Blue Team Tactics

[xgermx at gmail.com (xgermx)]

Let's not forget TripWire http://sourceforge.net/projects/tripwire/
"Open Source Tripwire software is a security and data integrity tool
useful for monitoring and alerting on specific file change(s) on a
range of systems."

On Tue, Jul 28, 2009 at 11:56 AM, Tim Mugherini<gbugbear at gmail.com> wrote:
> Very Nice. Does Autopatcher allow you to manually copy over patches (already
> have many downloaded)?
>
> To add some:
>
> Again Sysinternals Tools: Process Monitor, PSTools, TCPView
> Kiwi Syslog Server & Viewer or comparable, Mandiant Highlighter
> Nessus - Home Feed of course
> Dumpsec - NTFS File Permission dumper
> Your favorite free sniffer - Wireshark, etc..
> MRTG - Router bandwidth monitoring
> AVG or other decent free AV
> Snort
>
>
>
>
> On Tue, Jul 28, 2009 at 11:05 AM, Carlos Perez
> <carlos_perez at darkoperator.com> wrote:
> > 8 GB stick ?prepared with
> > autopatcher?http://www.autopatcher.com/http://www.autopatcher.com/?I would
> > have patches for all versions of windows.
> > I would also place portable firefox, and xamp in case i need to migrate an
> > apache LAMP server to an updated version since I have seen a trend of
> > putting apache on windows in this competition, also place several pre-made
> > security templates for use with GPO or local application, URLscan installer
> > and pre-made urlscan.ini files. Komodo free firewall installer and the NSA
> > cisco templates, acl templates, Nipper for checking the cisco equipment
> > config quickly and some pvaln sample configs. Keepass for password storage
> > and generation.
> > that is what comes now to mind.
> >
> > On Tue, Jul 28, 2009 at 8:54 AM, John Strand <strandjs at gmail.com> wrote:
> > > Please! PSW land! Share your Blue Team tactics!
> > > What tools, scripts, and techniques do you use as part of Incident
> > > Response and Blue Team Activities?
> > > I have sat in on one to many Red/Blue/CTF games where the Red team gets
> > > Core, Canvas, Metasploit, Nessus, Satan, Sara, Cain and Able, Ettercap,
> > > Dsniff, Hydra, 0phcrack, Nmap, BT4 and various torture techniques (including
> > > IronGeek's rubber hoses) and the the Blue team gets....
> > > "An un-patched Windows 2000 box and a slew of un-patched software!!!!!''
> > > Please see the following video for reference:
> > > http://www.youtube.com/watch?v=Y77n--Af1qo
> > > Yea.. ?Thats right.... As of today the Blue Team is what you get assigned
> > > to when you are caught stuffing peas up your nose.
> > > This stops today!!!
> > > There are a few rules. ?Tricks and scripts must be able to run at the
> > > command line of your operating system of choice and all tools must be
> > > freeware or open source.
> > > Thats it!!!
> > > Look, the Blue Team?can?rock!!! ?So please share your tricks.
> > > I am going to collect and add to them so we have a solid list and this
> > > will serve as the playbook for the Blues going forward.
> > > Be expecting this on the PDC site soon.
> > > strandjs
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com