Blue Team
Explore 53 curated tools and resources
LATEST ADDITIONS
A framework for testing and exploiting race conditions in software
Bluetooth experimentation framework for Broadcom chips firmware interaction and update.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
A tool for discovering and enumerating external attack surfaces
An active and aggressive honeypot tool for network security.
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
A laser tripwire tool to hide windows, lock computer, or execute custom scripts upon motion detection.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A detailed manual for cybersecurity professionals focusing on red team, OSINT, and blue team strategies.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.
Repository of tools for testing iPhone messaging by Project Zero
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A lab designed for defenders to quickly build a Windows domain pre-loaded with security tooling and best practices in system logging configurations.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
A PowerShell module for threat hunting via Windows Event Logs
An informational repo about hunting for adversaries in your IT environment.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
A project with Terraform and Ansible scripts to create an orchestrated BlueTeam Lab for testing attacks and forensic artifacts on Windows environment.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Blue-team capture the flag competition for improving cybersecurity skills.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
A comprehensive and immersive 13-week course by NYU Tandon's OSIRIS Lab introducing students to offensive security with practical applications and research projects.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
Ansible role for deploying and managing Bifrozt honeypots
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A guide to bypassing RFID card reader security mechanisms using specialized hardware
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security