Awesome Security Hardening

https://github.com/decalage2/awesome-security-hardening

NCSC's Platform Security Guidance

https://www.ncsc.gov.uk/collection/device-security-guidance

Microsoft guide to preventing the onward compromise of cloud infrastructure following a successful on-prem attack

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/protecting-microsoft-365-from-on-premises-attacks/ba-p/1751754

Incredibly useful guide to the additional Security functionality offered by the (ruinously expensive) upgrade from E3 to E5

https://frankmcg.com/2020/09/purchased-microsoft-365-e5-now-what/

Securing privileged access for hybrid and cloud deployments in Azure AD

https://docs.microsoft.com/en-us/azure/active-directory/roles/security-planning#ensure-separate-user-accounts-and-mail-forwarding-for-global-administrator-accounts

Hardening O365

https://medium.com/falconforce/reducing-your-office365-attack-surface-1073a4d46a7b

Keep Office 365 safe from BEC when you are an SME

https://www.comae.com/posts/keep-office-365-safe-from-bec-when-you-are-an-sme/

The ASD's guide to Apple iOS 14 hardening

https://www.cyber.gov.au/acsc/view-all-content/publications/security-configuration-guide-apple-ios-14-devices

You need a paid licence to use these commercially

https://www.cisecurity.org/cis-benchmarks/

https://fleetdm.com/handbook/security#google-workspace-security

Google's guide for small and large businesses

https://support.google.com/a/answer/9211704

https://support.google.com/a/answer/7587183

Mandiant's guide to hardening against destructive attacks / wipers.

https://www.mandiant.com/resources/protect-against-destructive-attacks

Bloodhound maps the hidden relationships in AD and Ransomulator visualises it

https://bloodhound.readthedocs.io/en/latest/index.html

https://github.com/BloodHoundAD/BloodHound

https://github.com/zeronetworks/BloodHound-Tools/tree/main/Ransomulator

https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/system-hardening-for-xenapp-and-xendesktop.pdf

NSA / CISA's guide to network hardening. Slightly old school and very Cisco focused so YMMV

https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF

NSA / CISA's guide to Kubernetes hardening.

https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/0/CTR_Kubernetes_Hardening_Guidance_1.1_20220315.PDF

NCC's library of exploit mitigations

https://github.com/nccgroup/exploit_mitigations

Guide to hardening Github. Critical in many organisations' CI/CD pipelines

https://alsmola.medium.com/securing-github-organizations-9c33c850638

Microsoft's Windows Security Configuration Framework

https://github.com/microsoft/SecCon-Framework/blob/master/windows-security-configuration-framework.md

HardeningKitty is a powershell script to harden Windows

https://github.com/0x6d69636b/windows_hardening

Mandiant's guide to Linux Endpoint Hardening

https://www.mandiant.com/sites/default/files/2022-03/wp-linux-endpoint-hardening.pdf

The original Google 'Beyondcorp' paper

https://research.google/pubs/pub43231/

NSA's paper "Embracing a Zero Trust Security Model"

https://media.defense.gov/2021/Feb/25/2002588479/-1/-1/0/CSI_EMBRACING_ZT_SECURITY_MODEL_UOO115131-21.PDF

Microsoft's view on Zero Trust

https://docs.microsoft.com/en-us/security/zero-trust/