blue-team

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams

💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

An Active Defense and EDR software to empower Blue Teams

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

A collection of awesome security hardening guides, tools and other resources

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.

Respounder detects presence of responder in the network.

Detecting ATT&CK techniques & tactics for Linux

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Monitoring your Slack workspaces for sensitive information

网络安全 · 攻防对抗 · 蓝队清单，中文版

Monitoring GitLab for sensitive data shared publicly

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

🗒️ A [work-in-progress] collection for interview questions for Information Security roles

Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

Dorothy is a tool to test security monitoring and detection for Okta environments

🦁 Juumla is a python tool designed to identify Joomla version, scan for vulnerabilities and search for config files.

Cloud Incident and Response Simulations

Linux Rootkits (4.x Kernel)

Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.

Monitoring GitHub for sensitive data shared publicly

LLMNR/NBNS/mDNS Spoofing Detection Toolkit

Lightweight utility to fool port scanners

A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.

Collection of PowerShell functinos and scripts a Blue Teamer might use

Practical Orientation Of MVISION EDR Query Language