Skip to content

Nexus SecOps Textbook Changelog

This document tracks all significant additions, revisions, and improvements to the Nexus SecOps encyclopedic textbook. The project is continuously updated to reflect the evolving threat landscape.

Version 2.0.0 — March 2026

Major Additions

New Chapters (16–40)

  • Ch16 Penetration Testing Methodology — full PTES coverage, scope/RoE, reporting
  • Ch17 Red Team Operations — adversary emulation, C2 frameworks, TIBER-EU
  • Ch18 Malware Analysis — static/dynamic analysis, YARA, sandbox evasion
  • Ch19 OSINT & Reconnaissance — Shodan, Certificate Transparency, OSINT framework
  • Ch20 Cloud Attack & Defense — IAM privilege escalation, CSPM, cloud IR
  • Ch21 OT/ICS/SCADA Security — Purdue model, ICS protocols, Stuxnet case study
  • Ch22 Threat Actor Encyclopedia — APT groups, eCrime, motivations, TTPs
  • Ch23 Ransomware Deep Dive — RaaS economics, kill chain, extortion, IR playbook
  • Ch24 Supply Chain Attacks — SolarWinds, SBOM, SLSA framework
  • Ch25 Social Engineering — phishing, BEC, cognitive biases, technical controls
  • Ch26 Insider Threats — UEBA, DLP, investigation procedure, legal considerations
  • Ch27 Digital Forensics — chain of custody, volatility order, artifact analysis
  • Ch28 Advanced Incident Response — ICS, war room, executive communication
  • Ch29 Vulnerability Management — CVSS v3, EPSS, SLA tiers, risk-based priority
  • Ch30 Application Security — OWASP Top 10 2021, SAST/DAST, threat modeling
  • Ch31 Network Security Architecture — defense zones, NDR, microsegmentation
  • Ch32 Cryptography Applied — TLS 1.3, PKI, post-quantum (CRYSTALS-Kyber)
  • Ch33 Identity & Access Security — FIDO2, PAM, AD attack paths, JIT access
  • Ch34 Mobile & IoT Security — MDM, OWASP Mobile Top 10, IoT segmentation
  • Ch35 DevSecOps Pipeline — shift-left, SLSA, secrets management, IaC scanning
  • Ch36 Purple Team Operations — VECTR, ATT&CK emulation, detection validation
  • Ch37 AI & Machine Learning Security — adversarial ML, LLM OWASP Top 10, AI red teaming
  • Ch38 Advanced Threat Hunting — maturity model, hypothesis library, Jupyter hunting
  • Ch39 Zero Trust Implementation — NIST SP 800-207, pillars, CISA maturity model
  • Ch40 Security Program Leadership — CISO responsibilities, board communication, budget

New Quizzes (Ch16–Ch40)

25 new professional-grade quiz files at CySA+/CISSP difficulty with 10 questions each.

New Tools & Reference Pages

  • Detection Query Library — 60+ production-ready KQL and SPL queries organized by ATT&CK tactic
  • Threat Hunt Hypothesis Library — 50+ hypotheses with methodology and false positive guidance
  • ATT&CK Quick Reference Cheat Sheet — 14 tactics, top 30 techniques, threat actor table
  • Windows Forensics Cheat Sheet — Critical Event IDs, artifacts, LOLBAS, AD attacks
  • SOC Metrics Cheat Sheet — Formulas, benchmarks, maturity thresholds, executive dashboards

New IR Playbooks (6 Production-Ready)

  • Ransomware — with EDR isolation commands, krbtgt reset, OFAC check
  • Business Email Compromise (BEC) — financial recovery, OAuth token revocation
  • Cloud Breach — AWS/Azure/GCP specific containment, IAM audit
  • Insider Threat — covert investigation, legal hold, synchronized termination
  • Supply Chain Compromise — SBOM review, hash verification, staged recovery
  • Data Breach — notification matrix (GDPR/HIPAA/SOC2/SEC), breach notification templates

New Scenarios (SC-009 through SC-012)

