CMMC

• CyberAB : The official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem and the sole authorized non-governmental partner of the U.S. Department of Defense in implementing and overseeing the CMMC conformance regime.
• CMMC Model (DoD) : Official DoD CMMC Model documentation and levels overview
• NIST SP 800-171 : Protecting Controlled Unclassified Information - the foundation for CMMC Level 2
• NIST SP 800-172 : Enhanced security requirements for CMMC Level 3
• CMMC Center of Awesomeness : Community-driven CMMC resources and assessment guides
• FedRAMP : Federal Risk and Authorization Management Program - related cloud compliance framework

CTI

• Currated Intel CTI Research Guide : A nice guide to performing CTI

Data

• See Cyber Data

Tools & Links

• See Cyber Tools on Links Page

Frameworks & Standards

• MITRE ATT&CK : Knowledge base of adversary tactics and techniques based on real-world observations
• MITRE D3FEND : Knowledge graph of cybersecurity countermeasures
• NIST Cybersecurity Framework : Framework for improving critical infrastructure cybersecurity
• CIS Controls : Prioritized set of actions for cyber defense
• OWASP Top 10 : Standard awareness document for web application security

Certifications & Training

• SANS Institute : Premier cybersecurity training and certifications (GIAC)
• Offensive Security : OSCP and hands-on penetration testing training
• TCM Security : Affordable practical cybersecurity courses
• HackTheBox : Hands-on cyber training platform with labs
• TryHackMe : Gamified cybersecurity learning platform
• PentesterLab : Web penetration testing exercises

Web Publications

• CISA Alerts & Advisories : U.S. Cybersecurity and Infrastructure Security Agency threat advisories
• Mandiant Threat Intelligence : Leading threat research and APT reports
• Krebs on Security : Brian Krebs’ investigative security journalism
• The Hacker News : Cybersecurity news and analysis
• Schneier on Security : Bruce Schneier’s security blog and commentary
• FIRST : Forum of Incident Response and Security Teams - global coordination
• Dark Reading : Enterprise cybersecurity news and analysis

Academic Publications

Network Security & Intrusion Detection

1. Denning, D. E. (1987). An Intrusion-Detection Model. IEEE Transactions on Software Engineering, SE-13(2), 222-232.

2. Anderson, J. P. (1980). Computer Security Threat Monitoring and Surveillance. Technical Report, James P. Anderson Co., Fort Washington, PA.

3. Roesch, M. (1999). Snort - Lightweight Intrusion Detection for Networks. Proceedings of LISA ‘99: 13th Systems Administration Conference, 229-238.

4. Paxson, V. (1999). Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks, 31(23-24), 2435-2463.

5. Lee, W., & Stolfo, S. J. (1998). Data Mining Approaches for Intrusion Detection. Proceedings of the 7th USENIX Security Symposium, 79-93.

6. Lippmann, R. P., Fried, D. J., Graf, I., Haines, J. W., Kendall, K. R., McClung, D., Weber, D., Webster, S. E., Wyschogrod, D., Cunningham, R. K., & Zissman, M. A. (2000). Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation. Proceedings of DARPA Information Survivability Conference and Exposition, 12-26.

7. Porras, P. A., & Neumann, P. G. (1997). EMERALD: Event Monitoring Enabling Response to Anomalous Live Disturbances. Proceedings of the 20th National Information Systems Security Conference, 353-365.

8. García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., & Vázquez, E. (2009). Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges. Computers & Security, 28(1-2), 18-28.

9. Sommer, R., & Paxson, V. (2010). Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. IEEE Symposium on Security and Privacy, 305-316.

10. Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A Detailed Analysis of the KDD CUP 99 Data Set. IEEE Symposium on Computational Intelligence for Security and Defense Applications, 1-6.

Protocol Analysis & Traffic Classification

1. Handley, M., & Paxson, V. (2001). Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. Proceedings of the 10th USENIX Security Symposium, 115-131.

2. Ptacek, T. H., & Newsham, T. N. (1998). Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Secure Networks, Inc., Technical Report.

3. Moore, A. W., & Papagiannaki, K. (2005). Toward the Accurate Identification of Network Applications. International Workshop on Passive and Active Network Measurement, 41-54.

4. Karagiannis, T., Papagiannaki, K., & Faloutsos, M. (2005). BLINC: Multilevel Traffic Classification in the Dark. ACM SIGCOMM Computer Communication Review, 35(4), 229-240.

5. Dainotti, A., Pescape, A., & Claffy, K. C. (2012). Issues and Future Directions in Traffic Classification. IEEE Network, 26(1), 35-40.

6. Finsterbusch, M., Richter, C., Rober, E., & Timm-Giel, A. (2014). A Survey of Payload-Based Traffic Classification Approaches. IEEE Communications Surveys & Tutorials, 16(2), 1135-1156.

7. Dreger, H., Feldmann, A., Mai, M., Paxson, V., & Sommer, R. (2006). Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection. Proceedings of the 15th USENIX Security Symposium, 257-272.

8. Anderson, B., & McGrew, D. (2017). Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity. Proceedings of the 23rd ACM SIGKDD International Conference, 1723-1732.

9. Velan, P., Čermák, M., Čeleda, P., & Drašar, M. (2015). A Survey of Methods for Encrypted Traffic Classification and Analysis. International Journal of Network Management, 25(5), 355-374.

10. Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., & Aguilar, J. (2019). Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey. IEEE Communications Surveys & Tutorials, 21(2), 1988-2014.

