Frameworks
MITRE ATT&CK
Knowledge base of adversary tactics and techniques.
Unified Kill Chain
End-to-end framework for analyzing attacks.
Policy
CTI-CMM
Intelligence Capability Maturity Model.
RFC 9424
Guide for Threat Actor Characterization.
IC Directives
U.S. Intelligence Community Directives.
Threat Emulation
Adversary Emulation Library
Community-curated library of adversary emulation plans.
MITRE Emulation Plans
Formal adversary emulation plans from MITRE.
Atomic Red Team
Library of tests mapped to MITRE ATT&CK.
CALDERA
Automated adversary emulation platform.
Threat Actor Research
APT Groups Tracker
Comprehensive list of known APT groups.
Feodo Tracker
Botnet C2 infrastructure tracker.
Ransomware.live
Monitoring ransomware group leak sites.
Threat Intelligence Platforms (TIP)
MISP
Open Source Threat Information Sharing Platform.
OpenCTI
Open Cyber Threat Intelligence Platform.
Yeti
Your Everyday Threat Intelligence platform.
ThreatConnect
Commercial CTI Platform.
Cyble TIP
Enterprise threat intelligence solutions.
AlienVault OTX
Open Threat Exchange.
Training
Malware Traffic Analysis
Pcap files and malware samples for practice.
Self-Study Plan (Part 1)
A comprehensive CTI study guide by Katie Nickels.
Self-Study Plan (Part 2)
Advanced CTI study topics and methodologies.
Malware Analysis
VirusTotal
Crowdsourced malware analysis platform.
Malpedia
Inventory of malware families and artifacts.
VX-Underground
Largest collection of malware source code and samples.
MalwareBazaar
Community-driven malware sample database.
Signatures
YARA
The pattern matching swiss knife for malware.
Suricata
Network threat detection engine.
Sigma
Generic signature format for SIEM systems.