CISA’s 150+ List of Free Services and Tools
CISA has a MASSIVE list of free services and tools you can and should take advantage of.
Free
Last Pass – How secure is your password?
Website: https://lastpass.com/howsecure.php This tool is similar to the other password checkers I have listed, such as How Secure is my Password? and Password Monster. This one is fine and gets…
EICAR anti-malware test file
Website: https://www.eicar.org/?page_id=3950 The EICAR anti-malware test file is a harmless file that is used to test the effectiveness of anti-malware software. It was created by the European Institute for Computer…
Tenable NIST CSF Implementation Planning Tool (NIST CSF v.1.1)
Website: https://www.tenable.com/whitepapers/nist-csf-implementation-planning-tool The NIST Cybersecurity Framework (CSF) is a comprehensive set of guidelines for managing cybersecurity risk in organizations. The NIST CSF Implementation Planning Tool, developed by Tenable, provides a…
GitLab’s Open Source IR Playbooks
Website: https://gitlab.com/syntax-ir/playbooks/-/tree/main GitLab open sourced their playbooks for Incident Response as a way to give back to the community. It gives us procedural documentation, flowcharts, and activities you can adopt,…
CVE List/Search
Website: http:///cve.mitre.org This is the list of common vulnerabilities and exposures (CVE) that everyone knows and loves. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities…
STIX
Website: https://oasis-open.github.io/cti-documentation/stix/intro Structured Threat Information Expression (STIX™) is a language and serialization format used to exchange cyber threat intelligence (CTI). This is a common, standardized way to share threat information…
CWE: Common Weakness Enumeration
Website: http://cwe.mitre.org CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for…
CAPEC: Common Attack Pattern Enumeration and Classification
Website: https://capec.mitre.org/index.html CAPEC is the way an attacker can exploit a CVE or generally target a CWE. From the site:The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a…
ISO / IEC 27002 – Free toolkit ZIP
Website: https://www.iso27001security.com/html/toolkit.html The free ISO27k toolkit is a comprehensive collection of resources designed to assist organizations in improving their information security management. It provides practical and cost-effective solutions for small…