Cybersecurity Toolbox

Free or open-sources cybersecurity tools

Web Reputation

Symantec WebPulse : Categorize and URL reputation.
Talos Reputation Center : Domain and IP reputation.
Abuse IP DB : IP reputation.

File Reputation

VirusTotal: Multi-AV for files and URLs.
Joe Sandbox: Sandboxing and deep automated malware analysis.
ANY.RUN: Interactive sandbox analysis.
Hatching Triage: Modern malware analysis platform.

Risk Assessment

MONARC: Open source risk assessment tool.
CISO Assistant: Open source risk assessment tool that embeds multiple GRC framework in it.

Open Source Intelligence (OSINT)

MISP: IoC and threat intelligence sharing platform.
Shodan: Search engine for internet exposed material.
OSINT Framework: An aggregator of OSINT tools.

Computer Emergency Response Teams (CERT)

FIRST: CSIRT world directory.
CERT-FR: French CERT.
US-CERT: Federal US CSIRT (CISA).
CCB: Center Cybersecurity Belgium.

Secure Coding

OWASP Top 10 proactive controls : Raise awareness about application security.
OWASP Cheat Sheet Series: Practical references.
OWASP Code Review Guide: A developper bible.

DNS Information Gathering

DNSDumpster: Free DNS recon with schema generation.

MITRE Frameworks

MITRE ATT&CK: Adversarial tactics and technics.
MITRE D3FEND: Counter-measure and defenses.

Threat Intelligence

ThreatFox: IoC sharing by abuse.ch.
Malpedia: Malware and malware group knowledge base.

Vulnerability Databases

NVD: Official vulnerability database.
CVE Details: Vulnerability CVE index.
VulDB: Vulnerability with threat context.

Network & Traffic Analysis

Wireshark: Network packet gathering and analyzer.
Suricata: Open source IDS/IPS.

Windows Forensics

Eric Zimmerman's tools: He is our forensics messiah.

Website security benchmark

Qualys SSL Labs: The reference to test your webserver crypto configuration.
Security Headers: An excellent test of your HTTP Strict Transport Security (HSTS) webserver configuration.
Internet.nl: A great mix-up of Qualys SSL Labs and Security Headers. It even test DNS config.