EDUCATION · INTERACTIVE

Education

References to interactive visualization and command line with synthetic examples - intended for training, demonstration and certification.

Available materials

Reference

Linux Command List

100+ professional Linux commands - file, process, network, security and container management. Search and filtering by category.

files network security containers
Open reference → Reference

Windows Command List

150+ professional Windows commands (cmd) and PowerShell cmdlets - file, process, network, security, AD, container and update management. Search and filtering by category.

cmd powershell AD security
Open reference → Methodology

System analysis

Five methods of system analysis with SVG visualizations: SDLC phases, stakeholder matrix, hierarchy of requirements (IEEE 830), Use Case diagram and gap analysis.

SDLC Stakeholder FURP+ Use Gap
Open charts → Diagrams

Modelling systems

Seven modelling methods with SVG visualizations: ERD, UML, Conceptual→Physical layers, DFD, normalisation, C4 architecture and STRIDE three modeling.

ERD UML DFD C4 STRIDE
Open charts → Roadmap

API Guide

Application interfaces according to international practice: REST principles (Fielding), HTTP methods and status codes (RFC 9110), security (OWASP API Top 10, OAuth 2.0, JWT), API gateway vs reverse proxy vs load balancer, design practices (RFC 9457, OpenAPI 3.1) and standards references.

REST OAuth 2.0 OWASP API gateway
Open Guide → Roadmap

Zero Trust Guide

Zero confidence architecture according to international practice: seven NIST Guiding Principles (SP 800-207), PEP/PDP components, five CISA pillars, maturity levels, gradual transition model and relation to the requirements of Article 21 of the NIS2.

NIST 800-207 CISA ZTMM PEP/PDP 5 pyllar NIS2
Open Guide → Roadmap

Organisational security

Organisational security by international practice: ISO/IEC 27001 management system (ISMs, PDCA), ISO 27002 Chapter 5 (37 organisational controls), risk management and application declaration (SoA), separation of roles and responsibilities, security policies, supplier management, incident management, continuity and compliance (NIS2, MK 397).

ISO 27001 ISMS/PDCA 37 controls Risk management SoA NIS2
Open Guide → Roadmap

Security of personnel

Security of staff by international practice: man as the weakest section and human firewall, ISO 27002 Chapter 6 (8 controls), employee life cycle (Joiner-Mover-Lever), personnel inspection and contracts, security awareness, education and culture, social engineering and internal threats (insider three), event reporting and disciplinary process (NIST SP 800-53 PS, NIS2).

ISO 27002 NIST PS Director-General for Maritime Affairs and Fisheries Awareness Insider three NIS2
Open Guide → Roadmap

Physical security

Physical security in the context of cyber security by international practice: why physical access bypass logic, protection at depth (safety zones), 5 D model, ISO 27002 Chapter 7, NIST SP 800-53 PE, threats (tabilizing, RFID, evil made, TEMPEST), environmental control and media destruction (NIST SP 800-88).

ISO 27002 NIST PE SP 800-88 5 D Zones NIS2
Open Guide → Roadmap

Technological security

Technological (technical) controls by international practice: classification of controls, protection at depth (technical layers), ISO 27002 Chapter 8 (34 controls), identity and access (IAM, MFA, PAM, Zero Trust), cryptography and data protection, hardware of systems, logging and monitoring (NIST SP 800-53, CIS Controls v8, NIS2).

ISO 27002 CIS v8 SAM/MFA Cryptography SEM NIS2
Open Guide → Roadmap

Cyber Kill Chain Guide

Anatomy of the attack in international practice: Lockheed Martin 7 phase (2011), MITRE ATT&CK 14 tactics, Unified Kill Chain (Paul Paul 2022), Diamond Model, D3FEND defense matrix and relationship to NIS2 Article 23 incident reporting NKDC/CERT.LV.

LM 2011 ATT&CK UKC Diamond D3FEND NIS2 23
Open Guide → Roadmap

Logfile (window) analysis

Analysis of logs by international practice: log management life cycle (NIST SP 800-92), sources and formats (syslog RFC 5424, JSON, EVTX), centralised collection and SIEM, analysis techniques (Sigma, baseline, correlation, Pyramid of Pain), attack signs (Windows Event ID, Linux auth.log) and standards (ISO 27001, OWASP A09, PCI DSS, CIS Control 8).

SEM syslog Event ID Sigma NIST SP 800-92
Open Guide → DFIR

Digital Forensics

The most popular Windows, Linux and macOS teams for obtaining evidence, network traffic and magazines (dd, tcpdump, ss, journalctl, wevtutil, log show, launchctl...). Interactive diagrams: volatility sequence, incident cycle, evidence map, chain of customy, artefact pathways.

evidence traffic window triage RFC 3227
Open reference → Roadmap

Third parties and supply chains

Third party (TPRM) and supply chain risk management according to international practice: attack surface, TPRM life cycle, risk classification (tiering), software supply chain (SBOM, SLSA), standards (ISO 27036, NIST SP 800-161, NIS2, DORA, CRA) and controls.

TPRM ISO 27036 SP 800-161 SBOM SLSA NIS2
Open Guide → Roadmap

Audit guide

Audit in line with international practice: audit process (ISO 19011), Three Lines Model (IIA), audit types (steps 1/2/3), standard landscape (COBIT, SOC 2, NIST), evidence and selection, findings and opinion.

ISO 19011 IDA COBIT SOC 2 NIS2
Open Guide →

Safety guidelines and references

Standards

NIST - Safety guidelines

10 most popular NIST publications - CSF 2.0, SP 800-53, SP 800-171, Zero Trust, RMF, incident response. International report on best practices.

CSF 800-53 800-171 800-207 RMF
Open References → Operational resources

CISA - Practical resources

U.S. Homeland Security Cybersecurity Agency - KEV Directory, Ransomware Response, MFA, Zero Trust Matfulness, Performance Goals. Operating materials.

KEV CPGs SBD ZTMM MFA
Open References → Security of applications

OWASP - Open Tools

OWASP Top 10 (Web, API, Mobile), USAS, Cheat Sheets, SAMM, WSTG, ZAP, Dependency-Check, Threeat Dragon. All materials are open and free of charge.

Top10 USS SAMM WSTG ZAP
Open References →