foylplatform
Getting the suspicious number of tabs ready
foyl Learn 1.0 is nearly ready

Security tooling without the ceremonial invoice.

A complete SOC you can work in your browser, a daily briefing, and the smaller tools I kept wishing someone else had built. Nobody did. Inconvenient.

Free to use. Accounts exist where progress needs somewhere to live.
CISA KEV NVD / NIST Microsoft MSRC Cisco PSIRT Apple Security Oracle CPU Fortinet PSIRT Ivanti Advisories VMware Security Palo Alto Networks Juniper Networks F5 Networks Google Chrome Adobe Security OSINT Feeds CISA KEV NVD / NIST Microsoft MSRC Cisco PSIRT Apple Security Oracle CPU Fortinet PSIRT Ivanti Advisories VMware Security Palo Alto Networks Juniper Networks F5 Networks Google Chrome Adobe Security OSINT Feeds Several other vendor feeds
10
Working SOC Consoles
Fake data. Real things to click.
7 + 12
Labs and Drills
Guided work, then reps without the hand holding.
382
Cert Previews
Five questions before you make an expensive decision.
Daily
Threat Briefing
The news, compressed before it becomes your problem.
Platform
Seven useful things. One increasingly suspicious side project.
Each one started with the phrase, “surely someone already made this.”
4
11
3
7
CRIT
KEV
HIGH
HIGH
MED
Intelligence · Daily
The Brief

AI generated SOC threat intelligence briefing. Critical and high CVEs, CISA KEV, Patch Tuesday across 12 vendors, threat actor profiles, and detection queries.

New briefing every morning
Patch Tuesday · 12 vendors
Rapid7 & SentinelOne queries
Threat actor profiles
CISA KEV tracking
Week in Review
Live brief.foyl.io The robot has opinions
1.0 Release Candidate
Browser SOC · Nearly 1.0
foyl Learn

A complete SOC in your browser. Work ten consoles, run guided labs and scored drills, take a live shift, or manage a class from the instructor deck.

10 mock consoles
7 guided labs
12 scored drills
3 live shifts
6 linked incidents
Instructor gradebook
Release candidate learn.foyl.io
JUL 21
JUL 29
AUG 05
AUG 18
Calendar · Monthly
foyl Events

Cybersecurity conferences, CTFs, training, webinars, and meetups in one filterable calendar. Because finding the event should not be the event.

US and virtual events
Interactive state map
Conference and CTF filters
Cost and format filters
Monthly refresh
Free to browse
Live events.foyl.io
Directory · Live Health
foyl OSINT

62 curated OSINT tools for security analysts, organized by category so I don't have to have 62 bookmarks.

62 curated tools
10 categories
Free & account tiers
Malware · DNS · IP
TIP · OSINT platforms
Blockchain · Credentials
Live osint.foyl.io 62 tools
Job Board · Weekly
foyl Jobs

Most job postings are garbage. These are 50 cyber and IT openings worth looking at.

Weekly refresh · Mondays
Cyber & IT focused
Entry and mid level
AI selected picks
50 listings / week
Free to use
Live jobs.foyl.io Less Posting Slop
CompTIA Security+
ENTRY
2 / 5
Certs · Sample Tests
foyl Certs

Five question previews for 382 cybersecurity certifications. Get a feel for an exam in 60 seconds, before paying to discover it is miserable.

382 certifications
1,910 questions
Entry to expert level
Instant scoring
Career path guide
Free to use
Live learn.foyl.io/certs 382 certs
Recon
7 tech
Resource Dev
8 tech
Initial Access
10 tech
Execution
14 tech
Persistence
20 tech
Priv. Escal.
14 tech
Def. Evasion
43 tech
Cred. Access
17 tech
Framework · Interactive
foyl Attack

Interactive MITRE ATT&CK® Enterprise matrix. Explore all 14 tactics, 200+ techniques, APT group mappings, and walk through real attack campaigns step by step.

