| Adrian Colyer | Adrian Colyer | When CSI meets public wifi: Inferring your mobile phone password via wifi signals | Hunt, Mobile, WiFi, Password | 2016 |
| Amir.H Shahin | Amir.H Shahin | Mobile Application Penetration Testing Cheat Sheet | Hunt, CheatSheet | 2015 |
| Andrei Miroshnikov | Microsoft | Windows 10 and Windows Server 2016 Security Auditing and Monitoring Reference | Hunt, Windows Event Logs Win10/Server2016 | 2016 |
| Ankit Anubhav | FireEye | The Journey of Behavioral Evasion | Threat Intel | 2016 |
| Anthony Russ | SANS | Detecting Security Incidents Using Windows Event Logs | Hunt, Windows Event Logs | 2013 |
| Anton Chuvakin | Gartner | On Comparing Threat Intelligence Feeds | Threat Intel | 2014 |
| Anubis Labs | Anubis Labs | Malware Analysis Sample Report | Report Writing | 2014 |
| Anuj Soni | SANS | Closing the Door on Web Shells | Hunt, Web Shells | 2014 |
| Balaji N. | GBHackers | How to Build and Run a SOC | CERT, CSIRT, SOC | 2017 |
| Basil Alawi S.Taher | SANS | Windows Events log for IR/Forensics ,Part 1 | Hunt | 2016 |
| Basil Alawi S.Taher | SANS ISC | NetWitness Tutorial | NetWitness, Tutorial | 2014 |
| Benjamin | Benjamin | 99 Best Intelligence Resources | Threat Intel, Links | 2017 |
| Brad Garnett | SANS | Intro to Report Writing for Digital Forensics Part 1 | Report Writing | 2010 |
| Brad Garnett | SANS | Intro to Report Writing for Digital Forensics Part 2 | Report Writing | 2013 |
| Brian Baskin | Brian Baskin | Malware Analysis | Malware Analysis | 2013 |
| Brian Girardi | NetWitness | NetWitness Tutorial | NetWitness, Tutorial | 2010 |
| Chris Bing | CyberScoop | Hackable Hospital Washing Machine | IoT | 2017 |
| Claus Cramon Houmann | PeerLyst | How To Build And Run A SOC for Incident Response | Threat Intel | 2016 |
| CrowdStrike | CrowdStrike | CrowdStrike Putter Panda Report | Report Writing | 2014 |
| CrowdStrike | CrowdStrike | CrowdStrike Deep Panda Report | Report Writing | 2012 |
| Dallas Haselhorst | SANS | Uncovering IoCs Using PowerShell, Event Logs and a Traditional Monitoring Tools | Hunt, TTPs, Windows Event Logs, PowerShell | 2015 |
| David Bianco | David Bianco | A Simple Hunting Maturity Model | Hunt | 2015 |
| David Bianco | David Bianco | Hunting for Malware Critical Process Impersonation | Hunt | 2016 |
| David Bianco | David Bianco | Cyber Hunting: 5 Tips To Bag Your Prey | Hunt | 2015 |
| David Bianco | David Bianco | The ThreatHunting Project | Hunt | 2017 |
| David Bianco | David Bianco | The ThreatHunting Project (GitHub) | Hunt | |
| enigma0x3 | enigma0x3 | Lateral Movement Using MMC20 Part 1 | Lateral Movement | 2017 |
| enigma0x3 | enigma0x3 | Lateral Movement Using MMC20 Part 2 | Lateral Movement | 2017 |
| fl0x2208 | That Security | Threat Hunting and Pyramid of Pain | Hunt | 2016 |
| Fred House, Claudiu Teodorescu, Andrew Davis | FireEye | Shim Shady: Live Investigations of the Application Compatibility Cache | Hunt | 2015 |
| Gerard Laygui | Gerard Laygui | Forensic Artifacts From A Pass The Hash (PtH) Attack | Hunt, Pass The Hash | 2015 |
| Gregory Weber | Toffler Associates | Are You Certain You’re Prepared for Unpredictable Threat? | Threat Intel | 2016 |
| gwern | gwern | BlackMarket Risks | Hunt, Threat Intel | 2016 |
| Harmj0y (Will) | Harmj0y (Will) | PowerSCCM | Hunt, SCCM | 2016 |
| Harmj0y (Will) | Harmj0y (Will) | PowerSploit Cheatsheet | Hunt, PowerSploit | 2015 |
| Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf | (IJCSIS) International Journal of Computer Science and Information Security | Botnet Detection by Monitoring Similar Communication Patterns | Threat Intel | 2010 |
