Summary: <p>Did I mention I love the Critical Security Controls? I do. And here's an absolute <em>diamond</em> I found this week:</p> <p>This site (<a href="http://www.auditscripts.com/free-resources/critical-security-controls/" rel="nofollow noreferrer noopener" target="_blank">http://www.auditscripts.com/free-resources/critical-security-controls/</a>) offers awesome CSC-mapping tools (and they're free!), specifically:</p> <ul> <li> <p>A spreadsheet with how the CSCs <a href="http://www.auditscripts.com/download/2742/" rel="nofollow noreferrer noopener" target="_blank">map</a> to other popular frameworks like ISO and NIST</p> </li> <li> <p>A <a href="http://www.auditscripts.com/download/2786/" rel="nofollow noreferrer noopener" target="_blank">manual assessment tool</a> for measuring your org - or someone else's org - against the CSCs. Flippin' sweet right? RIGHT!</p> </li> </ul><p>Also, be sure to come and <a href="https://7ms.us/slack" rel="nofollow noreferrer noopener" target="_blank">Slack chat</a> with us, as my pal <em>hackernovice</em> is building a tool called <a href="https://github.com/hackern0v1c3/MacMon" rel="nofollow noreferrer noopener" target="_blank">MacMon</a> to help you satisfy CSC #1!</p> <p>Lastly, I built an LOL-worthy pentesting recon tool called <a href="http://bpatty.rocks/#!scripts/linux/index.md" rel="nofollow noreferrer noopener" target="_blank">SSOTT</a> (Scan <em>Some</em> of the Things) that might help you automate some NMAPing, DIRBing, NIKTOing, and the like. Cheggitout!</p>
