Evidence-first education for modern cyber defense.
Cybersecurity Encyclopedia teaches endpoint telemetry, cloud posture, identity risk, attack paths, ransomware defense, incident timelines, evidence-first triage, AI-era risks, and open security engineering without hype or product marketing.
Start here
Assets, risk, evidence, and calm prioritization.
How defenders model routes through systems.
The four-part mental model for defense.
Replacing panic with observable facts.
Reading alerts, avoiding false certainty, deciding next steps.
Normal behavior, drift, and anomaly context.
Separating urgency, impact, likelihood, and evidence confidence.
Defensive education, legal boundaries, and toy examples.
Learning paths
Start Here: Defender Thinking
Assets, risk, evidence, and calm prioritization.
How defenders model routes through systems.
The four-part mental model for defense.
Replacing panic with observable facts.
Reading alerts, avoiding false certainty, deciding next steps.
Normal behavior, drift, and anomaly context.
Separating urgency, impact, likelihood, and evidence confidence.
Defensive education, legal boundaries, and toy examples.
Endpoint Telemetry
Process trees, parent-child relationships, command-line context.
Unusual names, locations, privilege, ancestry, and behavior.
How defenders reason about endpoint network connections.
Audit logs, service logs, authentication logs, and retention basics.
Ransomware-like file behavior and false positives.
Signature matches, context, confidence, and next steps.
Rwx memory, unbacked executable regions, and cautious interpretation.
Hidden processes, kernel tampering concepts, and trustworthy evidence.
What ebpf can observe, why it matters, and how to reason safely.
New devices, dma capability, iommu protection, and policy basics.
Cloud, Identity, and Exposure
Identity permissions, role scope, and privilege reduction.
Strong login controls and account recovery risk.
App consent, scopes, shadow saas, and review habits.
Internet-facing assets, admin surfaces, and compensating controls.
Public access, sensitive data, logging, and least privilege.
Image digests, registries, signatures, and provenance.
Software supply-chain evidence.
Non-human identities, secret rotation, and blast radius.
Attack Paths and Breach Stories
Common entry categories explained defensively.
Exposure, patching, compensating controls, and detection context.
Vpn, rdp-like concepts, admin portals, and access hardening.
Why legitimate credentials complicate detection.
Suspicious authentication, remote execution concepts, and graph thinking.
New admin rights, suspicious services, token/permission changes conceptually.
Beaconing, remote control patterns, and network evidence.
Unusual data movement, cloud storage, compression, and egress review.
Estimating affected systems, data, identities, and business functions.
Ransomware and Recovery
Typical defensive timeline from first clue to recovery.
Offline/immutable backups, restore objectives, and tests.
File entropy, extension changes, high write rates, and process context.
Isolate, preserve evidence, communicate, and avoid accidental damage.
Proving recovery before an emergency.
AI-Era Cyber Defense
Unsanctioned tools, sensitive input, and governance.
Why patch prioritization and exposure management matter more now.
Agents, tool permissions, identity boundaries, and monitoring.
Defensive awareness, data boundaries, and safe examples only.
Vendor review, data handling, logging, and access controls.
Triage and Incident Response
Events, entities, timestamps, confidence, and narrative clarity.
Preserving observations, decisions, screenshots, hashes, and handoffs.
Approvals, roles, reversible actions, and auditability.
Learning without blame and turning incidents into controls.
Open Security Engineering
Using trusted frameworks without pretending to be certified.
Inspectable systems, reproducible decisions, and transparent controls.
A 30-day learning route through the encyclopedia.
Tools and diagnostics
Build a conceptual risk map from assets, identities, exposures, and controls.
Separate severity, confidence, impact, and next evidence questions.
Check backups, restore drills, MFA, least privilege, logging, and containment readiness.
Prioritize exposure review from reachability, privilege, data sensitivity, and logging.
Create a clean incident note that separates observations, decisions, and unknowns.
Map defensive concerns to NIST, CIS, and ATT&CK-style language without certification claims.
All guidebooks
Start Here: Defender Thinking · Beginner
Start Here: Defender Thinking · Beginner
Start Here: Defender Thinking · Beginner
Start Here: Defender Thinking · Beginner
Start Here: Defender Thinking · Beginner
Start Here: Defender Thinking · Intermediate
Start Here: Defender Thinking · Intermediate
Start Here: Defender Thinking · Beginner
Endpoint Telemetry · Intermediate
Endpoint Telemetry · Intermediate
Endpoint Telemetry · Intermediate
Endpoint Telemetry · Beginner
Endpoint Telemetry · Advanced
Endpoint Telemetry · Intermediate
Endpoint Telemetry · Advanced
Endpoint Telemetry · Advanced
Endpoint Telemetry · Advanced
Endpoint Telemetry · Intermediate
Cloud, Identity, and Exposure · Beginner
Cloud, Identity, and Exposure · Beginner
Cloud, Identity, and Exposure · Intermediate
Cloud, Identity, and Exposure · Intermediate
Cloud, Identity, and Exposure · Beginner
Cloud, Identity, and Exposure · Intermediate
Cloud, Identity, and Exposure · Intermediate
Cloud, Identity, and Exposure · Intermediate
Attack Paths and Breach Stories · Beginner
Attack Paths and Breach Stories · Intermediate
Attack Paths and Breach Stories · Intermediate
Attack Paths and Breach Stories · Intermediate
Attack Paths and Breach Stories · Advanced
Attack Paths and Breach Stories · Advanced
Attack Paths and Breach Stories · Advanced
Attack Paths and Breach Stories · Intermediate
Attack Paths and Breach Stories · Beginner
Ransomware and Recovery · Beginner
Ransomware and Recovery · Beginner
Ransomware and Recovery · Advanced
Ransomware and Recovery · Intermediate
Ransomware and Recovery · Beginner
AI-Era Cyber Defense · Beginner
AI-Era Cyber Defense · Intermediate
AI-Era Cyber Defense · Advanced
AI-Era Cyber Defense · Intermediate
AI-Era Cyber Defense · Beginner
Triage and Incident Response · Intermediate
Triage and Incident Response · Intermediate
Triage and Incident Response · Intermediate
Triage and Incident Response · Beginner
Open Security Engineering · Intermediate
Open Security Engineering · Intermediate
Open Security Engineering · Beginner
Related Fondsites links
- Reality Check Desk for scams, deepfakes, content credentials, and everyday verification.
- AI Agents for tool permissions, review loops, delegation, and human approval habits.
- Visual Prompt Lab for safer generated-visual workflows and disclosure decisions.
- Startable Life Lab for turning security learning into manageable practice sessions.
Official-reference note
These guides orient readers with public guidance from NIST, CISA, CIS, MITRE ATT&CK, and OWASP. They do not claim certification, legal advice, incident-response authority, or complete coverage.
