessment guide for AttackIQ BAS.
Vendor assessment guide for KnowBe4 Security Awareness.
Vendor assessment guide for Tines Automation.
Vendor assessment guide for Torq SOAR.
Vendor assessment guide for Immersive Labs Training.
Vendor assessment guide for Orca Security Cloud.
Vendor assessment guide for Censys Attack Surface.
Vendor assessment guide for Lacework Cloud Security.
Vendor assessment guide for Pentera Automated Pentesting.
Vendor assessment guide for Elastic Security.
Vendor assessment guide for Drata Compliance Automation.
Vendor assessment guide for Netskope CASB.
Vendor assessment guide for Lookout Mobile Security.
Vendor assessment guide for Vectra AI NDR.
Vendor assessment guide for Sumo Logic Cloud SIEM.
Vendor assessment guide for ExtraHop Reveal(x).
Vendor assessment guide for Illumio Microsegmentation.
Vendor assessment guide for Axonius Asset Management.
Vendor assessment guide for LogRhythm SIEM.
Vendor assessment guide for ServiceNow SecOps.
Vendor assessment guide for Sailpoint Identity Governance.
Vendor assessment guide for Varonis Data Security.
Vendor assessment guide for Cloudflare Security.
Vendor assessment guide for Carbon Black Cloud.
Vendor assessment guide for Arctic Wolf MDR.
Vendor assessment guide for Akamai Security.
Vendor assessment guide for Mandiant Threat Intelligence.
Vendor assessment guide for Abnormal Security Email.
Vendor assessment guide for Tanium Endpoint.
Vendor assessment guide for Darktrace AI Detection.
Vendor assessment guide for HashiCorp Vault.
Vendor assessment guide for Mimecast Email Security.
Vendor assessment guide for Recorded Future Intelligence.
Vendor assessment guide for Snyk Developer Security.
Vendor assessment guide for Proofpoint Email Security.
Vendor assessment guide for BeyondTrust PAM.
Vendor assessment guide for Rapid7 InsightConnect.
Vendor assessment guide for CyberArk PAM.
Vendor assessment guide for Wiz Cloud Security.
Vendor assessment guide for Splunk Enterprise Security.
Vendor assessment guide for Tenable Vulnerability Platform.
Vendor assessment guide for Zscaler Zero Trust.
Vendor assessment guide for SentinelOne Singularity.
Vendor assessment guide for Okta Identity Platform.
Vendor assessment guide for Qualys Cloud Platform.
Vendor assessment guide for Palo Alto Networks Cortex.
Vendor assessment guide for Fortinet Security Fabric.
Vendor assessment guide for CrowdStrike Falcon Platform.
Vendor assessment guide for Microsoft Defender XDR.
Operational runbook for security dashboard maintenance procedures.
Operational runbook for log source onboarding procedures.
Operational runbook for siem rule tuning procedures.
Operational runbook for security tool health check procedures.
Analysis of security copilot and ai assistants and implications for cybersecurity professionals.
Analysis of extended detection and response evolution and implications for cybersecurity professionals.
Analysis of security data fabric architecture and implications for cybersecurity professionals.
Evaluation framework and comparison guide for code security scanner solutions.
Evaluation framework and comparison guide for secure access service edge solutions.
Evaluation framework and comparison guide for zero trust network access solutions.
Evaluation framework and comparison guide for casb solution solutions.
Evaluation framework and comparison guide for security awareness training platform solutions.
Evaluation framework and comparison guide for compliance automation platform solutions.
Evaluation framework and comparison guide for dns security solution solutions.
Evaluation framework and comparison guide for api security platform solutions.
Evaluation framework and comparison guide for penetration testing tool solutions.
Evaluation framework and comparison guide for xdr platform solutions.
Evaluation framework and comparison guide for backup solution solutions.
Evaluation framework and comparison guide for soar platform solutions.
Evaluation framework and comparison guide for grc platform solutions.
Evaluation framework and comparison guide for secrets management solution solutions.
Evaluation framework and comparison guide for network detection and response solutions.
Evaluation framework and comparison guide for attack surface management solutions.
Evaluation framework and comparison guide for container security platform solutions.
Evaluation framework and comparison guide for web application firewall solutions.
Evaluation framework and comparison guide for mdm solution solutions.
Evaluation framework and comparison guide for threat intelligence platform solutions.
Evaluation framework and comparison guide for dlp solution solutions.
Evaluation framework and comparison guide for pam solution solutions.
Evaluation framework and comparison guide for identity provider solutions.
Evaluation framework and comparison guide for password manager solutions.
Evaluation framework and comparison guide for email security gateway solutions.
Evaluation framework and comparison guide for cloud security posture management solutions.
Evaluation framework and comparison guide for siem platform solutions.
Evaluation framework and comparison guide for firewall platform solutions.
Evaluation framework and comparison guide for edr platform solutions.
Evaluation framework and comparison guide for vulnerability scanner solutions.
Reference architecture and design patterns for log management architecture at scale implementation.
Reference architecture and design patterns for network detection and response architecture implementation.
Reference architecture and design patterns for security orchestration architecture implementation.
Reference architecture and design patterns for security data lake architecture implementation.
