#Blue-team
Showing 60 of 84 repositories tagged #blue-team, ranked by stars
A collection of awesome security hardening guides, tools and other resources
Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
:computer:๐ก๏ธ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
Tools and Techniques for Blue Team / Incident Response
RedEye is a visual analytic tool supporting Red & Blue Team operations
A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
An Active Defense and EDR software to empower Blue Teams
AD Security Intrusion Detection System
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
็ฝ็ปๅฎๅ จ ยท ๆป้ฒๅฏนๆ ยท ่้ๆธ ๅ๏ผไธญๆ็
๐ฆ๐ Awesome list of secrets in environment variables ๐ฅ๏ธ
Security automation with n8n ideas: 100+ Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.
Security Auditor Utility for GraphQL APIs
Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
Krawl is a customizable, lightweight, cloud-native web deception server and anti-crawler that creates fake web applications with low-hanging vulnerabilities using realistic, randomly generated decoy data and AI-generated HTML templates.
AWS CloudSaga - Simulate security events in AWS
Slack enumeration and exposed secrets detection tool
15-stage Windows malware development & analysis course in Rust. Red team builds it, blue team detects it. All 15 binaries achieved 0/76 on VirusTotal.
Windows hypervisor for Intel x64: defensive host hypervisor for Windows designed to mitigate kernel-level attacks including BYOVD, compatible with VMware and Hyper-V.
A tool designed to hunt for Phishing Kit source code
Give your AI coding agent a personality. Composable persona + style + skills for Claude Code, Codex, Gemini CLI & OpenClaw. Ships Tech Persona Card v1.0 spec.
This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely useful for a forensics team to extract timestamps after an attack on a host to collect evidences and perform further analysis.
Finding exposed secrets and personal data in GitLab
Wireless ADB, over the internet; not just local Wi-Fi. An encrypted, censorship-resistant mesh VPN making remote forensics and network monitoring seamless.
List of past and future infosec related events.
A cybersecurity game in Azure Data Explorer
A port scanner and service detection tool that uses 1000 goroutines at once to scan any hosts IP or FQDN with the sole purpose of testing your own network to ensure there are no malicious services running.
Build AI-powered security tools. 50+ hands-on labs covering ML, LLMs, RAG, threat detection, DFIR, and red teaming. Includes Colab notebooks, Docker environment, and CTF challenges.
Cross-platform incident response toolkit. 28 pre-built use cases, single binary, zero install. Memory, disk, network, and cloud collection with automated timeline generation.
Comprehensive SOC Analyst notes covering incident response, threat hunting, SOC workflows, and cybersecurity conceptsโperfect for exam prep and skill-building in blue team operations.
A customizable, easy-to-navigate tool for researching, pen testing, and defending with the power of Shodan.
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Red Team (Offensive) in Cybersecurity.
The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
Unofficial third-party scripts, playbooks, and content for IBM QRadar & QRadar Community Edition.
Windows native ETW inspection suite for browsing providers, reading metadata, consuming live events, recording ETL traces, filtering results, and inspecting ETL/JSON/CSV recordings from one desktop tool.
Discovering Typo Squatting on your domains!
Linux Rootkits (4.x Kernel)
This repository provides a centralized resource for operational cyber defense and offense, compiling Theory, Tools, Operating Procedures, and Step-by-Step Guides across various critical security domains. Content is sourced from industry-leading books and technical presentations, focusing on practical application rather than JUST theory.
HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
๐ก๏ธ The Ultimate Cybersecurity Library | 160+ curated books, guides & resources covering Ethical Hacking, Penetration Testing, Bug Bounty, Red/Blue Team, OSINT, Malware Analysis, CEH, OSCP, CISSP, CHFI, Network Security, Kali Linux, Web Security & more. Free, organized, and clickable. Knowledge should be accessible to everyone.
EDR & AV Bypass Arsenalโ a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.
Curated cyber security resources for blue team, red team, DFIR, OSINT, AppSec, cloud security, security logging, and training.
Complete career paths for SOC, Pentesting, Blue Team, Red Team & more
Complete SOC Analyst Training Roadmap 2026: 14 hands-on projects (SIEM, SOAR, TIP, ML) for automation-first defenders
๐ Security-Driven Hardening: Blue Spec is a defensive workflow to help AI agents detect what your system actually does and harden the defenses that matter, whether you're a developer or not.
Secrets Find0r is a multithreaded SMB share crawler that hunts for exposed credentials and secrets across Windows networks. It enumerates shares, recursively scans files with regex/keyword rules, highlights matched tokens on screen, and exports clean ASCII tables. Supports DOCX/PDF/legacy Office and depth limits.
Monitoring GitHub for sensitive data shared publicly
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
BlueTeam, RedTeam, Bug bounty, CTI, OSINT, Threat Hunting, Network and Web Recon, Discovery, Enumeration, Vulnerability Mapping, Exploitation, Reporting, Darkweb, Deepweb, Research
27 scope-enforced AI agents that run the full pentest kill-chain (recon โ exploit โ post-ex โ DFIR โ report) as a one-command Claude Code plugin. Backed by 754 MITRE-mapped skills.
A collection of awesome software, libraries, learning tutorials, documents and books, technical resources and cool stuff about Blue Team in Cybersecurity.
A practical client for ADWS in Golang.
Hackers Cookbook - Tons of hacker cli recipes ready to search and use when you need them
PWNCLOUDOS
The most comprehensive, step-by-step roadmap for breaking into defensive cybersecurity. From absolute zero to your first Blue Team role. Every skill, tool, certification, and resource you need. No experience required.
Powerful Kernel Windows Platform for Malware Analysis, SRE, Forensics & Threat Hunting