foyl
foyl
Gettin Thangs Ready
Security Intelligence Platform

A bunch of resources that make getting into entry/mid level cyber less horrible

Literally just uses Claude to aggegate and summarize RSS, KEV, NVD, you get the point.

Open The Brief → Open foyl Learn foyl Jobs foyl OSINT foyl Certs
CISA KEV NVD / NIST Microsoft MSRC Cisco PSIRT Apple Security Oracle CPU Fortinet PSIRT Ivanti Advisories VMware Security Palo Alto Networks Juniper Networks F5 Networks Google Chrome Adobe Security OSINT Feeds CISA KEV NVD / NIST Microsoft MSRC Cisco PSIRT Apple Security Oracle CPU Fortinet PSIRT Ivanti Advisories VMware Security Palo Alto Networks Juniper Networks F5 Networks Google Chrome Adobe Security OSINT Feeds A Bunch of Other Shit
Daily
AI Threat Briefing
Every morning at 7 am EST
100+
Sources Tracked
Multiple platforms and vendors.
10+
Mock SOC Tools
SIEM, EDR, NGFW, MailGuard, CASB, etc.
Live
Real OSINT Sources
CISA KEV, NVD, MSRC and vendor feeds
Platform
Multiple tools. One intelligence stack.
I occassionally add resources that may help ya out. Check back for updates.
4
11
3
7
CRIT
KEV
HIGH
HIGH
MED
Intelligence · Daily
The Brief

AI-generated SOC threat intelligence briefing — critical and high CVEs, CISA KEV, Patch Tuesday across 12 vendors, threat actor profiles, and detection queries.

Daily briefing · 07:00 EST
Patch Tuesday · 12 vendors
Rapid7 & SentinelOne queries
Threat actor profiles
CISA KEV tracking
Week in Review
Live brief.foyl.io AI-generated
In Development
Training · Interactive
foyl Learn

Fully functional mock SOC tooling. Work through guided scenarios in actual dashboards or freely roam around SecOps tooling.

SIEM · EDR · NGFW
TIP · CASB · SOAR
Identity & IAM
Vulnerability Mgmt
Email security
Incident ticketing
In development learn.foyl.io
Directory · Live Health
foyl OSINT

62 curated OSINT tools for security analysts — organized by category with live health monitoring every 2 hours via GitHub Actions.

62 curated tools
10 categories
Free & account tiers
Malware · DNS · IP
TIP · OSINT platforms
Blockchain · Credentials
Live osint.foyl.io 62 tools
Job Board · Weekly
foyl Jobs

Find your next cybersecurity role with foyl Jobs. 50 hand-picked cyber and IT openings, refreshed every Monday. Entry and mid-level focused.

Weekly refresh · Mondays
Cyber & IT focused
Entry & mid-level
AI-curated picks
50 listings / week
Free to use
Live jobs.foyl.io AI-curated
CompTIA Security+
ENTRY
2 / 5
Certs · Sample Tests
foyl Certs

5-question sample tests for 100+ cybersecurity certifications. Get a feel for any cert in 60 seconds — from CompTIA to OSCP to CISSP.

