0xL33T Blog

Blue Team Tools

Wed, 28 May 2025 12:04:00 +0300

#RoadMap As a junior blue team member, focusing on foundational tools and concepts is key. Here’s a breakdown of essential tools to learn, categorized for clarity:

1. Security Information and Event Management (SIEM):

Splunk: A widely used SIEM platform for log analysis, threat detection, and incident response. Understanding Splunk query language (SPL) is crucial.
ELK Stack (Elasticsearch, Logstash, Kibana): An open-source alternative to Splunk, excellent for log management and analysis. Learning how to configure and use these components is valuable.
Wazuh: A free and open-source host-based intrusion detection system (HIDS) and security information and event management (SIEM) system.

2. Intrusion Detection/Prevention Systems (IDS/IPS):

Suricata: A powerful network IDS/IPS capable of real-time threat detection. Learn to write and understand Suricata rules.
Snort: Another popular network IDS, similar to Suricata. Understanding Snort rules is essential.
Zeek (Bro): A network security monitoring tool that analyzes network traffic and generates detailed logs.

3. Endpoint Detection and Response (EDR):

Osquery: A tool for querying operating system data using SQL. Helps with host monitoring and threat detection.
Sysmon (Windows): A Windows system service that logs detailed information about process creation, network connections, and file changes.

4. Log Analysis and Forensics:

grep, awk, sed (Linux): Essential command-line tools for parsing and analyzing logs.
PowerShell (Windows): A powerful scripting language for system administration and log analysis.
Autopsy: A digital forensics platform for analyzing disk images and recovering files.

5. Vulnerability Scanning and Management:

Nessus Essentials: A vulnerability scanner for identifying security weaknesses in systems.
OpenVAS: An open-source vulnerability scanner.
Nmap: A network scanning tool for discovering hosts and services.

6. Incident Response and Case Management:

TheHive: An open-source incident response platform.
CyberChef: A web-based tool for analyzing and decoding data.

7. Scripting and Automation:

Python: A versatile language for scripting and automating security tasks.
Bash (Linux): Essential for automating tasks in Linux environments.
PowerShell (Windows): For Windows automation.

Key Concepts to Learn:

Networking Fundamentals: TCP/IP, network protocols, network topologies.

My DFIR CTF Toolkit

Wed, 28 May 2025 11:28:35 +0300

This Roadmap outlines the core tools for tackling Digital Forensics and Incident Response (DFIR) Capture The Flag (CTF) challenges. It includes a brief description of each tool and links to learning resources.

Core DFIR Tools

Disk and File System Analysis

Autopsy: A powerful, open-source digital forensics platform with a graphical user interface. It allows for disk imaging, file system analysis, data carving, keyword searching, web artifact analysis, and more through a modular design.

CTF Categories

Wed, 28 May 2025 10:50:33 +0300

To play Capture the Flag (CTF) competitions you’ll need to build on your foundational knowledge in cybersecurity and develop hands-on skills in offensive and defensive techniques.CTFs often include both red team (offensive) and blue team (defensive) elements. Here’s a structured path:

🔰 Core Knowledge (Must-Have)

Before diving into CTFs, make sure you’re solid on:

Networking: TCP/IP, UDP, DNS, HTTP(S), ARP, ICMP, ports & protocols.
Operating Systems:
- Linux: Bash, file permissions, process management, cron, logs.

Welcome to 0xL33T Blog

Wed, 28 May 2025 10:50:33 +0300

Welcome to the official blog of the 0xL33T team! We post CTF writeups, tools, and hacking adventures.