Blue Team

Blue Teams are the proactive defenders in charge of managing and improving the defensive capabilities of their organization. They are often part of the Security Operations Center (SOC).

• MITRE countermeasures
• Blue-Team-Notes

Incident Response

• Incident Management 101 Preparation and Initial Response (aka Identification) (SANS)

6 steps of Incident Response

• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Lessons Learned

Test if a website is accessible

You can confirm that a website is working in other parts of the world.

Real-time translation (to English) from Google

http://translate.google.com/translate?hl=en&sl=en&tl=fr&u=lisandre.com&sandbox=1

IE NetRenderer

Render a website accordingly to different versions of IE.

http://netrenderer.com/

Health status pages

• Amazon AWS
• Microsoft Azure

Tools

• Network Analysis: Wireshark, pfSense, Arkime, Snort
• Incident Management: TheHive, GRR Rapid Response
• Threat Intelligence: Misp, MSTICPy
• EDR: Cortex XDR, Cynet 360, FortiEDR
• OS Analysis: HELK, Volatility, Wazuh, RegRipper, OSSEC, osquery
• Honeypots: Kippo, Cowrie, Dockpot, HonSSH
• SIEM: OSSIM, Splunk, LogRhythm

Search Engines

• Public WWW – Source code search engine

Scan a URL

• URL Scan
• Virus Total
• HTML Strip – view HTML code without accessing the site

Check if website is blacklisted

• Websense/ForcePoint

Report blacklisted websites that should not be blocked

• Xfinity

Scan Files

• Virus Total

Malware Analysis

• Cuckoo Sandbox
• Cisco Secure Malware Analytics (Threat Grid)
• Assemblyline – platform for the analysis of malicious files

Using AI

• ATT&CK Python Client (GitHub) – Open Threat Research Forge

Data Breaches

• List of data breaches
• Data breaches caused by Third-Parties
• Analyzing Company Reputation After a Data Breach
• World’s Biggest Data Breaches & Hacks