Threat Modeling & Attack Analysis

1. Schneier, B. (1999). Attack Trees: Modeling Security Threats. Dr. Dobb’s Journal, 24(12), 21-29.

2. Swiderski, F., & Snyder, W. (2004). Threat Modeling. Microsoft Press.

3. Shostack, A. (2014). Threat Modeling: Designing for Security. Wiley.

4. Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Leading Issues in Information Warfare & Security Research, 1(1), 80-106.

5. Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., & Thomas, C. B. (2018). MITRE ATT&CK: Design and Philosophy. MITRE Technical Report, MP-18-0419.

6. Kordy, B., Piètre-Cambacédès, L., & Schweitzer, P. (2014). DAG-Based Attack and Defense Modeling: Don’t Miss the Forest for the Attack Trees. Computer Science Review, 13-14, 1-38.

7. Ou, X., Govindavajhala, S., & Appel, A. W. (2005). MulVAL: A Logic-Based Network Security Analyzer. Proceedings of the 14th USENIX Security Symposium, 113-128.

8. Phillips, C., & Swiler, L. P. (1998). A Graph-Based System for Network-Vulnerability Analysis. Proceedings of the 1998 Workshop on New Security Paradigms, 71-79.

9. Sheyner, O., Haines, J., Jha, S., Lippmann, R., & Wing, J. M. (2002). Automated Generation and Analysis of Attack Graphs. Proceedings of the 2002 IEEE Symposium on Security and Privacy, 273-284.

10. Ingols, K., Lippmann, R., & Piwowarski, K. (2006). Practical Attack Graph Generation for Network Defense. Proceedings of the 22nd Annual Computer Security Applications Conference, 121-130.

IP Geolocation

1. Padmanabhan, V. N., & Subramanian, L. (2001). An Investigation of Geographic Mapping Techniques for Internet Hosts. Proceedings of ACM SIGCOMM, 173-185.

2. Gueye, B., Ziviani, A., Crovella, M., & Fdida, S. (2006). Constraint-Based Geolocation of Internet Hosts. IEEE/ACM Transactions on Networking, 14(6), 1219-1232.

3. Katz-Bassett, E., John, J. P., Krishnamurthy, A., Wetherall, D., Anderson, T., & Chawathe, Y. (2006). Towards IP Geolocation Using Delay and Topology Measurements. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, 71-84.

4. Wang, Y., Burgener, D., Flores, M., Kuzmanovic, A., & Huang, C. (2011). Towards Street-Level Client-Independent IP Geolocation. Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, 365-379.

5. Poese, I., Uhlig, S., Kaafar, M. A., Donnet, B., & Gueye, B. (2011). IP Geolocation Databases: Unreliable? ACM SIGCOMM Computer Communication Review, 41(2), 53-56.

6. Gharaibeh, M., Shah, A., Huffaker, B., Zhang, H., Ensafi, R., & Papadopoulos, C. (2017). A Look at Router Geolocation in Public and Commercial Databases. Proceedings of the 2017 Internet Measurement Conference, 463-469.

7. Gill, P., Ganjali, Y., Wong, B., & Lie, D. (2010). Dude, Where’s That IP? Circumventing Measurement-Based IP Geolocation. Proceedings of the 19th USENIX Conference on Security, 16.

8. Huffaker, B., Fomenkov, M., & Claffy, K. (2011). Geocompare: A Comparison of Public and Commercial Geolocation Databases. Proceedings of the Network Mapping and Measurement Conference.

9. Eriksson, B., Barford, P., Sommers, J., & Nowak, R. (2010). A Learning-Based Approach for IP Geolocation. Proceedings of the 11th International Conference on Passive and Active Measurement, 171-180.

10. Shavitt, Y., & Zilberman, N. (2011). A Geolocation Databases Study. IEEE Journal on Selected Areas in Communications, 29(10), 2044-2056.

Cyber Threat Intelligence

1. Tounsi, W., & Rais, H. (2018). A Survey on Technical Threat Intelligence in the Age of Sophisticated Cyber Attacks. Computers & Security, 72, 212-233.

2. Barnum, S. (2012). Standardizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX). MITRE Corporation, 11, 1-22.

3. Wagner, T. D., Mahbub, K., Palber, E., & Abdallah, A. E. (2019). Cyber Threat Intelligence Sharing: Survey and Research Directions. Computers & Security, 87, 101589.

4. Sauerwein, C., Sillaber, C., Mussmann, A., & Breu, R. (2017). Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives. Proceedings of the 13th International Conference on Wirtschaftsinformatik, 837-851.

5. Qamar, S., Anwar, Z., Rahman, M. A., Al-Shaer, E., & Chu, B. T. (2017). Data-Driven Analytics for Cyber-Threat Intelligence and Information Sharing. Computers & Security, 67, 35-58.

6. Mavroeidis, V., & Bromander, S. (2017). Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence. Proceedings of the European Intelligence and Security Informatics Conference, 91-98.

7. Schlette, D., Böhm, F., Caselli, M., & Pernul, G. (2021). Measuring and Visualizing Cyber Threat Intelligence Quality. International Journal of Information Security, 20(1), 21-38.

8. Zhu, Z., & Dumitras, T. (2016). FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 767-778.

9. Bouwman, X., Griffioen, H., Egber, J., Doerr, C., Klievink, B., & van Eeten, M. (2020). A Different Cup of TI? The Added Value of Commercial Threat Intelligence. Proceedings of the 29th USENIX Security Symposium, 433-450.

10. Brown, S., Gommers, J., & Serber, O. (2015). From Cyber Security Information Sharing to Threat Management. Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, 43-49.