Blueteam Resources

• How to validate/secure (really many many) various types of user input
  • https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets
• The Windows USN Journal ($J)
  • Contains all file access/modification actions of NTFS
• RDP Bitmap Cache
  • Location of the cache: %APPDATALOCAL%\Microsoft\Terminal Server Client\Cache\
  • https://github.com/ANSSI-FR/bmc-tools creates a big bitmap of the cached files
  • https://github.com/BSI-Bund/RdpCacheStitcher is a tool to visually stitch the tiles together again
• https://github.com/nasbench/MindMaps
  • Many mindmaps about blueteam detection strategies

• https://ericzimmerman.github.io/

  • Forensic Tools from Eric Zimmerman, eg. Shellbag Explorer

• Firewall

• https://www.pfsense.org/ is a community / professional database
  • Ruleengines
  • https://www.snort.org/
  • https://suricata.io/
  • Rulesets
  • https://rules.emergingthreats.net/