Blue Team Tactics

[dimitrios at gmail.com (Dimitrios Kapsalis)]

Thanks for starting a thread like this John. It can be very educational to
see how others go about protecting their boxes coming from the Blue team!


On Tue, Jul 28, 2009 at 7:54 AM, John Strand <strandjs at gmail.com> wrote:

> Please! PSW land! Share your Blue Team tactics!
> What tools, scripts, and techniques do you use as part of Incident Response
> and Blue Team Activities?
>
> I have sat in on one to many Red/Blue/CTF games where the Red team gets
> Core, Canvas, Metasploit, Nessus, Satan, Sara, Cain and Able, Ettercap,
> Dsniff, Hydra, 0phcrack, Nmap, BT4 and various torture techniques (including
> IronGeek's rubber hoses) and the the Blue team gets....
>
> "An un-patched Windows 2000 box and a slew of un-patched software!!!!!''
>
> Please see the following video for reference:
>
> http://www.youtube.com/watch?v=Y77n--Af1qo
>
> Yea..  Thats right.... As of today the Blue Team is what you get assigned
> to when you are caught stuffing peas up your nose.
>
> This stops today!!!
>
> There are a few rules.  Tricks and scripts must be able to run at the
> command line of your operating system of choice and all tools must be
> freeware or open source.
>
> Thats it!!!
>
> Look, the Blue Team *can* rock!!!  So please share your tricks.
>
> I am going to collect and add to them so we have a solid list and this will
> serve as the playbook for the Blues going forward.
>
> Be expecting this on the PDC site soon.
>
> strandjs
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090728/94f1c071/attachment.htm