💻🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.

AD Security Intrusion Detection System

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

An Active Defense and EDR software to empower Blue Teams

Respounder detects presence of responder in the network.

Detecting ATT&CK techniques & tactics for Linux

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.

Monitoring your Slack workspaces for sensitive information

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted, security report maker, vulnerability report builder. Complete templates of issues, CWE, CVE, AES encryption, Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog and statistics, vulnerability management.

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

🗒️ A [work-in-progress] collection for interview questions for Information Security roles

Linux Rootkits (4.x Kernel)

Windows Task Scheduler Library for Go

Lightweight utility to fool port scanners

LLMNR/NBNS/mDNS Spoofing Detection Toolkit

An organizational asset and vulnerability management tool

This contains the public CCDC materials for Cyber@UCR.

Data EXfiltration TestER

Practical Orientation Of MVISION EDR Query Language

Sharing Threat Hunting runbooks

OSQuery GraphQL web service.

Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threat hunting, blue team assessments, audits, and security control assessments.

Red Team vs Blue Team. Series of 5 challanges. Are you up for it?

An Information Security Reference That Doesn't Suck

A blue-team tool, creates a list of USB-Rubber-Ducky instructions.

Easy to maintain open source documentation websites.

A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations.

Tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries