Awesome-Mirrors
/
awesome-cybersecurity-blueteam
mirror of https://github.com/fabacab/awesome-cybersecurity-blueteam.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Initial commit.

This commit is contained in:
Meitar M 2018-07-23 15:09:43 -04:00
commit adb9706e62
No known key found for this signature in database
GPG Key ID: 07EFAA28AB94BC85
4 changed files with 105 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
ab-results*

12
.travis.yml Normal file
View File

@ -0,0 +1,12 @@
language: ruby
dist: trusty
rvm:
- 2.2
before_script:
- gem install awesome_bot
- wget 'https://mkcert.org/generate/' -O bundle.pem
- wget 'http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert.pem' -O dfn.pem
- wget 'http://cdp.pca.dfn.de/uni-potsdam-ca/pub/cacert/cacert.pem' -O potsdam.pem
- cat bundle.pem dfn.pem potsdam.pem > /tmp/bundle.pem
script:
- SSL_CERT_FILE="/tmp/bundle.pem" awesome_bot README.md --allow-redirect

46
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,46 @@
# Contribution Guidelines
**Your pull request should have a useful title. Please carefully read everything in [Adding to this list](#adding-to-this-list).**
## Table of Contents
* [Adding to this list](#adding-to-this-list)
* [Creating your own awesome list](#creating-your-own-awesome-list)
* [Adding something to an awesome list](#adding-something-to-an-awesome-list)
* [Updating your Pull Request](#updating-your-pull-request)
## Adding to this list
Please ensure your pull request adheres to the following guidelines:
* Search previous suggestions before making a new one, as yours may be a duplicate.
* Make sure the item you are adding is useful (and, you know, awesome) before submitting.
* Make an individual pull request for each suggestion.
* Use [title-casing](http://titlecapitalization.com) (AP style).
* Use the following format: `[Item Name](link)`
* Link additions should be added to the bottom of the relevant category.
* New categories or improvements to the existing categorization are welcome.
* Check your spelling and grammar.
* Make sure your text editor is set to remove trailing whitespace.
* The pull request and commit should have a useful title.
* The body of your commit message should contain a link to the repository.
Thank you for your suggestions!
## Adding something to an awesome list
If you have something awesome to contribute to an awesome list, this is how you do it.
You'll need a [GitHub account](https://github.com/join)!
1. Access the awesome list's GitHub page. For example: https://github.com/sindresorhus/awesome
2. Click on the `readme.md` file: ![Step 2 Click on Readme.md](https://cloud.githubusercontent.com/assets/170270/9402920/53a7e3ea-480c-11e5-9d81-aecf64be55eb.png)
3. Now click on the edit icon. ![Step 3 - Click on Edit](https://cloud.githubusercontent.com/assets/170270/9402927/6506af22-480c-11e5-8c18-7ea823530099.png)
4. You can start editing the text of the file in the in-browser editor. Make sure you follow guidelines above. You can use [GitHub Flavored Markdown](https://help.github.com/articles/github-flavored-markdown/). ![Step 4 - Edit the file](https://cloud.githubusercontent.com/assets/170270/9402932/7301c3a0-480c-11e5-81f5-7e343b71674f.png)
5. Say why you're proposing the changes, and then click on "Propose file change". ![Step 5 - Propose Changes](https://cloud.githubusercontent.com/assets/170270/9402937/7dd0652a-480c-11e5-9138-bd14244593d5.png)
6. Submit the [pull request](https://help.github.com/articles/using-pull-requests/)!
## Updating your Pull Request
Sometimes, a maintainer of this list will ask you to edit your Pull Request before it is included. This is normally due to spelling errors or because your PR didn't match the awesome-\* list guidelines.

46
README.md Normal file
View File

@ -0,0 +1,46 @@
# Awesome Cybersecurity Blue Team [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
> A collection of awesome resources, tool, and other shiny things for cybersecurity blue teams.
[Cybersecurity blue teams](https://en.wikipedia.org/wiki/Blue_team_(computer_security)) are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future. For offensive TTPs, please see [awesome-pentest](https://github.com/meitar/awesome-pentest).
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details. This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/).
## Contents
- [Network Security Monitoring (NSM)](#network-security-monitoring-nsm)
- [Network perimeter defenses](#network-perimeter-defenses)
- [Firewalling distributions](#firewalling-distributions)
- [Security Information and Event Monitoring (SIEM)](#security-information-and-event-monitoring-siem)
- [Transport-layer defense](#transport-layer-defenses)
## Network Security Monitoring
- [SpoofSpotter](https://github.com/NetSPI/SpoofSpotter) - Catch spoofed NetBIOS Name Service (NBNS) responses and alert to an email or log file.
- [Wireshark](https://www.wireshark.org) - Free and open-source packet analyzer useful for network troubleshooting or forensic netflow analysis.
- [netsniff-ng](http://netsniff-ng.org/) - Free and fast GNU/Linux networking toolkit with numerous utilities such as a connection tracking tool (`flowtop`), traffic generator (`trafgen`), and autonomous system (AS) trace route utility (`astraceroute`).
## Network perimeter defenses
- [fwknop](https://www.cipherdyne.org/fwknop/) - Protects ports via Single Packet Authorization in your firewall.
### Firewalling distributions
- [OPNsense](https://opnsense.org/) - FreeBSD based firewall and routing platform.
- [pfSense](https://www.pfsense.org/) - Firewall and router FreeBSD distribution.
## Security Information and Event Management (SIEM)
- [AlienVault OSSIM](https://www.alienvault.com/open-threat-exchange/projects) - Single-server open source SIEM platform featuring asset discovery, asset inventorying, behavioral monitoring, and event correlation, driven by AlienVault Open Threat Exchange (OTX).
- [Fast Incident Response (FIR)](https://github.com/certsocietegenerale/FIR) - Cybersecurity incident management platform allowing for easy creation, tracking, and reporting of cybersecurity incidents.
- [Prelude SIEM OSS](https://www.prelude-siem.org/) - Open source, agentless SIEM with a long history and several commercial variants featuring security event collection, normalization, and alerting from arbitrary log input and numerous popular monitoring tools.
## Transport-layer defenses
- [OpenVPN](https://openvpn.net/) - Open source, SSL/TLS-based virtual private network (VPN).
# License
[![CC-BY](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/by.svg)](https://creativecommons.org/licenses/by/4.0/)
This work is licensed under a [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/).