| Ian Barton, boingomw | Ian Barton, boingomw | Deloitte Feed Links Hunt | Hunt | 2016 |
| Jack Crook | Jack Crook | Hunting Lateral Movement | Hunt, Lateral Movement | 2016 |
| Jack Crook | Jack Crook | The Hunting Cycle and Measuring Success | Hunt, Metrics | 2016 |
| Jack Crook | Jack Crook | My Thoughts on Threat Hunting | Hunt | 2016 |
| Jack Crook | Jack Crook | Categories of Abnormal | Hunt, TTPs | 2016 |
| Jack Crook | Jack Crook | What Does Hunting Look Like? | Hunt | 2017 |
| Jake Williams | SANS | Report Writing Part 1 | Report Writing | 2013 |
| Jake Williams | SANS | Report Writing Part 2 | Report Writing | 2013 |
| Jake Williams | SANS | Report Writing Part 3 | Report Writing | 2013 |
| Jeff John Roberts | Fortune | What Companies Get Wrong About Machine Learning | Hunt, Threat Intel | 2016 |
| Jeremiah Grossman | Jeremiah Grossman | Jeremiah Grossman | Slide Presentations | Various |
| Jeremy Leighton John | Digital Preservation Coalition | Digital Forensics and Preservation | Report Writing | 2012 |
| Josh Liburdi | Josh Liburdi | Hunting for PowerShell Using HeatMaps | Hunt, PowerShell | 2017 |
| JPCERT | JPCERT | LogonTracer Tool | Tool, Windows Event Logs | 2017 |
| JPCERT-CC | JPCERT-CC | Detecting Lateral Movement through Tracking Event Logs | Hunt, Lateral Movement | 2017 |
| Julio Cesarfort | Julio Cesarfort | Public PenTesting Report Repository | Report Writing | 2016 |
| Ken Thompson | ACM | Reflections on Trusting Trust | Trust, Attribution | 1984 |
| Koen Van Impe | Network World | Comparing Different Tools for Threat Sharing | Threat Intel | 2015 |
| Kurt Thomas, Rony Amira, Adi Ben-Yoash, Ori Folger, Amir Hardon, Ari Berger, Elie bursztein, Michael Bailey | Google, Inc. | The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges | Threat Intel | 2015 |
| Levi Gundert | RecordedFuture | Shell No! (Part 1) Adversary Web Shell Trends and Mitigations | Hunt | 2016 |
| Levi Gundert | RecordedFuture | Shell No! (Part 2) Introducing Cknife, China Chopper’s Sibling | Hunt | 2016 |
| Luis Rocha | Luis Rocha | CountUponSecurity SOC Metrics | CERT, CSIRT, SOC | 2015 |
| Maarten de Frankrijker, Christian Reina, Steve Warnock | Maarten de Frankrijker, Christian Reina, Steve Warnock | CISSP CheatSheet | CISSP, CheatSheet | 2017 |
| Mansour A. Alharbi | SANS | Writing a PenTest Report | Report Writing | 2010 |
| Marc Rivero López | Marc Rivero López | Hunting .NET Malware | Hunt, Malware | 2017 |
| Mark Russinovich | Mark Russinovich | Mark Russinovich Hunting With SysInternals SysMon | Hunt, SysInternals, RSA | 2017 |
| Matt Graeber | Matt Graeber | PowerShell is Not Special | Hunt, PowerShell | 2017 |
| Matthew Dunwoody | FireEye | Greater Visibility Through PowerShell Logging | Hunt | 2016 |
| Melia Kelley | Melia Kelley | Report Writing CheatSheet | Report Writing | 2012 |
| Michael Gough | Michael Gough | Malwarearchaeology CheatSheets | Hunt, CheatSheets | 2016 |
| Michael Gough | Splunk | Finding Advanced Attacks and Malware With Only 6 Windows EventID’s | Hunt, Windows Event Logs | 2016 |
| Microsoft | Microsoft | Windows 8, Server 2012 Security Event Descriptions | Hunt, Windows Event Logs Win8/Server2012 | |
| Microsoft | Microsoft | Windows 7, Server 2008R2 Security Event Descriptions | Hunt, Windows Event Logs Win7/Server2008R2 | |
| Microsoft | Microsoft | Vista, 2008 Security Event Descriptions | Hunt, Windows Event Logs WinVista/Server2008 | |
| Mike Murr | SANS | Writing Malware Reports | Report Writing | 2012 |
