Cybersecurity Encyclopedia 76 guides Endpoint Telemetry, Cloud Posture, Identity Risk & Incident Response

Cybersecurity Encyclopedia

Evidence-first education for modern cyber defense.

Jump straight into the Cybersecurity Encyclopedia track in the Fondsites game, then use the guidebooks when you want depth.

Learn 52 guides Evidence-first cyber defense

Evidence-first education for modern cyber defense.

Cybersecurity Encyclopedia teaches endpoint telemetry, cloud posture, identity risk, attack paths, ransomware defense, incident timelines, evidence-first triage, AI-era risks, and open security engineering without hype or product marketing.

A calm defensive cybersecurity learning desk with endpoint telemetry cards, cloud posture nodes, identity keys, incident timeline notes, and evidence panels.

Note
Defensive learning boundary
This Learn topic is defensive, educational, and people-first. It avoids exploit instructions, malware code, credential theft guidance, evasion playbooks, target scanning steps, and operational offensive procedures. If you are dealing with an active incident, preserve evidence, follow your incident-response plan, and involve qualified responders and legal counsel where appropriate.

Start here

Learning paths

Start Here: Defender Thinking

Endpoint Telemetry

Cloud, Identity, and Exposure

Attack Paths and Breach Stories

Ransomware and Recovery

AI-Era Cyber Defense

Triage and Incident Response

Open Security Engineering

Tools and diagnostics

All guidebooks

Cyber Defense Quickstart: Think Like a Defender

Start Here: Defender Thinking · Beginner

What an Attack Path Is

Start Here: Defender Thinking · Beginner

Assets, Identities, Exposures, and Controls

Start Here: Defender Thinking · Beginner

Evidence-First Triage

Start Here: Defender Thinking · Beginner

Security Alerts Without Panic

Start Here: Defender Thinking · Beginner

Known-Good Baselines

Start Here: Defender Thinking · Intermediate

Risk Scores, Severity, and Confidence

Start Here: Defender Thinking · Intermediate

Safe Cyber Learning Boundaries

Start Here: Defender Thinking · Beginner

Processes, Parents, and Command Lines

Endpoint Telemetry · Intermediate

Suspicious Process Indicators

Endpoint Telemetry · Intermediate

Network Connections: Ports, Protocols, and Remote Hosts

Endpoint Telemetry · Intermediate

Logs: What to Keep and Why

Endpoint Telemetry · Beginner

File Entropy and Mass-Encryption Clues

Endpoint Telemetry · Advanced

YARA Matches Without Panic

Endpoint Telemetry · Intermediate

Memory Injection Concepts for Defenders

Endpoint Telemetry · Advanced

Rootkits and Kernel-Level Signals

Endpoint Telemetry · Advanced

eBPF for Defenders

Endpoint Telemetry · Advanced

USB, DMA, and Peripheral Risk

Endpoint Telemetry · Intermediate

IAM Roles and Least Privilege

Cloud, Identity, and Exposure · Beginner

MFA, Passkeys, and Recovery Paths

Cloud, Identity, and Exposure · Beginner

OAuth Consent and SaaS App Risk

Cloud, Identity, and Exposure · Intermediate

Cloud Public Exposure Mapping

Cloud, Identity, and Exposure · Intermediate

Storage Bucket Mistakes

Cloud, Identity, and Exposure · Beginner

Container Image Trust

Cloud, Identity, and Exposure · Intermediate

SBOMs, Signatures, and Attestations

Cloud, Identity, and Exposure · Intermediate

Service Accounts and Secrets

Cloud, Identity, and Exposure · Intermediate

Initial Access Without Drama

Common entry categories explained defensively · Beginner

Exploited Public-Facing Apps

Exposure, patching, compensating controls, and detection context · Intermediate

External Remote Services

VPN, RDP-like concepts, admin portals, and access hardening · Intermediate

Valid Accounts

Why legitimate credentials complicate detection · Intermediate

Lateral Movement Signals

Suspicious authentication, remote execution concepts, and graph thinking · Advanced

Privilege Escalation Signals

New admin rights, suspicious services, and token or permission changes · Advanced

Command-and-Control Concepts

Beaconing, remote control patterns, and network evidence · Advanced

Exfiltration Paths

Unusual data movement, cloud storage, compression, and egress review · Intermediate