  • SC-009: Cloud Account Takeover → Data Exfiltration
  • SC-010: Nation-State APT — Long-Term Espionage
  • SC-011: OT/ICS Ransomware Attack on Manufacturing
  • SC-012: AI Security Incident — LLM Prompt Injection

Infrastructure

  • Learning graph: 77 nodes, 107 edges covering all 10 taxonomy categories
  • Duplicate chapter file cleanup (12 old-naming files merged into canonical names)
  • mkdocs.yml: Full nav for all 40 chapters, 25 quiz files, 3 new tool pages, 6 playbooks, 4 new scenarios
  • Site description updated to reflect full scope

Bug Fixes

  • Resolved duplicate chapter files (ch01-intro.md vs ch01-introduction.md pattern — 12 pairs resolved)
  • Fixed graph.json missing (was fetched by graph-viewer.html but didn't exist)
  • Fixed taxonomy.md chapter mapping (was incomplete at ch12, now covers all 40 chapters + 16 sims)

Version 1.5.0 — February 2026

Additions

  • MicroSims 12–16 (Attack Path Visualizer, Ransomware Kill Chain, Threat Actor TTP Matrix, Sigma Rule Builder, Zero Trust Architecture Designer)
  • Labs 9–10 (Purple Team Exercise, Advanced Threat Hunting)
  • Attack Scenarios SC-005 through SC-008
  • Lab 10 synthetic dataset generator (50K+ events across 4 log types)
  • Learning graph viewer (vis.js, interactive, 10-category filtering)
  • Chapters 17–40 content
  • Full taxonomy.md with 10-class classification system

Improvements

  • mkdocs.yml updated with complete 40-chapter navigation
  • Quizzes index expanded to cover all 40 chapters
  • taxonomy.md chapter mapping expanded to all 40 chapters and 16 microsims

Version 1.0.0 — January 2026

Initial Release

  • 15 core SecOps chapters (Ch01–Ch15)
  • 8 interactive MicroSims
  • 8 hands-on Labs
  • 4 Attack Scenarios (SC-001–SC-004)
  • 12 chapter quizzes (Ch01–Ch12)
  • 120+ tool encyclopedia
  • Certification roadmap
  • Benchmark framework (Nexus SecOps) with 6 framework mappings
  • Architecture reference documents
  • Glossary (850 lines) + Extended Glossary (767 lines)
  • 4 common alert runbooks
  • 5 policy/SOP templates
  • Learning graph concepts (77 concepts, 10 taxonomy categories)

Roadmap — Upcoming

Version 2.1 (Q2 2026)

  • [ ] Lab 11: Red Team vs. Blue Team Live Exercise
  • [ ] Lab 12: AI-Powered Detection Engineering
  • [ ] MicroSim 17: Supply Chain Attack Analyzer
  • [ ] MicroSim 18: Cloud IAM Privilege Escalation Explorer
  • [ ] Chapter 41: Cyber Insurance & Regulatory Compliance
  • [ ] Chapter 42: Building a Detection Engineering Team
  • [ ] Scenarios SC-013–SC-016 (BEC, Cryptojacking, Mobile APT, DevOps Pipeline Attack)
  • [ ] Expanded threat actor profiles with current TTP matrices
  • [ ] Runbooks: 10 additional common alert types
  • [ ] Spanish language localization (partial)

Version 3.0 (Q3 2026)

  • [ ] Interactive ATT&CK Navigator integration (embedded)
  • [ ] Sigma rule export from Detection Query Library
  • [ ] API for programmatic access to benchmark data
  • [ ] Integration with OpenCTI for live threat intelligence
  • [ ] Video walkthroughs for each lab
  • [ ] Community contribution workflow (GitHub PR process)

Contributing

See the Editorial Style Guide for content standards.

To suggest additions or corrections, open an issue at the project repository. All contributions should: - Follow the Nexus SecOps writing standards - Include ATT&CK technique mappings where applicable - Pass markdown linting (markdownlint) - Reference primary sources (CISA, NIST, MITRE, vendor research)

Maintained by Nexus SecOps Contributors. Licensed CC BY-NC-SA 4.0.