14 tactics · 200+ techniques
20+ APT groups mapped
4 attack campaign walkthroughs
Platform filter (Win/Linux/Cloud)
Animated campaign paths
Subtechnique explorer
Live learn.foyl.io/attack MITRE ATT&CK® v14.1
Explore
Open a drawer. Poke the contents.
A closer look at the parts of foyl that escaped into production.
Daily Briefing
Five minutes of reading instead of twelve advisory tabs.
A real SOC briefing used by working analysts. Exact readership remains unavailable by design.
CVSS scores, affected products, and plain language summaries per threat
Severity triage, with critical and high separated from medium and below
No engagement analytics. Everyone will cope.
CISA KEV
Known exploited. Tracked daily.
The CISA Known Exploited Vulnerabilities catalog is monitored continuously. New KEV additions are surfaced immediately with remediation due dates and patching priority.
New KEV entries called out separately from standard threats
CISA remediation deadlines shown inline
Compared with Patch Tuesday and vendor advisories
Patch Tuesday
12 vendors. One read.
Monthly vendor security updates tracked across Microsoft, Cisco, Apple, Oracle, Fortinet, Ivanti, VMware, Palo Alto, Juniper, F5, Google, and Adobe, with an AI summary for each vendor.
Patch counts for each vendor, severity breakdowns, and zero day flags
Top CVEs per vendor with CVSS and exploitation status
CEO ready executive summary alongside SOC detail
Threat Actors
Named groups. Real context.
Active threat actor profiles tracked with motivations, TTPs, target sectors, and recent campaign activity. Updated when groups resurface in credible reporting.
State backed, criminal, and hacktivist groups profiled
MITRE ATT&CK technique mappings per actor
Recent campaigns and IOC associations linked inline
Detection Queries
Ready to deploy. Same day.
Detection logic for Rapid7 InsightIDR and SentinelOne generated from each day's threats. Copy, paste, deploy. Translation was declined.
Rapid7 InsightIDR LEQL queries per threat
SentinelOne Deep Visibility queries per threat
Tied directly to CVEs in the same briefing, with no second scavenger hunt
Week in Review
Friday wrapup
A Friday summary of the week's most significant threats, CISA activity, and emerging trends. It includes a two sentence CEO briefing ready for escalation.
Top 5 threats of the week ranked by severity and exploitation risk
CISA activity summary for the week
Executive summary written for nontechnical stakeholders
Where The Brief pulls from
CISA KEV
NVD / NIST
Microsoft MSRC
Cisco PSIRT
Apple Security
Oracle CPU
Fortinet PSIRT
Ivanti Advisories
VMware Security
Palo Alto Networks
Juniper Networks
F5 Networks
Google Chrome
Adobe Security
OSINT Aggregators
Ten working mock consoles share the same incidents and evidence. Learn with labs, prove it with drills, then sit the analyst desk and see what you missed.
SIEM
Security Info & Event Mgmt
Log correlation, alert triage, dashboards and threat hunting across a mock event stream.
NGFW
Next Generation Firewall
Policy management, traffic analysis, threat prevention rules and network segmentation.
EDR
Endpoint Detection & Response
Endpoint telemetry, process trees, threat isolation and guided incident investigation.
Email Security
Phishing & Threat Filter
Phishing detection, quarantine management, header analysis and URL sandboxing.
Identity
IAM / Directory Services
User provisioning, MFA, role based access control and anomalous login detection.
VM
Vulnerability Management
Asset scanning, CVE prioritization, remediation tracking and risk scoring.
SOAR
Security Orchestration
Playbook automation, orchestration across tools, and incident response workflows.
TIP
Threat Intelligence Platform
IOC management, actor profiles, campaign tracking and threat feed integration.
CASB
Cloud App Security Broker
Shadow IT discovery, DLP policies, cloud app risk scoring and access governance.
Ticketing
Incident & Case Queue
Case management, SLA tracking, kanban boards and sprint based analyst workflows.
Find the room
01
Browse the map
Click a state or choose virtual. The calendar handles conferences, CTFs, training, webinars, and meetups without asking you to remember which site hid the useful filter.
02
Filter the damage
Narrow by type, cost, format, month, or location. It is a calendar with working filters, which apparently counts as a feature now.
03
Check back monthly
