All Categories → Security → blueteam

Top 68 blueteam open source projects

Malwless
Test Blue Team detections without running any attack.
Cypheroth
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
Remote Desktop Caching
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Smogcloud
Find cloud assets that no one wants exposed 🔎 ☁️
Slack Watchman
Monitoring your Slack workspaces for sensitive information
Logontracer
Investigate malicious Windows logon by visualizing and analyzing Windows event log
Flerken
A Solution For Cross-Platform Obfuscated Commands Detection presented on CIS2019 China. 动静态Bash/CMD/PowerShell命令混淆检测框架 - CIS 2019大会
Gitlab Watchman
Monitoring GitLab for sensitive data shared publicly
Falconfriday
Bi-weekly hunting queries
✭ 125
blueteam
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Macos Attack Dataset
JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
Lolbas
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Deploy Deception
A PowerShell module to deploy active directory decoy objects.
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Malwarepersistencescripts
A collection of scripts I've written to help red and blue teams with malware persistence techniques.
Rita
Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
Threathunt
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Ultimateapplockerbypasslist
The goal of this repository is to document the most common techniques to bypass AppLocker.
Hacker ezines
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Snoop
Snoop — инструмент разведки на основе открытых данных (OSINT world)
1earn
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Awesome Security Hardening
A collection of awesome security hardening guides, tools and other resources
Slackpirate
Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
Repo Supervisor
Scan your code for security misconfiguration, search for passwords and secrets. 🔍
Gtfobins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Plumhound
Bloodhound for Blue and Purple Teams
Wadcoms.github.io
WADComs is an interactive cheat sheet, containing a curated list of Unix/Windows offensive tools and their respective commands.
Blueshell
红蓝对抗跨平台远控工具
Pidense
🍓📡🍍Monitor illegal wireless network activities. (Fake Access Points), (WiFi Threats: KARMA Attacks, WiFi Pineapple, Similar SSID, OPN Network Density etc.)
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Lolbas
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
ETWProcessMon2
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
MicrosoftWontFixList
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
RedTeam BlueTeam HW
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
Opensource-Endpoint-Monitoring
This repository contains all the config files and scripts used for our Open Source Endpoint monitoring project.
pyc2bytecode
A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
Bootsy
Designed to be installed on a fresh install of raspbian on a raspberry pi, by combining Respounder (Responder detection) and Artillery (port and service spoofing) for network deception, this tool allows you to detect an attacker on the network quickly by weeding out general noisy alerts with only those that matter.
Crack-O-Matic
Find and notify users in your Active Directory with weak passwords
BLUELAY
Searches online paste sites for certain search terms which can indicate a possible data breach.
BTPS-SecPack
This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…
1earn
ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
ETWNetMonv3
ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
Blue-Team-Notes
You didn't think I'd go and leave the blue team out, right?
dummyDLL
Utility for hunting UAC bypasses or COM/DLL hijacks that alerts on the exported function that was consumed.
1-60 of 68 blueteam projects