The Ultimate List of SANS Cheat Sheets

Need help cutting through the noise? SANS has a massive list of Cheat Sheets available for quick reference. 

*Please note that some are hosted on Faculty websites and not SANS.

General IT Security

• Linux Essentials
• ABCs of Cybersecurity
• Windows and Linux Terminals & Command Lines
• TCP/IP and tcpdump
• IPv6 Pocket Guide
• PowerShell Cheat Sheet
• Writing Tips for IT Professionals
• Tips for Creating and Managing New IT Products
• Tips for Getting the Right IT Job
• Tips for Creating a Strong Cybersecurity Assessment Report
• Security Architecture Cheat Sheet for Internet Applications
• Tips for Troubleshooting Human Communications
• Security Incident Survey Cheat Sheet for Server Administrators
• Network DDoS Incident Response Cheat Sheet
• Information Security Assessment RFP Cheat Sheet
• Python 3 Essentials

Digital Forensics and Incident Response

• JSON and jq Quick Start Guide
• SIFT Workstation Cheat Sheet
• Tips for Reverse-Engineering Malicious Code
• REMnux Usage Tips for Malware Analysis on Linux
• Analyzing Malicious Documents
• Malware Analysis and Reverse-Engineering Cheat Sheet
• SQlite Pocket Reference Guide
• Eric Zimmerman's tools Cheat Sheet
• Rekall Memory Forensics Cheat Sheet
• Linux Shell Survival Guide
• Windows to Unix Cheat Sheet
• Memory Forensics Cheat Sheet
• Hex and Regex Forensics Cheat Sheet
• FOR518 Mac & iOS HFS+ Filesystem Reference Sheet
• iOS Third-Party Apps Forensics Reference Guide Poster
• oledump.py Quick Reference

The majority of DFIR Cheat Sheets can be found here.

Offensive Operations

• Windows Intrusion Discovery Cheat Sheet v3.0
• Intrusion Discovery Cheat Sheet v2.0 (Linux)
• Intrusion Discovery Cheat Sheet v2.0 (Windows 2000)
• Windows Command Line
• Netcat Cheat Sheet
• Burp Suite Cheat Sheet
• BloodHound Cheat Sheet
• Misc Tools Cheat Sheet
• Windows Command Line Cheat Sheet
• SMB Access from Linux Cheat Sheet
• Pivot Cheat Sheet
• Google Hacking and Defense Cheat Sheet
• Scapy Cheat Sheet
• Nmap Cheat Sheet

Cloud Security

• Cloud Native Security Tool
• BigQuery Access Identity Architecture
• Inspection VPC Architecture Cheat Sheet
• Azure to GCP - Identity Architecture Cheat Sheet
• Azure to AWS Identity Architecture Cheat Sheet
• Multicloud Cheat Sheet
• Powershell for Enterprise & Cloud Compliance
• SOC 2 Examination

Industrial Control Systems (ICS)

• ICS Program Security Guide
• ICS Acronyms Guide
• ICS Assessment Guide

Cybersecurity Leadership

• CIMTK: Third-Party/Supply Chain Incident Management Plan
• Ransomware + Healthcare: A Deadly Combination
• What Your Privacy Officer is Trying to Tell You...If Only You Would Listen
• Powershell for Enterprise & Cloud Compliance
• SOC 2 Examination

All Around Defender Primers

• Linux CLI 101
• Linux CLI
• PowerShell Primer
• PowerShell Get-WinEvent

And don’t forget to check out our list of free posters. Find all the SANS posters here.