os matrix vertical(osquery)
os matrix horizontal
ubuntu latest
windows tools
sysmon
Vulnerable VM
Damn Vulnerable Web Application (PHP/MySQL)
https://github.com/ethicalhack3r/DVWA
http://www.dvwa.co.uk/
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.
https://github.com/rapid7/metasploitable3
Mutillidae (PHP)
OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA.
https://github.com/webpwnized/mutillidae
NodeGoat (Node)
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
https://github.com/OWASP/NodeGoat
WebGoat (Web App)
WebGoat.Net (.NET)
WebGoatPHP (PHP)
https://owasp.org/www-project-webgoat/
WebGoat is a deliberately insecure application
https://github.com/WebGoat/WebGoat
OWASP Juice Shop (NodeJS/Angular)
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application.
https://github.com/bkimminich/juice-shop
RailsGoat (Rails)
A vulnerable version of Rails that follows the OWASP Top 10.
https://github.com/OWASP/railsgoat
HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs,
https://hackthissite.org/
Virtual Machines
https://www.vulnhub.com/
Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness
https://github.com/rapid7/metasploit-framework
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application
https://google-gruyere.appspot.com/
AWS/GCP/Azure/Alibaba/IBM/OpenStack
Collection of scripts and resources for DevSecOps and Automated Incident Response Security
https://github.com/awslabs/aws-security-automation
The tool to help you discover resources in the cloud environment
https://github.com/Cloud-Architects/cloudiscovery
Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
https://github.com/cycloidio/inframap
cloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security
https://github.com/cloudquery/cloudquery
A very vulnerable serverless application in AWS Lambda
https://github.com/wickett/lambhack