Blue Team
Explore 53 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
A framework for testing and exploiting race conditions in software
Bluetooth experimentation framework for Broadcom chips firmware interaction and update.
An Open-source intelligence (OSINT) honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers.
Platform offering cybersecurity courses for Red, Blue, and Purple Teamers by Picus.
A tool for discovering and enumerating external attack surfaces
An active and aggressive honeypot tool for network security.
A workshop on hacking Bluetooth Smart locks, covering architecture, vulnerabilities, and exploitation techniques.
A laser tripwire tool to hide windows, lock computer, or execute custom scripts upon motion detection.
A newsletter providing summarized cyber defense technical content for blue and purple teams to stay informed and protect their estates.
A new approach to computer network defense that leverages knowledge about advanced persistent threats, using a kill chain model to describe phases of intrusions and map adversary kill chain indicators to defender courses of action.
A detailed manual for cybersecurity professionals focusing on red team, OSINT, and blue team strategies.
RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
A network protocol panic button operating decentralized through UDP broadcasts and HTTP, intended for sensitive networks to prevent cold boot attacks.
Repository of tools for testing iPhone messaging by Project Zero
A cheat sheet for default credentials to aid in penetration testing and vulnerability assessment
A lab designed for defenders to quickly build a Windows domain pre-loaded with security tooling and best practices in system logging configurations.
RedEye is a visual analytic tool for enhancing Red and Blue Team operations.
A tool for interacting with the MSBuild API, enabling malicious activities and evading detection.
A super-simple, modern framework for organizing and automating cybersecurity tasks.
A PowerShell module for threat hunting via Windows Event Logs
An informational repo about hunting for adversaries in your IT environment.
A modular, menu-driven tool for building repeatable, time-delayed, distributed security events.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
A low Interaction Client honeypot designed to detect malicious websites through signature, anomaly and pattern matching techniques.
A project with Terraform and Ansible scripts to create an orchestrated BlueTeam Lab for testing attacks and forensic artifacts on Windows environment.
A pocket reference guide providing various options for navigating and pivoting through different environments and situations.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
A week-long series of articles and talks on evading Microsoft Advanced Threat Analytics (ATA) detection
Parrot Security OS is a comprehensive, secure, and customizable operating system for cybersecurity professionals, offering over 600+ tools and utilities for red and blue team operations.
Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.
Blue-team capture the flag competition for improving cybersecurity skills.
Dump the contents of the location database files on iOS and macOS with output options like KML and CSV.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
HonnyPotter is a WordPress plugin that logs all failed login attempts, with a caution to use it at your own risk.
A C2 front flow control tool designed to evade detection by Blue Teams, AVs, and EDRs.
A comprehensive and immersive 13-week course by NYU Tandon's OSIRIS Lab introducing students to offensive security with practical applications and research projects.
A basic Flask-based Outlook Web App (OWA) honeypot for cybersecurity experimentation.
Ansible role for deploying and managing Bifrozt honeypots
CrackMapExec (CME) - A tool for querying internal database for host and credential information in cybersecurity.
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
A multi-cloud tool for centralizing assets across multiple clouds with minimal configuration.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A guide to bypassing RFID card reader security mechanisms using specialized hardware