| Mike Rothman | Securosis | Building a Threat Intelligence Program | Threat Intel | 2016 |
| Mike Rothman | Securosis | Applied Threat Intelligence | Threat Intel | 2015 |
| Monnappa KA | Monnappa KA | Process Hollowing and HollowFind | Hunt, HollowFind, Volatility | 2016 |
| N/A | N/A | Security Assessment Maintenance Checklist | Report Writing | 2008 |
| Network World | Network World | 12 managed security-services providers you should know | Threat Intel, MSSP | 2008 |
| Nicholas Popovich | Optiv | MSSQL Agent Jobs for Command Execution | Hunt | 2016 |
| Nick Caldwell | HackerNoon | Worst Career Advice I Ever Received | | 2019 |
| Offensive Security | Offensive Security | PenTesting Report Sample | Report Writing | 2013 |
| PagerDuty | PagerDuty | PagerDuty Incident Response Templates | Incident Response | 2017 |
| Paul Poputa-Clean | SANS | Automated Defense Using Threat Intelligence | Threat Intel | 2015 |
| Rafeeq Rehman | Rafeeq Rehman | Building a Successful SOC | CERT, CSIRT, SOC | 2017 |
| RedTeamBlueTeam | RedTeamBlueTeam | Spotting the Adversary with Windows Event Log Monitoring, Part I | Hunt | 2015 |
| RedTeamBlueTeam | RedTeamBlueTeam | Spotting the Adversary with Windows Event Log Monitoring, Part II | Hunt | 2015 |
| Richard Chirgwin | Register UK | Dishwasher Directory Traversal Bug | IoT | 2017 |
| Robert M. Lee | SANS | The Problems with Seeking and Avoiding True Attribution to Cyber Attacks | Advanced Persistent Threat, Cyber Threat, Incident Response, Hunt | 2016 |
| Robert M. Lee | Robert M. Lee | Common Analyst Mistakes and Claims of Energy Company Targeting Malware | Threat Intel | 2016 |
| Ronnie Flathers | Ronnie Flathers | Payload CheatSheet | Payload, CheatSheet, Exfil | 2016 |
| Ryan Fyffe | CrowdStrike | Open Source Recon | Hunt | 2016 |
| Samuel Alonso | Samuel Alonso | Cyber Threat Hunting (1): Intro | Cyber kill chain, Incident Detection, incident response, Hunt | 2016 |
| Sean Metcalf | ActiveDirectory Security | Beyond the MCSE: Red Teaming Active Directory | Hunt | 2014 |
| Sergio Caltagirone | ActiveResponse | | Hunt | 2016 |
| Sergio Caltagirone | ActiveResponse | Unofficial Microsoft Threat Intelligence | Threat Intel | 2016 |
| Sergio Caltagirone | ActiveResponse | 15 Things Wrong with Today’s Threat Intelligence Reporting | Threat Intel | 2014 |
| Sergio Caltagirone, Andrew Pendergast, Christopher Betz | Malaysia University | The Diamond Model of Intrusion Analysis | Threat Intel | 2013 |
| Shusei Tomonaga | JPCERT-CC | Windows Commands Abused by Attackers | Hunt | 2016 |
| Shusei Tomonaga | JPCERT | Visualise Event Logs to Identify Compromised Accounts - LogonTracer | Hunt, Windows Event Logs | 2017 |
| Team Cymru | Team Cymru | THE DARKNET PROJECT | Hunt | 2004 |
| ThreatConnect | ThreatConnect | THREAT INTELLIGENCE PLATFORMS Everything Youve Ever Wanted toKnow But Didn’t Know to Ask | Threat Intel | 2015 |
| Toffler Associates | Toffler Associates | Odays: How Hacking Really Works | Hunt, Threat Intel | 2005 |
| Ton Sager | SANS | Killing Advanced Threats in Their Tracks | Hunt, TTPs | 2014 |
| Various | University of Wisconson-Madison | Fuzz Testing of Application Reliability | Hunt, Tool | Various |
| Various | SANS | Cyber Threat Intelligence Summit | Threat Intel | 2017 |
| Wayne Piekarski | Wayne Piekarski | Google Android Internet of Things platform | Google, Android, IoT | 2016 |
| William Hart | RSA | NetWitness Tutorial | NetWitness, Tutorial | 2016 |
| Y.M. Wara, D. Singh | IEEE | CSIRT Success | CERT, CSIRT, SOC | 2015 |
