Cybersecurity Research & Knowledge Hub
A curated collection of top-tier blogs, frameworks, and community discussions.
World-Class Cybersecurity Blogs
KrebsOnSecurity
In-depth security news and investigation by Brian Krebs.
Exploit Database
Archive of publicly available exploits and vulnerable software.
Dark Reading
News and commentary on IT security, helping professionals manage risk.
CISA
Cybersecurity & Infrastructure Security Agency - US official alerts and guidance.
Daniel Miessler Blog
Essays on security, technology, and society by Daniel Miessler.
Null Byte
Hands-on hacking tutorials, guides, and news for ethical hackers.
🛡️ OWASP Top 10 - 2021
The OWASP Top 10 is a standard awareness document for developers and web application security, representing a broad consensus about the most critical security risks.Learn more
A01:2021: Broken Access Control
Restrictions on what authenticated users are allowed to do are often not properly enforced.
A02:2021: Cryptographic Failures
Failures related to cryptography (or lack thereof) which can lead to sensitive data exposure.
A03:2021: Injection
Untrusted data is sent to an interpreter as part of a command or query, leading to unintended commands or data access.
A04:2021: Insecure Design
Flaws in design and architecture, missing or ineffective control design.
A05:2021: Security Misconfiguration
Missing appropriate security hardening across any part of the application stack.
A06:2021: Vulnerable and Outdated Components
Using components with known vulnerabilities that undermine application defenses.
A07:2021: Identification and Authentication Failures
Incorrectly implemented functions related to user identity, authentication, or session management.
A08:2021: Software and Data Integrity Failures
Failures relating to software updates, critical data, and CI/CD pipelines without verifying integrity.
A09:2021: Security Logging and Monitoring Failures
Insufficient logging, monitoring, or incident response.
A10:2021: Server-Side Request Forgery (SSRF)
Web applications fetching a remote resource without validating the user-supplied URL.
Research & Framework Hubs
MITRE ATT&CK®
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
NIST Cybersecurity Framework
Voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.
CIS Benchmarks
Consensus-based configuration guidelines for various technology groups to safeguard systems against today's evolving cyber threats.
OWASP Cheat Sheet Series
A collection of concise cheat sheets on specific application security topics.
Join the Community: Top Discord Servers
TryHackMe Official Discord
The official Discord server for TryHackMe users.
The Cyber Mentor Community
Heath Adams' (The Cyber Mentor) community server.