Daniel Miessler

Cybersecurity Index

Advanced security frameworks, assessment methodologies, and threat modeling systems from 20+ years in the field
August 30, 2025
#cybersecurity #security #infosec #technology #hacking

Cybersecurity Index

A comprehensive collection of security research, frameworks, and methodologies developed over two decades in information security, covering assessment types, threat modeling, web application security, and the evolving security landscape.

Core Security Architecture
Security Definitions
Information Security Definitions
Authoritative taxonomy of security terminology and operational definitions
Information Security
Information Security
Comprehensive field analysis: attack/defense dynamics, career paths, and operational requirements
Threats vs Risks
Threats, Vulnerabilities, and Risks
Formal classification system for security primitives
Security Obscurity
Secrecy (Obscurity) is a Valid Security Layer
Empirical analysis of obscurity as legitimate security control when properly implemented
ESP
Efficient Security Principle (ESP)
Game-theoretic model explaining persistent low security baselines through economic incentives
AI Security
We Can't Really Affect AI Security
Application of ESP to AI security adoption dynamics
Assessment Methodologies
Security Assessment Types
Information Security Assessment Types
Comprehensive taxonomy: vulnerability assessments, penetration tests, red teams, audits, threat modeling
Vuln Assessment vs Pentest
Vulnerability Assessment vs. Penetration Test
Goal-oriented vs. list-oriented security testing methodologies
Assessment Types
When to Use Different Assessment Types
Decision framework for assessment type selection
Red Blue Purple Teams
Red, Blue, and Purple Teams
Team structures, operational roles, and interaction patterns
SOC Events
Events, Alerts, and Incidents
SOC terminology and operational classification
Threat Modeling Systems
Password TouchID FaceID
Password vs. TouchID vs. FaceID Threat Model
Quantitative threat modeling for authentication methods
TouchID Threat Model
Threat Modeling Against Apple's TouchID
Biometric authentication vulnerability analysis
Password Reset
Password Reset Mechanisms
Account recovery vulnerability assessment
ATHI Framework
ATHI — AI Threat Modeling Framework
Structured framework: Actor, Technique, Harm, Impact analysis
AI Attack Surface
The AI Attack Surface Map v1.0
Comprehensive AI system vulnerability taxonomy
Web Application Security
SQL Injection Explanation
How to Explain SQL Injection to Anyone
Pedagogical approach to SQL injection mechanics
SQL Injection Types
Standard vs. Blind SQL Injection
Comparative analysis of injection techniques
SQL Skills
SQL Injection is 90% SQL
Skill requirement analysis for web security
CSRF vs Clickjacking
CSRF vs. Clickjacking
Attack vector classification and prevention
CSRF
CSRF is Wicked
Cross-site request forgery exploitation patterns
XSS Framework
The Sleepy Puppy XSS Framework
XSS payload orchestration system
IoT SSRF
IoT + SSRF: A New Attack Vector?
Server-side request forgery in IoT environments
Same Origin Policy
Same Origin Policy
Browser security model fundamentals
Security Tools & Automation
ffuf Fuzzing
A ffuf Primer
High-performance web fuzzing methodology
Burp Intruder
Burp Intruder Payload Methods
Advanced payload generation techniques
HSTS Testing
Testing HSTS-protected Sites
HSTS bypass methodologies
Amass Reconnaissance
amass — Attack Surface Mapping
Comprehensive reconnaissance automation
Masscan
Masscan Examples
High-speed port scanning techniques
tcpdump Tutorial
A tcpdump Tutorial
Packet capture and analysis fundamentals
Nmap Tricks
The Nmap / DShield Trick
Advanced reconnaissance methodology
Firefox Plugins
10 Essential Firefox Plugins for InfoSec
Browser-based security testing toolkit
Infrastructure Security
Firewalls
Firewalls
Firewall architecture and implementation patterns
DMZ
DMZ
Demilitarized zone design principles
Network Ports
How Network Ports Work
Port security fundamentals
IDS Suricata
Building an IDS with Suricata
Intrusion detection implementation
AI Security Integration
ML Security
ML in Cyber Attack and Defense
ML application patterns in security operations
AI Attackers Defenders
Will AI Help Attackers or Defenders?
Asymmetric advantage analysis
AI SOC
AI Security Operation Centers
SOC automation architecture
Industry Analysis
Cybersecurity Hiring
The Cybersecurity Hiring Gap
Labor market structural analysis
Risk Scores
Cybersecurity Risk Scores
Security rating service critique
InfoSec Career
Build a Successful InfoSec Career
Career trajectory optimization strategies
Entry Skills
Day 1 Skills for Entry-level Jobs
Skill requirement analysis
Interview Questions
InfoSec Interview Questions
Technical interview preparation framework
This index represents 20+ years of security research and methodology development. For ongoing research, monitor the main blog feed.
Follow
Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

For 29.4920 years I've been creating ad-free technical tutorials and essays here. 3,039 pieces and counting.

It's a one-person effort that's also my livelihood. If it makes your day easier or more pleasant in any way, please consider supporting the work with a monthly or one-time donation.

It helps me make more content, and is deeply appreciated as well. 🫶🏼

Monthly Support

$5 $10 $25 $50 $100

One-Time Support

$5 $10 $25 $50 $100
Search
HOME·BLOG·ARCHIVES·ABOUT