Tools/Resources

Competition ONLY tools

You dont want to use these on production servers

Mallard

Mallard is my personal blue team tool written in Golang. Its main focus is on automating my 5 minute plan, and preventing new connections/sessions to the scored machine: https://github.com/F1shh-sec/BlueTeamTools

Bandaid

Awesome blue team tool created by mdbook focused on protecting scored services and maintaining persistent uptime: https://github.com/Mdbook/bandaid

General Tools

For windows blue-teaming, proficiency with sysinternals really can not be beat:

Windows Defense/auditing: Sysinteranls

Basic Static Analysis

Exe Dependencys: Dependency Walker
Exe Inspector: PE Studio
Exe Inspector: PEiD
Exe Inspector: PEView
File Inspector: Resource Hacker
Packer/Unpacker: UPX
Metadata Viewer: Exiftool ExifTool GUI
MD5 Hasher: MD5Deep

Advanced Static

.NET Dissassembler/decompiler: dnSpy
Dissassembler: IDA 5.0
Dissassembler: IDA 7.0
Hex Editor: HxD

Basic Dynamic

DNS Spoofer/ Phony DNS: ApateDNS
View Autorun Processes: Autoruns
Process Explorer: Process Explorer
Process Monitor: Process Monitor
Windows Registry Snapshot: Regshot
TCP/IP proxy/spoofer: Netcat
Packet Sniffer: Wireshark
Process Inspector: Process Hacker 2

Advanced Dynamic

NSA Made Decompiler: Ghidra
Process pointer Inspector: Cheat Engine
Debugger: OllyDBG
Debugger: x64DBG
Debugger: Immunity Debugger

Resources

Snort Cheat sheet: THM Snort

PreviousMemory NextOne Liners

Last updated 2 years ago