A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
Go to file
2018-07-23 15:14:42 -04:00
.gitignore Initial commit. 2018-07-23 15:14:42 -04:00
.travis.yml Initial commit. 2018-07-23 15:14:42 -04:00
CONTRIBUTING.md Initial commit. 2018-07-23 15:14:42 -04:00
README.md Initial commit. 2018-07-23 15:14:42 -04:00

Awesome Cybersecurity Blue Team Awesome

A collection of awesome resources, tool, and other shiny things for cybersecurity blue teams.

Cybersecurity blue teams are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future. For offensive TTPs, please see awesome-pentest.

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

Contents

Network Security Monitoring

  • SpoofSpotter - Catch spoofed NetBIOS Name Service (NBNS) responses and alert to an email or log file.
  • Wireshark - Free and open-source packet analyzer useful for network troubleshooting or forensic netflow analysis.
  • netsniff-ng - Free and fast GNU/Linux networking toolkit with numerous utilities such as a connection tracking tool (flowtop), traffic generator (trafgen), and autonomous system (AS) trace route utility (astraceroute).

Network perimeter defenses

  • fwknop - Protects ports via Single Packet Authorization in your firewall.

Firewalling distributions

  • OPNsense - FreeBSD based firewall and routing platform.
  • pfSense - Firewall and router FreeBSD distribution.

Security Information and Event Management (SIEM)

  • AlienVault OSSIM - Single-server open source SIEM platform featuring asset discovery, asset inventorying, behavioral monitoring, and event correlation, driven by AlienVault Open Threat Exchange (OTX).
  • Fast Incident Response (FIR) - Cybersecurity incident management platform allowing for easy creation, tracking, and reporting of cybersecurity incidents.
  • Prelude SIEM OSS - Open source, agentless SIEM with a long history and several commercial variants featuring security event collection, normalization, and alerting from arbitrary log input and numerous popular monitoring tools.

Transport-layer defenses

  • OpenVPN - Open source, SSL/TLS-based virtual private network (VPN).

License

CC-BY

This work is licensed under a Creative Commons Attribution 4.0 International License.