Awesome-Mirrors
/
awesome-cybersecurity-blueteam
mirror of https://github.com/fabacab/awesome-cybersecurity-blueteam.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Awesome-Mirrors:df2a539bcd65d45c2a3db8bf2413c713b2a37f0c
Branches Tags
Awesome-Mirrors:main
...
compare: Awesome-Mirrors:182901a298aa6c231d8821d3a656af0392b8358d
Branches Tags
Awesome-Mirrors:main

4 Commits
df2a539bcd ... 182901a298

Author SHA1 Message Date
D3vil0p3r 182901a298
Merge 70190e096f into f8ee8314b7 2023-08-30 09:39:41 -03:00
0xACAB f8ee8314b7
Add Stratus Red Team. 2023-08-17 19:21:11 -04:00
fabacab 52614c3dc1
Add some interesting tools developed by CISA: RedEye, UGT, Crossfeed. 2023-07-18 00:58:13 -04:00
D3vil0p3r 70190e096f
Added FLARE VM 2022-12-15 23:52:37 +01:00
1 changed files with 10 additions and 1 deletions
Show Stats Expand all files Collapse all files

11
README.md
View File

@ -44,6 +44,7 @@ Many cybersecurity professionals enable racist state violence, wittingly or unwi
- [Operating System distributions](#operating-system-distributions)
- [Phishing awareness and reporting](#phishing-awareness-and-reporting)
- [Preparedness training and wargaming](#preparedness-training-and-wargaming)
- [Post-engagement analysis and reporting](#post-engagement-analysis-and-reporting)
- [Security configurations](#security-configurations)
- [Security monitoring](#security-monitoring)
- [Endpoint Detection and Response (EDR)](#endpoint-detection-and-response-edr)
@ -269,6 +270,7 @@ See also [Security Orchestration, Automation, and Response (SOAR)](#security-orc
- [OSXCollector](https://github.com/Yelp/osxcollector) - Forensic evidence collection & analysis toolkit for macOS.
- [ir-rescue](https://github.com/diogo-fernan/ir-rescue) - Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
- [Margarita Shotgun](https://github.com/ThreatResponse/margaritashotgun) - Command line utility (that works with or without Amazon EC2 instances) to parallelize remote memory acquisition.
- [Untitled Goose Tool](https://github.com/cisagov/untitledgoosetool) - Assists incident response teams by exporting cloud artifacts from Azure/AzureAD/M365 environments in order to run a full investigation despite lacking in logs ingested by a SIEM.
## Network perimeter defenses
@ -287,6 +289,7 @@ See also [Wikipedia: List of router and firewall distributions](https://en.wikip
## Operating System distributions
- [Computer Aided Investigative Environment (CAINE)](https://caine-live.net/) - Italian GNU/Linux live distribution that pre-packages numerous digital forensics and evidence collection tools.
- [FLARE VM](https://www.mandiant.com/resources/flare-vm-the-windows-malware) - Windows-based fully configured platform with a comprehensive collection of Windows security tools such as debuggers, disassemblers, decompilers, static and dynamic analysis utilities, network analysis and manipulation, web assessment, exploitation, vulnerability assessment applications, and many others.
- [Security Onion](https://securityonion.net/) - Free and open source GNU/Linux distribution for intrusion detection, enterprise security monitoring, and log management.
- [Qubes OS](https://qubes-os.org/) - Desktop environment built atop the Xen hypervisor project that runs each end-user program in its own virtual machine intended to provide strict security controls to constrain the reach of any successful malware exploit.
@ -317,8 +320,13 @@ See also [awesome-pentest § Social Engineering Tools](https://github.com/fabaca
- [Metta](https://github.com/uber-common/metta) - Automated information security preparedness tool to do adversarial simulation.
- [Network Flight Simulator (`flightsim`)](https://github.com/alphasoc/flightsim) - Utility to generate malicious network traffic and help security teams evaluate security controls and audit their network visibility.
- [RedHunt OS](https://github.com/redhuntlabs/RedHunt-OS) - Ubuntu-based Open Virtual Appliance (`.ova`) preconfigured with several threat emulation tools as well as a defender's toolkit.
- [Stratus Red Team](https://stratus-red-team.cloud/) - Emulate offensive attack techniques in a granular and self-contained manner against a cloud environment; think "Atomic Red Team™ for the cloud."
- [tcpreplay](https://tcpreplay.appneta.com/) - Suite of free Open Source utilities for editing and replaying previously captured network traffic originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems.
### Post-engagement analysis and reporting
- [RedEye](https://cisagov.github.io/RedEye/) - Analytic tool to assist both Red and Blue teams with visualizing and reporting command and control activities, replay and demonstrate attack paths, and more clearly communicate remediation recommendations to stakeholders.
## Security configurations
(Also known as *secure-by-default baselines* and *implemented best practices*.)
@ -327,7 +335,8 @@ See also [awesome-pentest § Social Engineering Tools](https://github.com/fabaca
## Security monitoring
* [Starbase](https://github.com/JupiterOne/starbase) - Collects assets and relationships from services and systems into an intuitive graph view to offer graph-based security analysis for everyone.
- [Crossfeed](https://docs.crossfeed.cyber.dhs.gov/) - Continuously enumerates and monitors an organizations public-facing attack surface in order to discover assets and flag potential security flaws.
- [Starbase](https://github.com/JupiterOne/starbase) - Collects assets and relationships from services and systems into an intuitive graph view to offer graph-based security analysis for everyone.
### Endpoint Detection and Response (EDR)