Impact and Blast Radius

Estimating affected systems, data, identities, and business functions · Beginner

Ransomware Timeline

Ransomware and Recovery · Beginner

Backup Design for Recovery

Ransomware and Recovery · Beginner

Detecting Encryption Behavior

Ransomware and Recovery · Advanced

Containment Decision Trees

Ransomware and Recovery · Intermediate

Restore Drills

Ransomware and Recovery · Beginner

Shadow AI Data Leaks

AI-Era Cyber Defense · Beginner

AI-Assisted Vulnerability Pressure

AI-Era Cyber Defense · Intermediate

Agentic Attack Paths

AI-Era Cyber Defense · Advanced

Prompt Injection for Defenders

AI-Era Cyber Defense · Intermediate

Secure AI Tool Intake

AI-Era Cyber Defense · Beginner

Incident Timeline Building

Triage and Incident Response · Intermediate

Evidence Notes and Chain of Custody

Triage and Incident Response · Intermediate

Response Actions and Approvals

Triage and Incident Response · Intermediate

After-Action Reviews

Triage and Incident Response · Beginner

Mapping Controls to NIST, CIS, and ATT&CK

Open Security Engineering · Intermediate

Open Security Engineering

Open Security Engineering · Intermediate

Building a Personal Cyber Defense Learning Plan

Open Security Engineering · Beginner

  • Reality Check Desk for scams, deepfakes, content credentials, and everyday verification.
  • AI Agents for tool permissions, review loops, delegation, and human approval habits.
  • Visual Prompt Lab for safer generated-visual workflows and disclosure decisions.
  • Startable Life Lab for turning security learning into manageable practice sessions.

Official-reference note

These guides orient readers with public guidance from NIST, CISA, CIS, MITRE ATT&CK, and OWASP. They do not claim certification, legal advice, incident-response authority, or complete coverage.

Editorial Guide

What Cybersecurity Encyclopedia Covers

Defensive guidebooks for endpoint telemetry, cloud posture, identity risk, attack paths, ransomware recovery, incident response, AI-era security, and open security engineering. Fondsites treats this topic as a practical library rather than a loose feed: each page is meant to explain the decision, show the vocabulary, and point toward the next useful guide.

The Cybersecurity Encyclopedia shelf is organized for readers who want clear context before buying gear, changing a routine, or repeating a claim they saw elsewhere. Start with the quickstart material when the topic is new, then move into the more specific guidebooks when a real question appears.

There are 76 guidebooks in this library. Useful starting points include Cyber Defense Quickstart: Think Like a Defender, What an Attack Path Is, Assets, Identities, Exposures, and Controls and Evidence-First Triage. Those pages show the house style: concrete examples, cautious boundaries, and links back into related topics when a short answer would be misleading.

Guidebooks

Evidence-first defensive guidebooks for endpoint telemetry, cloud posture, identity risk, attack paths, ransomware recovery, AI-era security, incident response, and open security engineering.

Calm cybersecurity illustration for What an Attack Path Is, showing abstract start here: defender thinking evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

What an Attack Path Is

Learn how defenders map the routes an intruder could take through systems, using calm examples, evidence questions, …

Beginner 9 min read
Calm cybersecurity illustration for Assets, Identities, Exposures, and Controls, showing abstract start here: defender thinking evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Assets, Identities, Exposures, and Controls

Learn to see a network through four lenses—assets, identities, exposures, and controls—with calm examples, evidence …

Beginner 9 min read
Calm cybersecurity illustration for Evidence-First Triage, showing abstract start here: defender thinking evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Evidence-First Triage

Learn replacing panic with observable facts through calm defensive examples, evidence questions, checklists, and …

Beginner 9 min read
Calm cybersecurity illustration for Security Alerts Without Panic, showing abstract start here: defender thinking evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Security Alerts Without Panic

How to read security alerts calmly: separate facts from fear, avoid false certainty, and pick a proportionate next step …

Beginner 9 min read
Calm cybersecurity illustration for Known-Good Baselines, showing abstract start here: defender thinking evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Known-Good Baselines

How known-good baselines help defenders: define normal behavior, watch for drift, and give anomalies the context they …

Intermediate 9 min read
Calm cybersecurity illustration for Risk Scores, Severity, and Confidence, showing abstract start here: defender thinking evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Risk Scores, Severity, and Confidence

Learn to keep urgency, impact, likelihood, and how sure you are as separate judgments when scoring security risk, with …

Intermediate 9 min read
Calm cybersecurity illustration for Safe Cyber Learning Boundaries, showing abstract start here: defender thinking evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Safe Cyber Learning Boundaries

How to learn cyber defense safely: stay within legal boundaries, practice on toy examples, and build evidence-first …

Beginner 9 min read
Calm cybersecurity illustration for Processes, Parents, and Command Lines, showing abstract endpoint telemetry evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Processes, Parents, and Command Lines

Learn to read process trees, trace which parent launched a child, and use command-line context in calm defensive triage …

Intermediate 9 min read
Calm cybersecurity illustration for Suspicious Process Indicators, showing abstract endpoint telemetry evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Suspicious Process Indicators

Learn to evaluate suspicious processes—odd names, locations, privilege, and ancestry—through calm defensive examples, …

Intermediate 9 min read
Calm cybersecurity illustration for Logs: What to Keep and Why, showing abstract endpoint telemetry evidence cards, connected systems, and defensive control checkpoints.

Cybersecurity Encyclopedia

Logs: What to Keep and Why

Which logs to keep and why: audit, service, and authentication logs, plus retention basics that keep evidence available …

Beginner 9 min read