| description | Guided cyber security learning paths for SOC analysts, pentesters, DFIR practitioners, CTI analysts, AppSec testers, and beginners. |
|---|
Use this page when you know the role, workflow, or learning goal you care about, but not which section to open first.
Start with fundamentals, then branch into the color-coded sections as your interests sharpen.
{% content-ref url="training/" %} training {% endcontent-ref %}
{% content-ref url="yellow-neteng-sysadmin.md" %} yellow-neteng-sysadmin.md {% endcontent-ref %}
{% content-ref url="code-tools/" %} code-tools {% endcontent-ref %}
Use these pages for defensive operations, SIEM work, detection engineering, endpoint visibility, packet analysis, and hardening.
{% content-ref url="blue-defense/" %} blue-defense {% endcontent-ref %}
{% content-ref url="blue-defense/event-detection/" %} event-detection {% endcontent-ref %}
{% content-ref url="security-logging/" %} security-logging {% endcontent-ref %}
Use these pages for live response, forensic triage, event logs, memory forensics, malware analysis, and evidence handling.
{% content-ref url="dfir-digital-forensics-and-incident-response/" %} dfir-digital-forensics-and-incident-response {% endcontent-ref %}
{% content-ref url="dfir-digital-forensics-and-incident-response/windows-dfir-checks.md" %} windows-dfir-checks.md {% endcontent-ref %}
{% content-ref url="dfir-digital-forensics-and-incident-response/memory-forensics/" %} memory-forensics {% endcontent-ref %}
Use these pages for threat data, indicators, enrichment, source evaluation, domain and IP investigation, usernames, email, social media, and public records.
{% content-ref url="cyber-intelligence/" %} cyber-intelligence {% endcontent-ref %}
{% content-ref url="cyber-intelligence/osint/" %} osint {% endcontent-ref %}
{% content-ref url="cyber-intelligence/threat-data.md" %} threat-data.md {% endcontent-ref %}
Use these pages for authorized offensive operations, active reconnaissance, exploitation, post-exploitation, lateral movement, password attacks, and red/purple team exercises.
{% content-ref url="red-offensive/" %} red-offensive {% endcontent-ref %}
{% content-ref url="red-offensive/scanning-active-recon/" %} scanning-active-recon {% endcontent-ref %}
{% content-ref url="red-offensive/exploitation-and-targets/" %} exploitation-and-targets {% endcontent-ref %}
Use these pages for web application testing methodology, Burp Suite, OAuth, API security, TLS, WAF testing, SQL injection, XSS, CSRF, XXE, and other web vulnerabilities.
{% content-ref url="web-app-hacking/" %} web-app-hacking {% endcontent-ref %}
{% content-ref url="web-app-hacking/burp-suite.md" %} burp-suite.md {% endcontent-ref %}
{% content-ref url="web-app-hacking/attacks-and-vulnerabilities/" %} attacks-and-vulnerabilities {% endcontent-ref %}
Use these pages for AWS, Azure, Google Cloud, Microsoft 365, Docker, Kubernetes, image scanning, runtime security, and cloud or container logging.
{% content-ref url="cloud.md" %} cloud.md {% endcontent-ref %}
{% content-ref url="containers.md" %} containers.md {% endcontent-ref %}
{% content-ref url="security-logging/logging-cloud.md" %} logging-cloud.md {% endcontent-ref %}
Use this section for personal privacy, Tor fundamentals, PGP, secure communication, and operational safety. The Jolly Roger page is preserved as a historical archive.
{% content-ref url="grey-privacy-tor-opsec/" %} grey-privacy-tor-opsec {% endcontent-ref %}