Collection of Blue Team Codes & Tools which made by Offensive guys & Defensive guys
in this article i just want to share some very useful codes/tools which made by #Defenders also some of them made by #Pentesters & #Redteamers for #Blueteams , all these codes/tools are available in my list in github but in this article i just show you Blue team Tools/Codes but in the list you can see Offensive codes/tools too and ...
full list link : https://github.com/DamonMohammadbagher/Some_Pentesters_SecurityResearchers_RedTeamers

#blueteam #redteam #offensive #defensive #pentesters #codes #tools #blueteamtools
list last updated: 18 feb 2023
[defensive] @ZeroMemoryEx , (malware analysts to extract Command and Control C2 traffic) => https://github.com/ZeroMemoryEx/C2-Hunter
[defensive] foxit , (detect use of the DanderSpritz eventlogedit module [recover the removed event log entries]) => https://github.com/fox-it/danderspritz-evtx
[defensive] thefLinkk , (Hunt-Sleeping-Beacons. Aims to identify sleeping beacons) => https://github.com/thefLink/Hunt-Sleeping-Beacons
[defensive] LOLBAS-Project, (LOLBAS project is to document every binary, script & library that can be used for Living Off The Land techniques) => https://github.com/LOLBAS-Project/LOLBAS
[defensive] @winternl_t , (syscall-detect) => https://github.com/jackullrich/syscall-detect
[defensive] @slaeryan , (Detects Module Stomping as implemented by Cobalt Strike) => https://github.com/slaeryan/DetectCobaltStomp
[defensive] @_Apr4h , (CobaltStrikeScan, Scan files or process memory for CobaltStrike beacons) => https://github.com/Apr4h/CobaltStrikeScan
[defensive] Siemens Healthineers , ETWAnalyzer (Command line tool to analyze one/many ETW file/s with simple queries) => https://github.com/Siemens-Healthineers/ETWAnalyzer
[defensive] KANKOSHEV , (Detect-HiddenThread-via-KPRCB, Detect removed thread from PspCidTable) => https://github.com/KANKOSHEV/Detect-HiddenThread-via-KPRCB
[defensive] @Waldoirc , (Detect strange memory regions and DLLs ) => https://github.com/waldo-irc/MalMemDetect
[defensive] Rabobank Cyber Defence Centre , (Detect Tactics, Techniques & Combat Threats) => https://github.com/rabobank-cdc/DeTTECT
[defensive] @jordanklepser , (defender-detectionhistory-parser, A parser of Windows Defender's DetectionHistory forensic artifact) => https://github.com/jklepsercyber/defender-detectionhistory-parser
[defensive] @ScarredMonk , (SysmonSimulator, Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs) => https://github.com/ScarredMonk/SysmonSimulator
[defensive] Splunk , (Cmelting-cobalt, Cobalt Strike Scanner that retrieves detected Team Server beacons) => https://github.com/splunk/melting-cobalt
[defensive] Ali Davanian , (CnCHunter is a fork of RiotMan, and it allows exploiting malware for active probing) => https://github.com/adava/CnCHunter
[defensive] Airbus CERT , (Wireshark plugin to work with ETW) => https://github.com/airbus-cert/Winshark
[defensive] @_forrestorr , (Moneta, memory scanner) => https://github.com/forrest-orr/moneta
[defensive] @hasherezade , (Pe-Sieve, memory scanner) => https://github.com/hasherezade/pe-sieve
[defensive] @arch_rabbit , (Fibratus is a tool for exploration and tracing of the Windows kernel) => https://github.com/rabbitstack/fibratus
[defensive] Rajiv Kulkarni , (FalconEye, Real-time detection software for Windows process injections) => https://github.com/rajiv2790/FalconEye
[defensive] @standa_t , (tool to help malware analysts tell that the sample is injecting code to another process) => https://github.com/tandasat/RemoteWriteMonitor
[defensive] Microsoft , (MSFT, CPU/Memory performance-analysis,very useful ETW Codes & tools for Blue Teams/Defenders) => https://github.com/microsoft/perfview
[defensive] HoShiMin , (Avanguard, The Win32 Anti-Intrusion Library) => https://github.com/HoShiMin/Avanguard
[defensive] Lares , (Pushes Sysmon Configs) => https://github.com/LaresLLC/SysmonConfigPusher
[defensive] Improsec A/S , (Identify the attack paths in BloodHound breaking your AD tiering) => https://github.com/improsec/ImproHound
[defensive] @pathtofile , (Easy ETW Tracing for Security Research) => https://github.com/pathtofile/Sealighter
[defensive] @_lpvoid , (TiEtwAgent is ETW-based process injection detection) => https://github.com/xinbailu/TiEtwAgent
[defensive] ComodoSecurity , (OpenEDR is a free & open source platform EDR) => https://github.com/ComodoSecurity/openedr
[defensive] wazuh , (Wazuh is a free & open source platform EDR) => https://github.com/wazuh/wazuh
[defensive] @cyb3rops , (Raccine, A Simple Ransomware Protection) => https://github.com/Neo23x0/Raccine
[defensive] 3lp4tr0n , (BeaconHunter , Behavior based monitoring and hunting tool built in C# tool leveraging ETW tracing) => https://github.com/3lp4tr0n/BeaconHunter
[defensive] OpenCTI , (open source platform allowing organizations to manage their cyber threat intelligence knowledge) => https://github.com/OpenCTI-Platform/opencti
[defensive] ion-storm , (Sysmon EDR Active Response Features) => https://github.com/ion-storm/sysmon-edr
[defensive] @jtsmith282 , Blue teams monitor systems => https://github.com/ION28/BLUESPAWN
[defensive] @hasherezade , (hollows_hunter , memory scanner) => https://github.com/hasherezade/hollows_hunter
[off---def] Nomi Sec , (Hacker-Trends) => https://github.com/nomi-sec/Hacker-Trends
[off---def] @brsn76945860 , (Enumerating and removing kernel callbacks using signed vulnerable drivers) => https://github.com/br-sn/CheekyBlinder
[off---def] m0rv4i , (Syscalls-Extractor, extracting syscall numbers for an OS) => https://github.com/m0rv4i/Syscalls-Extractor
[off---def] @ale_sp_brazil , (dotnet malware threat, internals & reversing) => http://www.blackstormsecurity.com/docs/ALEXANDREBORGES_DEFCON_2019.pdf
[off---def] @0gtweet , (Simple solutions allowing you to dig a bit deeper than usual) => https://github.com/gtworek/PSBits
[off---def] Mr.Un1k0d3r , (EDRs Hooked APIs + some useful EDRs info for during red team exercise) => https://github.com/Mr-Un1k0d3r/EDRs
[off---def] Roberto Rodriguez @Cyb3rWard0g , (Education/Training: Threat Hunter Playbook) => https://threathunterplaybook.com/introduction.html
[off---def] @_EthicalChaos_ , (MiniHook, hooking native API calls ) => https://github.com/CCob/MinHook.NET
[off---def] Black Lantern Security, (writehat , Pentest reporting tool written in Python) => https://github.com/blacklanternsecurity/writehat
[off---def] mvelazc0 , (PurpleSharp) => https://github.com/mvelazc0/PurpleSharp
[off---def] boh , (C# Tools) => https://github.com/boh/RedCsharp
[off---def] redcanaryco , (Red-Teaming) => https://github.com/redcanaryco/atomic-red-team