Resources for Blue Teams


Elk Stack
https://www.elastic.co/webinars/introduction-elk-stack

Elasticsearch
https://www.elastic.co/products/elasticsearch

Logstash
https://www.elastic.co/products/logstash

Kibana
https://www.elastic.co/products/kibana

OSQuery
https://osquery.io/

Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon

IDS

Bro Network Security Monitor
https://www.bro.org/

Suricata
https://suricata-ids.org/

Snort
https://www.snort.org/

OSSEC HIDS
https://ossec.github.io/

SIEM

AlienVault OSSIM
https://www.alienvault.com/products/ossim

Security Onion
https://securityonion.net/

DFIR

AChoir
http://github.com/omenscan/achoir

TSK/Autopsy
https://www.sleuthkit.org/

Sysinternals Tools
https://docs.microsoft.com/en-us/sysinternals/
https://download.sysinternals.com/files/PSTools.zip
https://download.sysinternals.com/files/Autoruns.zip
https://download.sysinternals.com/files/Handle.zip

Nirsoft Tools
https://www.nirsoft.net/
http://www.nirsoft.net/utils/cports.zip
http://www.nirsoft.net/utils/winprefetchview.zip
http://www.nirsoft.net/utils/lastactivityview.zip
http://www.nirsoft.net/utils/userassistview.zip
http://www.nirsoft.net/utils/regfileexport.zip
http://nirsoft.net/utils/browsinghistoryview.zip

PDFStreamViewer
http://sandsprite.com/blogs/index.php?uid=7&pid=57

RawCopy
https://github.com/jschicht/RawCopy

WinPMem 1.6.2
https://github.com/google/rekall/releases/download/v1.3.1/winpmem_1.6.2.exe

MFTDump
http://malware-hunters.net/wp-content/downloads/MFTDump_V.1.3.0.zip

ExtractUSNJrnl
https://github.com/jschicht/ExtractUsnJrnl/blob/master/ExtractUsnJrnl.exe?raw=true
https://github.com/jschicht/ExtractUsnJrnl/blob/master/ExtractUsnJrnl64.exe?raw=true

Prefetch Parser
http://redwolfcomputerforensics.com/downloads/parse_prefetch_info_v1.4.zip

Microsoft LogParser
https://technet.microsoft.com/en-us/scriptcenter/dd919274.aspx

Winaudit
https://github.com/OMENScan/AChoir/blob/master/Tools/WinAudit.exe?raw=true

RegRipper 2.8
https://github.com/keydet89/RegRipper2.8/archive/master.zip

OSFMount
https://www.osforensics.com/tools/mount-disk-images.html

Arsenal Mounter
https://arsenalrecon.com/weapons/image-mounter/

FTK Imager
https://accessdata.com/product-download

EnCase Imager
https://www.guidancesoftware.com/encase-forensic-imager

OWASP ZAP
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

HoneyDrive Distro
https://bruteforcelab.com/honeydrive

Kaahu Security Converter/Decoder Tools
http://www.kahusecurity.com/tools/

Curl
https://curl.haxx.se/

Hex Editor
https://mh-nexus.de/en/hxd/

LECmd
https://github.com/EricZimmerman/LECmd

NMAP
https://nmap.org/

NTFSWalker
https://dmitrybrant.com/ntfswalker

OfficeMalScanner
http://www.reconstructer.org/

Registry Explorer
https://ericzimmerman.github.io/

Volatility
https://github.com/volatilityfoundation/volatility

Wireshark
https://www.wireshark.org/

Other tools worth exploring

TheHive (Incident Management System)
https://thehive-project.org/

STAXX
https://www.anomali.com/platform/staxx

Bulk Extractor
http://downloads.digitalcorpora.org/downloads/bulk_extractor/

SIFT
https://digital-forensics.sans.org/community/downloads

GRR
https://github.com/google/grr

OSINT Sites

ZScaler
https://zulu.zscaler.com/

URLQuery
https://urlquery.net/

Virus Total
https://www.virustotal.com

Domain Tools
https://whois.domaintools.com/

IPVoid
http://www.ipvoid.com/

CyMon
https://cymon.io/

Google SafeBrowsing
https://transparencyreport.google.com/safe-browsing/search


Thanks to the BTV mailing list for helping to populate this list.