There are several public sources that provide downloadable security artifacts, such as:
NIST National Vulnerability Database (NVD) offers a comprehensive database of vulnerabilities, including descriptions, CVSS scores, and links to patches and workarounds.
The Center for Internet Security (CIS) provides a wide range of security-related resources, including configuration guides, best practices, and security benchmarks for various systems and platforms.
The Open Web Application Security Project (OWASP) provides a wide range of resources, including security guidelines, best practices, and a top 10 list of the most critical web application security risks.
Packetstorm is a website that provides a wide range of security resources, including exploits, tools, whitepapers, and other security-related documents.
The Exploit Database provides a comprehensive database of exploits, including descriptions, code snippets, and links to full exploit code.
Metasploit is a widely-used penetration testing framework that includes a database of exploits, payloads, and other security tools.
The SANS Institute provides a wide range of security resources, including whitepapers, guidelines, and training materials, as well as a database of security tools and utilities.
CERT/CC provides security advisories, alerts and other security-related information from various public sources.
VirusTotal a free online service that analyzes files and URLs for viruses, worms, Trojans, and other malware.
Github is one of the most popular source for open-source projects and there are many security-related projects that you can find, such as those related to penetration testing, incident response, and vulnerability management
This is not an exhaustive list and there are many other sources out there, depending on your need you can find resources that can assist you in your security work. It’s important to keep in mind that some of the artifacts provided by these sources may be outdated, untested, or otherwise unreliable, so it’s important to thoroughly evaluate any security artifacts before using them in a production environment.
There are several sources that the infosec community can use to stay aware of the latest threat actors and methods:
Cyber Threat Intelligence (CTI) feeds, such as those provided by commercial providers like ThreatConnect, Cyber Threat Alliance (CTA), or Recorded Future, are a valuable source of information on the latest cyber threats and trends.
The US-CERT Cyber Security Bulletin provides alerts on the latest cyber threats, vulnerabilities, and incidents, as well as guidance on how to mitigate them.
The FBI’s Internet Crime Complaint Center (IC3) publishes reports on the latest cybercrime trends and provides guidance on how to protect against these threats.
The Department of Homeland Security (DHS) provides a wide range of cybersecurity resources, including alerts, best practices, and incident response guidance.
The SANS Institute provides a wide range of security-related resources, including whitepapers, alerts, and training materials on the latest cyber threats and trends.
The Information Systems Security Association (ISSA) is a global community of infosec professionals, provides a wide range of resources to help members stay informed about the latest threat actors and methods.
Information-sharing and analysis centers (ISACs) such as the Financial Services Information Sharing and Analysis Center (FS-ISAC) or the Cyber Information Sharing and Collaboration Program (CISCP), helps to provide a platform for critical infrastructure companies and government agencies to share threat intelligence and threat-related information.
Threat Intelligence Platforms (TIP) like Anomali, ThreatConnect, ThreatQuotient, help users to collect and analyze threat intelligence data, including real-time data feeds, to identify and