Blue Team Tactics

[gbugbear at gmail.com (Tim Mugherini)]

Very Nice. Does Autopatcher allow you to manually copy over patches (already
have many downloaded)?

To add some:

Again Sysinternals Tools: Process Monitor, PSTools, TCPView
Kiwi Syslog Server & Viewer or comparable, Mandiant Highlighter
Nessus - Home Feed of course
Dumpsec - NTFS File Permission dumper
Your favorite free sniffer - Wireshark, etc..
MRTG - Router bandwidth monitoring
AVG or other decent free AV
Snort




On Tue, Jul 28, 2009 at 11:05 AM, Carlos Perez <
carlos_perez at darkoperator.com> wrote:

> 8 GB stick  prepared with autopatcher http://www.autopatcher.com/
> http://www.autopatcher.com/ I would have patches for all versions of
> windows.  <http://www.autopatcher.com/>I would also place portable
> firefox, and xamp in case i need to migrate an apache LAMP server to an
> updated version since I have seen a trend of putting apache on windows in
> this competition, also place several pre-made security templates for use
> with GPO or local application, URLscan installer and pre-made urlscan.ini
> files. Komodo free firewall installer and the NSA cisco templates, acl
> templates, Nipper for checking the cisco equipment config quickly and some
> pvaln sample configs. Keepass for password storage and generation.
>
> that is what comes now to mind.
>
>
> On Tue, Jul 28, 2009 at 8:54 AM, John Strand <strandjs at gmail.com> wrote:
>
> > Please! PSW land! Share your Blue Team tactics!
> > What tools, scripts, and techniques do you use as part of Incident
> > Response and Blue Team Activities?
> >
> > I have sat in on one to many Red/Blue/CTF games where the Red team gets
> > Core, Canvas, Metasploit, Nessus, Satan, Sara, Cain and Able, Ettercap,
> > Dsniff, Hydra, 0phcrack, Nmap, BT4 and various torture techniques (including
> > IronGeek's rubber hoses) and the the Blue team gets....
> >
> > "An un-patched Windows 2000 box and a slew of un-patched software!!!!!''
> >
> > Please see the following video for reference:
> >
> > http://www.youtube.com/watch?v=Y77n--Af1qo
> >
> > Yea..  Thats right.... As of today the Blue Team is what you get assigned
> > to when you are caught stuffing peas up your nose.
> >
> > This stops today!!!
> >
> > There are a few rules.  Tricks and scripts must be able to run at the
> > command line of your operating system of choice and all tools must be
> > freeware or open source.
> >
> > Thats it!!!
> >
> > Look, the Blue Team *can* rock!!!  So please share your tricks.
> >
> > I am going to collect and add to them so we have a solid list and this
> > will serve as the playbook for the Blues going forward.
> >
> > Be expecting this on the PDC site soon.
> >
> > strandjs
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090728/b8dee575/attachment.htm