Blue Team
Explore 53 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
A framework for testing and exploiting race conditions in software
Bluetooth experimentation framework for Broadcom chips firmware interaction and update.
Bluetooth experimentation framework for Broadcom chips firmware interaction and update.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
An LLM-based honeypot file system creator that generates realistic file systems and configurations to lure attackers and improve analyst engagement.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
A tool for discovering and enumerating external attack surfaces
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
A laser tripwire tool to hide windows, lock computer, or execute custom scripts upon motion detection.
A laser tripwire tool to hide windows, lock computer, or execute custom scripts upon motion detection.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A detailed manual for cybersecurity professionals focusing on red team, OSINT, and blue team strategies.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.
A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.
Repository of tools for testing iPhone messaging by Project Zero
Repository of tools for testing iPhone messaging by Project Zero
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A lab designed for defenders to quickly build a Windows domain pre-loaded with security tooling and best practices in system logging configurations.
A lab designed for defenders to quickly build a Windows domain pre-loaded with security tooling and best practices in system logging configurations.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
A PowerShell module for threat hunting via Windows Event Logs
An informational repo about hunting for adversaries in your IT environment.
An informational repo about hunting for adversaries in your IT environment.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
A project with Terraform and Ansible scripts to create an orchestrated BlueTeam Lab for testing attacks and forensic artifacts on Windows environment.
A project with Terraform and Ansible scripts to create an orchestrated BlueTeam Lab for testing attacks and forensic artifacts on Windows environment.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Blue-team capture the flag competition for improving cybersecurity skills.
Blue-team capture the flag competition for improving cybersecurity skills.
RDP based Honeypot that creates virtual machines for incoming connections and analyzes traffic with Suricata.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
A comprehensive and immersive 13-week course by NYU Tandon's OSIRIS Lab introducing students to offensive security with practical applications and research projects.
A comprehensive and immersive 13-week course by NYU Tandon's OSIRIS Lab introducing students to offensive security with practical applications and research projects.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
Ansible role for deploying and managing Bifrozt honeypots
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
RedELK enhances Red Team operations with SIEM capabilities to monitor and alert on Blue Team activities.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A guide to bypassing RFID card reader security mechanisms using specialized hardware
A guide to bypassing RFID card reader security mechanisms using specialized hardware
