Skip to content

Latest commit

 

History

History
126 lines (61 loc) · 9.16 KB

README.md

File metadata and controls

126 lines (61 loc) · 9.16 KB

BlueTeam


--- To be Updated ---

  • The Red Canary Blog - Security teams need an ally to help defend against adversaries. Check out our blog for tips on increasing visibility, expanding detection coverage, and improving information security

  • SANS Internet Storm Center - ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers

  • DevSecOps An informational site for security and business practitioners looking for innovative ways to incorporate security at scale

  • Adversary Tactics: PowerShell - Intro, Basics, Remoting, PowerShell Without PowerShell

  • Detectify - Security blog from Detectify, Automated security and asset monitoring for all teams

  • Boss of the SOC - BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite and other resources to answer a variety of questions about the type of real-world security incidents

  • Cybrary - Cybrary offers a variety of free and paid online cybersecurity courses, including training for blue team professionals

  • Blue Team Village - Blue Team Village is a community-led organization that provides education and resources for blue teamers, including presentations, workshops, and capture-the-flag (CTF) events

  • MITRE ATT&CK - MITRE ATT&CK is a framework that helps organizations understand how attackers operate and provide a common language for describing and sharing information about cyber threats

  • CIS Controls - The Center for Internet Security (CIS) Controls are a set of guidelines for implementing and improving an organization's cybersecurity posture

  • TheHive Project - TheHive is a free, open-source incident response platform that includes case management, collaboration, and analysis capabilities


Incident Investigation

Threat Intelligence

  • Spyse - Spyse is a search engine built for a quick cyber intelligence of IT infrastructures, networks, and even the smallest parts of the internet

  • Intel Owl - Analyze files, domains, and IPs in multiple ways from a single API at scale

  • VirusTotal - VirusTotal is a free online service that analyzes files and URLs for potential malware and provides information about their behavior

  • Shodan - Shodan is a search engine for Internet-connected devices, providing information about open ports, operating systems, and other details that may be useful for threat intelligence

  • OpenCTI - OpenCTI is an open-source platform for managing and sharing threat intelligence

  • MISP - MISP (Malware Information Sharing Platform) is a free, open-source platform for sharing threat intelligence between organizations

SIEM

  • Grafana - Grafana is the open source analytics & monitoring solution for every database

  • SIEMonster -SIEMonster is an Enterprise-grade Security Information and Event Management (SIEM), built on scalable, open source components

  • Boss of the SOC - BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite and other resources to answer a variety of questions about the type of real-world security incidents

Detection Engineering & Threat Hunting

  • Sigma - Generic Signature Format for SIEM Systems

  • Vectr.io - Purple Teams through VECTR™ generates success defense metrics and help align Red and Blue Teams towards the same mission: protecting the organization by discovering and plugging detection gaps

  • Emerging Threats - Emerging Threats Rule Documentation Wiki containing all current rules

  • Atomic Red Team - Atomic Red Team is a collection of tests that organizations can use to validate their detection and response capabilities

  • CyberChef - CyberChef is a free, open-source tool for analyzing and decoding data, which can be useful for threat hunting and incident response

  • Elastic Security Detection Rules - Elastic Security provides a collection of detection rules for various threats and attack techniques, which can be used with the Elastic Stack

  • YARA - YARA is a pattern-matching tool for identifying and classifying malware and other threats

  • LOLRMM - LOLRMM is a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors

Log Management & Object Storage

  • Fluentd - Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data

  • Graylog - Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data

  • MinIO - MinIO is the world's fastest object storage server. With READ/WRITE speeds of 183 GB/s and 171 GB/s on standard hardware, MinIO can help you quickly and easily store and manage your security logs and other machine data

  • Elasticsearch - Elasticsearch is a distributed, RESTful search and analytics engine that can be used for real-time search, log analysis, and more. It's commonly used in conjunction with the Kibana dashboard and the Logstash data processing pipeline to form what's known as the ELK stack

  • AWS CloudWatch Logs - Amazon CloudWatch Logs lets you monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, and other cloud resources. With CloudWatch Logs, you can centralize logs from multiple sources and analyze them in real-time using CloudWatch Logs Insights

  • Google Cloud Logging - Google Cloud Logging lets you store, search, analyze, and monitor your logs from Google Cloud Platform and Amazon Web Services (AWS). It's a fully-managed service that can scale to meet the needs of even the largest organizations, and it integrates with a wide range of other Google Cloud services, such as BigQuery and Cloud Pub/Sub

  • Azure Log Analytics - Azure Log Analytics is a service in the Azure ecosystem that helps you collect and analyze data generated by resources in your cloud and on-premises environments. It can be used for log and performance data analysis, as well as security and compliance monitoring

OSINT

DFIR

  • Digital Forensics and Incident Response

  • Volatility - Volatility is a free, open-source framework for analyzing memory dumps, which can be useful for incident response and forensic investigations

  • Autopsy - Autopsy is a digital forensic platform that can be used to analyze disk images and other artifacts

  • SIFT Workstation - SIFT (SANS Investigative Forensic Toolkit) is a free digital forensics platform that includes a variety of tools and resources for incident response and forensic investigations

Malware Analysis & Reverse Engineering

  • MalGamy - A blog for case study and in-depth analysis of malware

  • Learn Ghidra - Exercises to get started with Ghidra and advanced development