Blue Team
Explore 32 curated tools and resources
PINNED
Promoted • 6 toolsWant your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
SimSpace Platform is a cyber range solution that provides realistic environments for cybersecurity training, testing, and optimization of security capabilities.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
An open-source OSINT honeypot that monitors threat actor reconnaissance attempts and generates early-warning intelligence for blue teams during the pre-attack phase.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A detailed manual for cybersecurity professionals focusing on red team, OSINT, and blue team strategies.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
A Python-based framework that generates evidence of MITRE ATT&CK tactics to help blue teams test their detection capabilities against simulated malicious activities.
A centralized reference resource containing default credentials for various devices and systems to assist security professionals in both offensive and defensive operations.
A centralized reference resource containing default credentials for various devices and systems to assist security professionals in both offensive and defensive operations.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
A web-based visualization tool for navigating and annotating MITRE ATT&CK matrices to support threat analysis, defensive planning, and security coverage assessment.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
A modular, cross-platform framework for creating repeatable, time-delayed security events and scenarios for Blue Team training and Red Team operations.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Blue-team capture the flag competition for improving cybersecurity skills.
Blue-team capture the flag competition for improving cybersecurity skills.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
A multi-cloud asset enumeration tool that helps blue teams centralize and inventory assets across multiple cloud providers with minimal configuration.
A multi-cloud asset enumeration tool that helps blue teams centralize and inventory assets across multiple cloud providers with minimal configuration.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
PlumHound is a reporting engine that converts BloodHoundAD's Neo4J queries into operational security reports for analyzing Active Directory vulnerabilities and attack paths.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A planning framework document that guides red team exercise preparation with focus on blue team development and constructive learning outcomes.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A guide to bypassing RFID card reader security mechanisms using specialized hardware
A guide to bypassing RFID card reader security mechanisms using specialized hardware