Blue Team Cheat Sheets by Chris Davis

NETWORKING / BLUE TEAM TOOLS
Common Ports………………………………………………………………………………………… 1
IPv4/TCP-UDP-ICMP Headers, Subnetting…………………………………………………. 2
IPv6/TCP Header ……………………………………………………………………………………. 6
OSI Model,……………………………………………………………………………………………… 9
HTTP, FTP, Decimal to Hex Conversion …………………………………………………… 12
20 Critical Security Controls ……………………………………………………………………. 15
Cisco Networking All in One Reference…………………………………………………….. 17
ARGUS/TCPDUMP/TSHARK/NGREP……………………………………………………… 21
Tcpdump …………………………………………………………………………………………….. 23
Berkeley Packet Filters and Bit Masking …………………………………………………… 24
Wireshark …………………………………………………………………………………………….. 27
NMAP………………………………………………………………………………………………….. 30
Python Quick Reference ………………………………………………………………………… 34
Regular Expressions ……………………………………………………………………………… 36
SNORT………………………………………………………………………………………………… 38
rwfilter …………………………………………………………………………………………………. 41
ii
Scapy ………………………………………………………………………………………………….. 43
Bro………………………………………………………………………………………………………. 44
MISC TOOLS / CHEAT SHEETS
Google Hacking…………………………………………………………………………………….. 52
Netcat ………………………………………………………………………………………………….. 54
Hping …………………………………………………………………………………………………… 56
Metasploit …………………………………………………………………………………………….. 57
WINDOWS
Useful Windows Commands, Reg, Netsh, Netstat, Loops,…………………………… 62
Intrusion Detection Cheat Sheets …………………………………………………………….. 64
Windows Incident Response …………………………………………………………………… 68
Windows Security Log Event IDs……………………………………………………………… 69
Powershell……………………………………………………………………………………………. 70
LINUX/UNIX
Linux Hardening ……………………………………………………………………………………. 74
Basic Linux Commands………………………………………………………………………….. 78
SSH Forwarding ……………………………………………………………………………………. 80
Iptables………………………………………………………………………………………………… 83
Searching Through Files ………………………………………………………………………… 85
Cron…………………………………………………………………………………………………….. 88
VI Editor……………………………………………………………………………………………….. 90
Remnux/Reverse Engineer Malware ………………………………………………………… 94
iii
INCIDENT RESPONSE/PICERL PER SITUATION
Worm Infection Response ………………………………………………………………………. 96
Windows Malware Detection …………………………………………………………………… 98
Windows Intrusion Detection …………………………………………………………………. 100
Website Defacement ……………………………………………………………………………. 102
Linux/Unix Intrusion Detection……………………………………………………………….. 104
Malicious Network Behavior ………………………………………………………………….. 106
DDOS Incident Response …………………………………………………………………….. 108
Phishing Incident Response ………………………………………………………………….. 110
Social Engineering Incident Response ……………………………………………………. 112
INCIDENT RESPONSE FORMS
Incident Communications Log ……………………………………………………………….. 115
Incident Contact List…………………………………………………………………………….. 116
Incident Identification……………………………………………………………………………. 118
Incident Containment……………………………………………………………………………. 119
Incident Eradication ……………………………………………………………………………… 120
Incident Survey……………………………………………………………………………………. 121