The list is refreshed every month from event sources across the United States, plus virtual events you can attend without finding a hotel.
What is indexed
Format
In person, hybrid, virtual
Types
Conferences, CTFs, training
Location
United States and online
Refresh
Monthly
events.foyl.io Map view Free to browse
How it works
01
Five APIs, no auth required
I found five job boards that give free access without accounts: RemoteOK, Arbeitnow, Jobicy, The Muse, and Working Nomads. They supply a raw pool of about 200 listings every Monday.
02
Claude filters the noise
Haiku reads the pile and cuts it down to the 50 most relevant cyber and IT roles, with an entry and mid level bias. Anything requiring 15 years of experience or a clearance above SECRET gets dropped.
03
Fresh board every Monday
Cron fires, new jobs go up, old ones are gone. No reruns from last week, no duplicate postings. Check it Monday morning and apply somewhere instead of scrolling LinkedIn until morale improves.
What you get
Volume
50 listings per week
Refresh
Every Monday
Focus
Cyber & IT only
Level
Entry and mid level
Filter
AI selected, not keyword matched
Cost
Free. Obviously.
Data sources
RemoteOK Arbeitnow Jobicy The Muse Working Nomads
What it is
62
Curated OSINT tools
Sixty two hand picked open source intelligence tools across malware analysis, threat intel, DNS and domains, IP and networks, scanning, credentials, blockchain, proxy detection, and analysis.
2h
10
Categories, filters, search
Filter by access tier, health status, or category. Search names, descriptions, and tags. Results are instant because pagination had its chance.
Tool categories
Malware
Analysis & Sandbox
Threat Intel
IOC & Reputation
DNS & Domain
WHOIS, Certs, DMARC
IP & Network
ASN, BGP, Geolocation
Scanning
Exposure & Attack Surface
Credentials
Breaches & Leaks
Stats
62 tools Free & account Checked every 2h osint.foyl.io
What it is
382
Certification sample tests
Five question previews for 382 cybersecurity certifications, from CompTIA A+ and Security+ through OSCP and CISSP. Get a genuine feel for the difficulty in under 60 seconds.
4
Difficulty tiers
Every cert is tagged Entry, Mid, Advanced, or Expert. Filter by tier and spend less time pretending the exam vendor explained the audience.
25
Career path guide
Twenty five cybersecurity career paths with collapsible cert trees for SOC analysts, penetration testers, cloud security, GRC, and more. See which certs stack toward a target role.
Cert categories
CompTIA
A+, Net+, Sec+, CySA+, CASP+
Offensive
OSCP, OSEP, CEH, GPEN
Cloud
AWS, Azure, GCP security certs
GRC
CISSP, CISM, CISA, CRISC
Forensics
GCFE, GCFA, EnCE
Vendor
Cisco, Palo Alto, Splunk
Stats
382 certs Entry → Expert 25 career paths learn.foyl.io/certs
What it is
14
Full MITRE ATT&CK® Enterprise matrix
All 14 ATT&CK® tactics and more than 200 techniques rendered as an interactive, scrollable matrix. Click any technique for its description, subtechniques, group usage, mitigations, and detection guidance.
20+
Real APT group profiles
More than 20 real threat actor groups mapped to known techniques, including APT28, APT29, Lazarus, Scattered Spider, LockBit, Conti, and Sandworm. Each profile includes aliases, country, sponsor, motivation, and key techniques.
4
Attack campaign walkthroughs
Four named attack campaigns with animated paths across the matrix. Move through each technique in sequence with context on what the attacker did and why.
Features
Coverage
200+ techniques, 14 tactics
Groups
20+ APT profiles mapped
Campaigns
4 walkthroughs with paths
Filter
Windows · Linux · macOS · Cloud
Search
Technique ID, name, or group
Version
MITRE ATT&CK® Enterprise v14.1
Quick stats
learn.foyl.io/attack ATT&CK® v14.1 Free to use foyl Learn account
Philosophy
How this keeps getting built.
Three rules. “Stop adding things” remains under review.
01
Useful before impressive

If it looks clever but does not help on a Tuesday morning, it can go be clever somewhere else.

02
Show the machinery

Mock data is labeled mock. AI output is labeled AI. Mystique is not a security control.

03
Keep the reading survivable

It is called foyl, not mandatory quarterly enablement. The required reading stays brief.

The browser is already open.

That removes the last respectable excuse.

Enter foyl Learn → The Brief foyl Events foyl Jobs foyl OSINT foyl Certs foyl Attack