Reference architecture and design patterns for soc architecture and technology stack implementation.
Build security metrics dashboards for executive reporting and operational visibility.
Practice configuring log collection agents, parsing rules, and normalization for security monitoring.
Practice writing Python scripts for security automation including log parsing, IOC extraction, and API integration.
Build and test automated incident response playbooks using SOAR platform capabilities.
Step-by-step guide to building a virtualized security testing environment using VirtualBox for hands-on practice.
Hands-on packet capture and analysis exercises using Wireshark for network forensics and threat detection.
Deploy an ELK Stack SIEM and practice log ingestion, parsing, correlation, and alert creation.
Deploying the Elastic Stack for security monitoring, log analysis, and threat detection with open-source flexibility.
Using IDA Pro for binary analysis, malware reverse engineering, and vulnerability research in compiled executables.
Deploying the Elastic Stack for security monitoring, log analysis, and threat detection with open-source flexibility.
Using IDA Pro for binary analysis, malware reverse engineering, and vulnerability research in compiled executables.
How ScoutSuite assesses security posture across AWS, Azure, GCP, and other cloud platforms with automated configuration checks.
Using Prowler to audit AWS environments against CIS benchmarks, PCI DSS, HIPAA, and security best practices.
Using Trivy to scan container images, filesystems, git repositories, and infrastructure as code for vulnerabilities and misconfigurations.
Deploying Falco for real-time threat detection in containers and Kubernetes by monitoring system call behavior.
Deploying Zeek for deep network traffic analysis, protocol logging, and security monitoring beyond simple packet capture.
Setting up and configuring pfSense as a firewall, VPN gateway, and network security platform for small to mid-size environments.
Deploying Wazuh for host-based intrusion detection, log analysis, file integrity monitoring, and compliance checking.
Using KAPE for rapid triage artifact collection and processing during incident response engagements.
Setting up Graylog for centralized log collection, parsing, search, and security event analysis.
Using Volatility to analyze memory dumps for malware detection, rootkit identification, and incident investigation.
Using John the Ripper for password auditing, hash cracking, and testing password policy effectiveness.
Getting started with Ghidra for malware analysis, binary reverse engineering, and vulnerability research.
How to use Autopsy for disk image analysis, file recovery, timeline creation, and forensic investigations.
Leveraging GPU power with Hashcat for password hash cracking, rule-based attacks, and password audit testing.
How to use sqlmap to detect, confirm, and exploit SQL injection vulnerabilities in web applications.
How to use Nuclei's template-based scanning engine for rapid vulnerability detection across web applications and infrastructure.
Using ffuf for directory brute-forcing, parameter fuzzing, virtual host discovery, and other web application testing tasks.
A practical guide to using Gobuster for directory enumeration, DNS subdomain brute-forcing, and virtual host discovery.
Using Censys to discover, monitor, and analyze internet-facing assets and their security configurations.
Setting up TheHive for case management, alert triage, and collaborative incident response workflows.
How to use Shodan for attack surface discovery, exposed service identification, and security research on internet-facing assets.
Using OpenCTI to aggregate, analyze, and visualize threat intelligence from multiple sources using the STIX framework.
How MISP enables organizations to share, store, and correlate threat intelligence indicators in a structured format.
How to deploy and use Velociraptor for endpoint monitoring, forensic artifact collection, and threat hunting at scale.
Setting up and configuring Snort for network intrusion detection, writing custom rules, and integrating with your security stack.
Using osquery to query your endpoints like a database, with practical examples for security monitoring and incident investigation.
How Sigma provides vendor-agnostic detection rules that can be converted to queries for any SIEM platform.
Writing and deploying YARA rules to identify and classify malware samples based on textual or binary patterns.
How Suricata provides IDS, IPS, and network security monitoring with multi-threaded performance and protocol analysis.
How to use the Metasploit Framework for penetration testing, from setting up the environment to running exploits and generating reports.
A practical guide to Nmap, the essential network scanning tool, covering installation, scan types, scripting engine, and real-world workflows.
How to use Qualys for continuous vulnerability scanning, asset discovery, and compliance assessment across cloud and on-premises environments.
Snyk finds vulnerabilities in code, dependencies, containers, and IaC during development.
Burp Suite is the industry-standard toolkit for web application security testing.
HashiCorp Vault centralizes secrets management with dynamic credentials and encryption as a service.
Splunk is the leading SIEM platform for log aggregation, threat detection, and security analytics.
CrowdStrike Falcon is a cloud-native EDR platform with threat hunting and real-time detection.
Microsoft Sentinel is a cloud-native SIEM with AI-powered threat detection.
Wireshark is the leading network protocol analyzer for traffic capture and security investigation.
Terraform enables secure infrastructure as code with policy-as-code scanning.
Okta provides cloud identity with SSO, MFA, and lifecycle management.
Nessus is a widely deployed vulnerability scanner identifying misconfigurations and compliance violations.
SIEM platforms centralize security log analysis for threat detection and compliance. Modern solutions are cloud-native with ML-based detection.
EDR provides behavioral threat detection and response on endpoints. Evolving into XDR for cross-layer correlation.
What SIEM systems do, how correlation rules work, key capabilities, common platforms, and the operational realities of running one.
Continue your mission