Resource List - the Things That Helped Me On My Journey to Becoming a Threat Hunter

As shared in my presentation at SAINT CON “Imposter to Hunter: My First Year as a Threat Hunter”, here is the list of resources that helped me, too long to share in the presentation:

Threat Intelligence

• Cyber Threat Intelligence Study Plan by Andy Piazza
• A Cyber Threat Intelligence Self-Study Plan: Part 1 by Katie Nickels
• A Cyber Threat Intelligence Self-Study Plan: Part 2 by Katie Nickels
• Intelligence-Driven Incident Response by REbekah Brown and Scott J. Roberts
• SANS CTI Summit (Jan. 26-27, 2026) - Free Summit

Threat Hunting

• KC7 Cyber - Completely free resource for learning KQL, query-building, and incident investigation
• Active Countermeasures Threat Hunting Training Course - Fantastic and free 1-day training
• Active Countermeasures Malware of the Day - Great hands-on
• The DFIR Report - Fantastic in-depth reports on malware
• DEATHCon - Not to be confused with DEFCON, this is an online conference dedicated to Detection Engineering and Threat Hunting, filled with hands-on labs that they keep open usually for close to 3 months or more
• PEAK Framework - The GOAT Threat Hunting Framework
• David Bianco’s Splunk Blog Posts - This guy is legendary - helped create the PEAK Framework, the Pyramid of Pain
• THOR Collective - Threat Hunting-related posts, great resource
• HEARTH - Hunting Exchange and Research Threat hub - Cureated threat hunting ideas using the PEAK Framework (you have a hunt idea and need help? This could be the place to bring it up)
• Threat Hunter’s Cookbook - based off of the PEAK Framework, goes over various hunting methodologies

Miscellaneous

• Leveraging mind maps & self-assessments to develop a personal training plan by Andy Piazza - A guide to help you figure out what you want to be in Cyber
• Try Hack Me
• The Art of Cyberwarfare by Jon DiMaggio
• Cloud Security Lab a Week - Free weekly labs that walk through creating an AWS environment and securing it
• SANS Holiday Hack Challenge - Free video-game styled hack challenge complete with KringleCon and some sweet cyber-styled holiday jams. Great way to finish off the year
• Fabric - an open-source framework for augmenting humans using AI - In the /data/patterns folder, there is a long list of various prompts to generate higher quality AI responses

Note-Taking (Zettelkasten)

Zettelkasten is a very different way of taking notes, and takes a lot of dilligence to keep up, and quite a bit of understanding with how the system works. Its main points are you have atomic notes( a note with a single atomic idea) and that note is linked to other similar notes in a chain, so that every note you take is linked to some other note. Some say it’s built better for those that want to write books or articles. I’ve found it to be very useful, especially paired with the PARA method.

• Digital Zettelkasten by David Kadavy
• How to Take Smart Notes by Sönke Ahrens
• A System for Writing by Bob Doto
• PARA Method - Project, Area, Resource, Archive - great for organizing notes when more project-based
• Notion - Great for smarter organization and easier-to-use templates, lots of AI integration
• Obsidian - Great Markdown note-taking app, helps avoid bloat of other note-taking apps