Cybersecurity blue teams are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems to ensure that implemented defensive measures remain effective in the future.

While not exclusive, this list is heavily biased towards Free Software projects and against proprietary products or corporate services. For offensive TTPs, please see awesome-pentest.

Your contributions and suggestions are heartily welcome. Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

Many cybersecurity professionals enable racist state violence, wittingly or unwittingly, by providing services to local, state, and federal policing agencies or otherwise cooperating with similar institutions who do so.

This evil most often happens through the coercive mechanism of employment under threat of lack of access to food, shelter, or healthcare.

Despite this list’s public availability, it is the maintainer’s intention and hope that this list supports the people and organizations who work to counter such massive albeit banal evil.

Contents

  • Automation
    • Code libraries and bindings
    • Security Orchestration, Automation, and Response (SOAR)
  • Cloud platform security
    • Distributed monitoring
    • Kubernetes
    • Service meshes
  • Communications security (COMSEC)
  • DevSecOps
    • Application or Binary Hardening
    • Compliance testing and reporting
    • Dependency confusion
    • Fuzzing
    • Policy enforcement
    • Supply chain security
  • Honeypots
    • Tarpits
  • Host-based tools
    • Sandboxes
  • Identity and AuthN/AuthZ
  • Incident Response tools
    • IR management consoles
    • Evidence collection
  • Network perimeter defenses
    • Firewall appliances or distributions
  • Operating System distributions
  • Phishing awareness and reporting
  • Preparedness training and wargaming
    • Post-engagement analysis and reporting
  • Security configurations
  • Security monitoring
    • Endpoint Detection and Response (EDR)
    • Network Security Monitoring (NSM)
    • Security Information and Event Management (SIEM)
    • Service and performance monitoring
    • Threat hunting
  • Threat intelligence
    • Fingerprinting
    • Threat signature packages and collections
  • Tor Onion service defenses
  • Transport-layer defenses
    • Overlay and Virtual Private Networks (VPNs)
  • macOS-based defenses
  • Windows-based defenses
    • Active Directory

Automation

  • Ansible Lockdown – Curated collection of information security themed Ansible roles that are both vetted and actively maintained.
  • Clevis – Plugable framework for automated decryption, often used as a Tang client.
  • DShell – Extensible network forensic analysis framework written in Python that enables rapid development of plugins to support the dissection of network packet captures.
  • Dev-Sec.io – Server hardening framework providing Ansible, Chef, and Puppet implementations of various baseline security configurations.
  • peepdf – Scriptable PDF file analyzer.
  • PyREBox – Python-scriptable reverse engineering sandbox, based on QEMU.
  • Watchtower – Container-based solution for automating Docker container base image updates, providing an unattended upgrade experience.

For more information click here.