PaulDotCom mailing list archives
Blue Team Tactics
From: gbugbear at gmail.com (Tim Mugherini)
Date: Tue, 28 Jul 2009 09:51:19 -0400
Russell, Was actually why i asked the question, your USB switchblade with the sysinternals stuff well done btw On Tue, Jul 28, 2009 at 9:17 AM, Russell Butturini <rbutturini at epictn.com>wrote:
What can I say, I?m a shameless self promoter: http://www.irongeek.com/i.php?page=videos/incident-response-u3-switchblade Of course for this to match to John?s rules, you have to remove the Sysinternals tools, which are free but TECHNICALLY have no redistribution license so I guess they don?t really conform. The scripting for the evidence collection process can all be launched from the command line though (and 90% of it involves no 3rd party tools, just good old DOS fu). *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto: pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *John Strand *Sent:* Tuesday, July 28, 2009 7:55 AM *To:* PaulDotCom Security Weekly Mailing List *Subject:* [Pauldotcom] Blue Team Tactics Please! PSW land! Share your Blue Team tactics! What tools, scripts, and techniques do you use as part of Incident Response and Blue Team Activities? I have sat in on one to many Red/Blue/CTF games where the Red team gets Core, Canvas, Metasploit, Nessus, Satan, Sara, Cain and Able, Ettercap, Dsniff, Hydra, 0phcrack, Nmap, BT4 and various torture techniques (including IronGeek's rubber hoses) and the the Blue team gets.... "An un-patched Windows 2000 box and a slew of un-patched software!!!!!'' Please see the following video for reference: http://www.youtube.com/watch?v=Y77n--Af1qo<http://console.mxlogic.com/redir/?5xWX28UsCro76zBcQsILzzo08JlKrp3-nMNIX4OhAU3zxQ2Vsgth5GCXZuWrWbPNEVhsdTdHqSuxmqVsxlK5LE2xfBJrfgHdvBPrwVBMSyCMYeussud79JCVIQJxrmPQaPndbFEw6jS_d409_ljh02tJelG6V-7PM76Qjq9JwsqekPhOyqejhOrZav_q7AuljWD> Yea.. Thats right.... As of today the Blue Team is what you get assigned to when you are caught stuffing peas up your nose. This stops today!!! There are a few rules. Tricks and scripts must be able to run at the command line of your operating system of choice and all tools must be freeware or open source. Thats it!!! Look, the Blue Team *can* rock!!! So please share your tricks. I am going to collect and add to them so we have a solid list and this will serve as the playbook for the Blues going forward. Be expecting this on the PDC site soon. strandjs _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090728/90af1794/attachment.htm
Current thread:
- What's your Wifi Pentesting Gear?, (continued)
- What's your Wifi Pentesting Gear? infolookup at gmail.com (Jul 28)
- What's your Wifi Pentesting Gear? Adrian Crenshaw (Jul 28)
- What's your Wifi Pentesting Gear? Nils (Jul 28)
- What's your Wifi Pentesting Gear? Robin Wood (Jul 28)
- What's your Wifi Pentesting Gear? Colin Vallance (Jul 28)
- What's your Wifi Pentesting Gear? Colin Vallance (Jul 28)
- Blue Team Tactics John Strand (Jul 28)
- Blue Team Tactics Tim Mugherini (Jul 28)
- Blue Team Tactics John Strand (Jul 28)
- Blue Team Tactics Russell Butturini (Jul 28)
- Blue Team Tactics Tim Mugherini (Jul 28)
- Blue Team Tactics John Strand (Jul 28)
- Blue Team Tactics Dimitrios Kapsalis (Jul 28)
- Blue Team Tactics Carlos Perez (Jul 28)
- Blue Team Tactics Tim Mugherini (Jul 28)
- Blue Team Tactics Erik Harrison (Jul 28)
- Blue Team Tactics Tim Mugherini (Jul 28)
- Blue Team Tactics John Strand (Jul 28)
- Blue Team Tactics Bradley McMahon (Jul 29)
- Blue Team Tactics Jim Halfpenny (Jul 29)
- Blue Team Tactics Tim Mugherini (Jul 29)