Blue Team
Explore 56 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
A framework for testing and exploiting race conditions in software
Bluetooth experimentation framework for Broadcom chips firmware interaction and update.
Bluetooth experimentation framework for Broadcom chips firmware interaction and update.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
An LLM-based honeypot file system creator that generates realistic file systems and configurations to lure attackers and improve analyst engagement.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
A tool for discovering and enumerating external attack surfaces
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
A laser tripwire tool to hide windows, lock computer, or execute custom scripts upon motion detection.
A laser tripwire tool to hide windows, lock computer, or execute custom scripts upon motion detection.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A detailed manual for cybersecurity professionals focusing on red team, OSINT, and blue team strategies.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.
A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.
Repository of tools for testing iPhone messaging by Project Zero
Repository of tools for testing iPhone messaging by Project Zero
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A lab designed for defenders to quickly build a Windows domain pre-loaded with security tooling and best practices in system logging configurations.
A lab designed for defenders to quickly build a Windows domain pre-loaded with security tooling and best practices in system logging configurations.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
A cross-platform network detection tool that identifies Responder presence by sending LLMNR queries for non-existent hostnames.
A cross-platform network detection tool that identifies Responder presence by sending LLMNR queries for non-existent hostnames.
A PowerShell module for threat hunting via Windows Event Logs
An informational repo about hunting for adversaries in your IT environment.
An informational repo about hunting for adversaries in your IT environment.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
A project with Terraform and Ansible scripts to create an orchestrated BlueTeam Lab for testing attacks and forensic artifacts on Windows environment.
A project with Terraform and Ansible scripts to create an orchestrated BlueTeam Lab for testing attacks and forensic artifacts on Windows environment.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Blue-team capture the flag competition for improving cybersecurity skills.
Blue-team capture the flag competition for improving cybersecurity skills.
RDP based Honeypot that creates virtual machines for incoming connections and analyzes traffic with Suricata.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
A comprehensive and immersive 13-week course by NYU Tandon's OSIRIS Lab introducing students to offensive security with practical applications and research projects.
A comprehensive and immersive 13-week course by NYU Tandon's OSIRIS Lab introducing students to offensive security with practical applications and research projects.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
Ansible role for deploying and managing Bifrozt honeypots
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
RedELK enhances Red Team operations with SIEM capabilities to monitor and alert on Blue Team activities.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A red team planning framework document that guides exercise preparation with emphasis on blue team value, stakeholder engagement, and avoiding negative motivational approaches.
A red team planning framework document that guides exercise preparation with emphasis on blue team value, stakeholder engagement, and avoiding negative motivational approaches.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A guide to bypassing RFID card reader security mechanisms using specialized hardware
A guide to bypassing RFID card reader security mechanisms using specialized hardware
