Blue Team Tools

Author, Blue Team, Blue Team Tools, How-To, Informational, John Strand, Webcasts Active Defense, ADHD, Cyber Deception, Honey Tokens, john strand, Thinkst, webcast

BHIS Webcast: Tracking Attackers. Why Attribution Matters and How To Do It.

In this BHIS webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens.  We cover how to track with Word Web Bugs in ADHD and […]

Read the entire post here

Author, Blue Team Tools, Hunt Teaming, John Strand, Webcasts Active Countermeasures, AI Hunter, bro, free tools, RITA, threat hunting

WEBCAST: Tales from the Network Threat Hunting Trenches

John Strand// In this webcast, John walks through a couple of cool things we’ve found useful in some recent network hunt teams. He also shares some of our techniques and […]

Read the entire post here

Author, Beau Bullock, Blue Team, Blue Team Tools, Webcasts CredDefense, defense, defensive tool, Pentesting, tool, toolkit

WEBCAST: CredDefense Toolkit

Beau Bullock, Brian Fehrman, & Derek Banks // Pentesting organizations as your day-to-day job quickly reveals commonalities among environments. Although each test is a bit unique, there’s a typical path […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks CredDefense, CredDefense Toolkid, End Point Log Consolidation, HoneyToken, kerberoasting, Pentesting, tool, WEF, Windows, Windows Event Forwarder

End-Point Log Consolidation with Windows Event Forwarder

Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping […]

Read the entire post here

Author, Beau Bullock, Blue Team, Blue Team Tools, Brian Fehrman Cred Defense Tool Kit, CredDefense, CredDefense Toolkit, event log consolidation, hardening accounts, kerberoasting, password auditing, password spraying, Pentesting, ResponderGuard

The CredDefense Toolkit

Derek Banks, Beau Bullock, & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts Active DAD, Active Defense Harbinger Distribution, Active Directory Active Defense, ADAD, ADHD, honey accounts

WEBCAST: Active Domain Active Defense (Active DAD) Primer with John Strand

This is the in-studio version of our live in DC event from July. In this webcast, John covers how to set up Active Directory Active Defense (ADAD) using tools in […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler Defending, Defending Websites, Distributed Fail2Ban, Fail2Ban, IPtables, Kent Ickler, Pirates, Website Defense

How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence

Kent Ickler // How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence Fail2Ban is a system that monitors logs and triggers actions based on those logs. While actions can be […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler bro, Bro 2.51, Bro Install, ESXi, ESXi 6.5, Kent Ickler, Network monitoring, network traffic, Ubuntu, Ubuntu 16.04.2

How to Monitor Network Traffic with Virtualized Bro 2.51 on Ubuntu 16.04.2 on ESXi 6.5

Kent Ickler //  You’ve heard us before talk about Bro, an IDS for network monitoring and analysis.  We’ve had several installs of Bro over time here at BHIS.  It’s about […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts

WEBCAST: Your Active Directory Active Defense (ADAD) Primer

John Strand // In this webcast John covers how to set up Active Directory Active Defense (ADAD) using tools in Active Defense Harbinger Distribution (ADHD) and talks about potential active […]

Read the entire post here