A curated collection of security skill files — capturing how experts think and work.
thinksec is an open repository of security skill files: structured, actionable documents that capture the methodologies, mental models, and procedures used by security professionals across different specialties.
Each skill file answers: "How would an expert approach this problem?"
Traditional documentation tells you what to do. Skill files capture how to think:
- Procedural — Step-by-step workflows
- Contextual — When to use (and when not to)
- Practical — Real examples and anti-patterns
- Measurable — Metrics for success
thinksec/
├── README.md # You are here
├── CONTRIBUTING.md # How to contribute
├── templates/
│ ├── skill-template.md # Template for new skills
│ └── tool-template.md # Template for new tools
├── skills/ # How to think (procedural knowledge)
│ ├── offensive/ # Red team, pentesting, exploitation
│ ├── defensive/ # Blue team, detection, response
│ ├── analysis/ # Malware, forensics, reverse engineering
│ ├── intel/ # Threat intelligence, attribution
│ ├── engineering/ # Secure development, architecture
│ └── operations/ # IR, SOC, hunting
└── tools/ # Deep dives (philosophy, math, research)
├── fuzzing/ # OSS-Fuzz, libFuzzer, syzkaller
├── sanitizers/ # ASan, MSan, TSan, UBSan
├── cryptography/ # Tink, Wycheproof
└── network-security/ # Tsunami
Every skill file follows a consistent structure:
| Section | Purpose |
|---|---|
| When to Use | Trigger conditions — when this skill applies |
| Prerequisites | What you need before starting |
| Steps | Ordered procedure with checkboxes |
| Examples | Good execution patterns |
| Anti-patterns | What NOT to do and why |
| Metrics | How to measure success |
| References | Source material and further reading |
- Browse
skills/by category - Find a relevant skill file
- Review "When to Use" to confirm fit
- Follow the steps, adapting to your context
- Check anti-patterns to avoid common mistakes
- Read CONTRIBUTING.md
- Copy
templates/skill-template.md - Fill in all sections
- Submit a pull request
Skills for red team operations, penetration testing, vulnerability research, and exploitation.
Skills for blue team operations, detection engineering, hardening, and monitoring.
Skills for malware analysis, forensics, reverse engineering, and incident investigation.
Skills for threat intelligence, attribution, campaign tracking, and reporting.
Skills for secure development, cryptography, architecture, and tooling.
Skills for incident response, SOC operations, threat hunting, and security operations.
Beyond skills, thinksec includes tool files — deep documentation capturing the philosophy, mathematics, and research behind security tools.
| Category | Tools |
|---|---|
| Fuzzing | OSS-Fuzz, libFuzzer, syzkaller |
| Sanitizers | AddressSanitizer |
| Cryptography | Tink, Wycheproof |
| Network Security | Tsunami |
Each tool file includes:
- Philosophy — The core insight that makes it work
- Theoretical Foundations — CS, math, security concepts
- Academic Papers — Research behind the tool
- Architecture — How it works internally
See tools/README.md for details.
- Practical over theoretical — Every skill should be actionable
- Explicit over implicit — Capture the "obvious" steps experts skip
- Humble over heroic — Include failures, edge cases, limitations
- Evolving over static — Skills improve with community input
MIT License — use freely, contribute back.
See CONTRIBUTING.md for guidelines.
"The best security professionals don't just know tools — they know how to think."