100+ certifications
5-question previews
Entry to expert level
Instant scoring
Career path guide
Free to use
Live certs.foyl.io 100+ certs
Explore
One platform. Five tools.
Pick one and poke around.
Daily Briefing
Takes like 5 minutes to read so you don't have to look at news.
Why does UX design always require so many descriptions saying the exact same thing?
CVSS scores, affected products, and plain-English summaries per threat
Severity triage — critical and high separated from medium and below
Actively exploited CVEs flagged prominently at the top
CISA KEV
Known exploited. Tracked daily.
The CISA Known Exploited Vulnerabilities catalog is monitored continuously. New KEV additions are surfaced immediately with remediation due dates and patching priority.
New KEV entries called out separately from standard threats
CISA-mandated remediation deadlines shown inline
Cross-referenced against Patch Tuesday and vendor advisories
Patch Tuesday
12 vendors. One read.
Monthly vendor security updates tracked across Microsoft, Cisco, Apple, Oracle, Fortinet, Ivanti, VMware, Palo Alto, Juniper, F5, Google, and Adobe — with per-vendor AI summaries.
Per-vendor patch counts, critical/important breakdown, zero-day flags
Top CVEs per vendor with CVSS and exploitation status
CEO-ready executive summary alongside SOC-level detail
Threat Actors
Named groups. Real context.
Active threat actor profiles tracked with motivations, TTPs, target sectors, and recent campaign activity. Updated when groups resurface in credible reporting.
Nation-state, criminal, and hacktivist groups profiled
MITRE ATT&CK technique mappings per actor
Recent campaigns and IOC associations linked inline
Detection Queries
Ready to deploy. Same day.
Detection logic for Rapid7 InsightIDR and SentinelOne generated directly from each day's specific threats. Copy, paste, deploy — no translation required.
Rapid7 InsightIDR LEQL queries per threat
SentinelOne Deep Visibility queries per threat
Tied directly to CVEs in the same briefing — no cross-referencing
Week in Review
Friday wrapup
A Friday summary of the week's most significant threats, CISA activity, and emerging trends — with a two-sentence CEO briefing format ready for escalation.
Top 5 threats of the week ranked by severity and exploitation risk
CISA activity summary for the week
Executive summary written for non-technical stakeholders
Where The Brief pulls from
CISA KEV
NVD / NIST
Microsoft MSRC
Cisco PSIRT
Apple Security
Oracle CPU
Fortinet PSIRT
Ivanti Advisories
VMware Security
Palo Alto Networks
Juniper Networks
F5 Networks
Google Chrome
Adobe Security
OSINT Aggregators
Each tool is a fully functional mock, fully frontend rendition of real security tools. Labs let you work through concepts with some support.
SIEM
Security Info & Event Mgmt
Log correlation, alert triage, dashboards and threat hunting across a mock event stream.
NGFW
Next-Gen Firewall
Policy management, traffic analysis, threat prevention rules and network segmentation.
EDR
Endpoint Detection & Response
Endpoint telemetry, process trees, threat isolation and guided incident investigation.
Email Security
Phishing & Threat Filter
Phishing detection, quarantine management, header analysis and URL sandboxing.
Identity
IAM / Directory Services
User provisioning, MFA, role-based access control and anomalous login detection.
VM
Vulnerability Management
Asset scanning, CVE prioritization, remediation tracking and risk scoring.
SOAR
Security Orchestration
Playbook automation, cross-tool orchestration, and incident response workflows.
TIP
Threat Intelligence Platform
IOC management, actor profiles, campaign tracking and threat feed integration.
CASB
Cloud App Security Broker
Shadow IT discovery, DLP policies, cloud app risk scoring and access governance.
Ticketing
Incident & Case Queue
Case management, SLA tracking, kanban boards and sprint-based analyst workflows.
How it works
01
Five APIs, no auth required
I found five job boards that give free access without accounts — RemoteOK, Arbeitnow, Jobicy, The Muse, and Working Nomads. Pull a raw pool of ~200 listings every Monday.
02
Claude filters the noise
Haiku reads the pile and cuts it down to the 50 most relevant cyber and IT roles. Entry and mid-level bias. Anything requiring 15 years of experience or a clearance above SECRET gets dropped.
03
Fresh board every Monday at 9AM
Cron fires, new jobs go up, old ones are gone. No reruns from last week, no duplicate postings. Just check it Monday morning and go apply somewhere instead of doom-scrolling LinkedIn.
What you get
Volume
50 listings per week
Refresh
Every Monday, 9AM EST
Focus
Cyber & IT only
Level
Entry + mid-level
Filter
AI-curated, not keyword-matched
Cost
Free. Obviously.
Data sources
RemoteOK Arbeitnow Jobicy The Muse Working Nomads
What it is
62
Curated OSINT tools
62 hand-picked open-source intelligence tools across malware analysis, threat intel, DNS/domain, IP/network, scanning, credentials, blockchain, proxy detection, OSINT platforms, and analysis.
2h
Live health monitoring
GitHub Actions checks every tool's availability every 2 hours — latency included. Operational, degraded, and down status shown inline on every card. No stale directories.
10
Categories, filters, search
Filter by access tier (free vs. account required), health status, or category. Full-text search across name, description, and tags. Instant results — no pagination.
Tool categories
Malware
Analysis & Sandbox
Threat Intel
IOC & Reputation
DNS & Domain
WHOIS, Certs, DMARC
IP & Network
ASN, BGP, Geolocation
Scanning
Exposure & Attack Surface
Credentials
Breaches & Leaks
Stats
62 tools Free & account Checked every 2h osint.foyl.io
What it is
100+
Certification sample tests
5-question previews for 100+ cybersecurity certifications — from entry-level CompTIA A+/Security+ to mid-level CySA+/CASP+ to advanced OSCP and CISSP. Get a genuine feel for any cert's difficulty in under 60 seconds.
4
Difficulty tiers
Every cert is tagged Entry, Mid, Advanced, or Expert. Filter by tier to find what's right for your experience level — no guesswork on whether a cert is within reach.
25
Career path guide
25 cybersecurity career paths with collapsible cert trees — SOC analyst, penetration tester, cloud security, GRC, and more. See exactly which certs stack toward your target role.
Cert categories
CompTIA
A+, Net+, Sec+, CySA+, CASP+
Offensive
OSCP, OSEP, CEH, GPEN
Cloud
AWS, Azure, GCP security certs
GRC
CISSP, CISM, CISA, CRISC
Forensics
GCFE, GCFA, EnCE
Vendor
Cisco, Palo Alto, Splunk
Stats
100+ certs Entry → Expert 25 career paths certs.foyl.io
Philosophy
How we build everything.
Three constraints that every foyl product has to pass before it ships.
01
Vibe coded out the a**

I'm lazy. I write like 20% of the code on a good day.

02
RSS feeds from everywhere

I use like 9 different model stacks to parse and aggregate feeds from all over. If you know me you can request a specific one.

03
It's in the name, it's brief

I'm like 95% illiterate, so I keep the required reading to a minimum.

How did the threat actor run from the police?

They ransomeware!

Open The Brief → Explore foyl Learn Find a Job foyl OSINT foyl Certs