update lists

terminal/cybersecurityblueteam

@@ -1,20 +1,19 @@
-                                                                     Awesome Cybersecurity Blue Team !Awesome (https://awesome.re/badge-flat2.svg) (https://awesome.re)
+                                                                          Awesome Cybersecurity Blue Team !Awesome (https://awesome.re/badge-flat2.svg) (https://awesome.re)
 
 ▐ A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
 
-Cybersecurity blue teams (https://en.wikipedia.org/wiki/Blue_team_(computer_security)) are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor 
-the systems to ensure that implemented defensive measures remain effective in the future. While not exclusive, this list is heavily biased towards Free Software (https://www.gnu.org/philosophy/free-sw.html) projects and against 
-proprietary products or corporate services. For offensive TTPs, please see awesome-pentest (https://github.com/fabacab/awesome-pentest).
+Cybersecurity blue teams (https://en.wikipedia.org/wiki/Blue_team_(computer_security)) are groups of individuals who identify security flaws in information technology systems, verify the effectiveness of security measures, and monitor the systems
+to ensure that implemented defensive measures remain effective in the future. While not exclusive, this list is heavily biased towards Free Software (https://www.gnu.org/philosophy/free-sw.html) projects and against proprietary products or 
+corporate services. For offensive TTPs, please see awesome-pentest (https://github.com/fabacab/awesome-pentest).
 
 Your contributions and suggestions are heartily ♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines (CONTRIBUTING.md) for more details. This work is licensed under a Creative Commons Attribution 4.0 International License 
 (http://creativecommons.org/licenses/by/4.0/).
 
-Many cybersecurity professionals enable racist state violence, wittingly or unwittingly, by providing services to local, state, and federal policing agencies or otherwise cooperating with similar institutions who do so. This evil most 
-often happens through the coercive mechanism of employment under threat of lack of access to food, shelter, or healthcare. Despite this list's public availability, it is the maintainer's intention and hope that this list supports the 
-people and organizations who work to counter such massive albeit banal evil.
+Many cybersecurity professionals enable racist state violence, wittingly or unwittingly, by providing services to local, state, and federal policing agencies or otherwise cooperating with similar institutions who do so. This evil most often 
+happens through the coercive mechanism of employment under threat of lack of access to food, shelter, or healthcare. Despite this list's public availability, it is the maintainer's intention and hope that this list supports the people and 
+organizations who work to counter such massive albeit banal evil.
 
-!Image of a raised fist composed of the names of Black people murdered by taxpayer-funded racist police violence. 
-(https://web.archive.org/web/20201028021653if_/https://lauerrealtygroup.com/wp-content/uploads/2020/06/BLM-FIST-scaled.jpg)
+!Image of a raised fist composed of the names of Black people murdered by taxpayer-funded racist police violence. (https://web.archive.org/web/20201028021653if_/https://lauerrealtygroup.com/wp-content/uploads/2020/06/BLM-FIST-scaled.jpg)
 
 !Image of a "Blue Lives Matter" flag with the thin blue line being peeled away to reveal a Nazi swastika underneath. (https://web.archive.org/web/20201123181815if_/https://i.redd.it/86pl28p0dl631.jpg)
 
@@ -22,7 +21,7 @@
 
 Contents
 
-- Automation (#automation)
+- Automation and Convention (#automation-and-convention)
   - Code libraries and bindings (#code-libraries-and-bindings)
   - Security Orchestration, Automation, and Response (SOAR) (#security-orchestration-automation-and-response-soar)
 - Cloud platform security (#cloud-platform-security)
@@ -68,12 +67,13 @@
 - Windows-based defenses (#windows-based-defenses)
   - Active Directory (#active-directory)
 
-Automation
+Automation and Convention
 
 - Ansible Lockdown (https://ansiblelockdown.io/) - Curated collection of information security themed Ansible roles that are both vetted and actively maintained.
 - Clevis (https://github.com/latchset/clevis) - Plugable framework for automated decryption, often used as a Tang client.
 - DShell (https://github.com/USArmyResearchLab/Dshell) - Extensible network forensic analysis framework written in Python that enables rapid development of plugins to support the dissection of network packet captures.
 - Dev-Sec.io (https://dev-sec.io/) - Server hardening framework providing Ansible, Chef, and Puppet implementations of various baseline security configurations.
+- Password Manager Resources (https://github.com/apple/password-manager-resources) - Collaborative, crowd-sourced data and code to make password management better.
 - peepdf (https://eternal-todo.com/tools/peepdf-pdf-analysis-tool) - Scriptable PDF file analyzer.
 - PyREBox (https://talosintelligence.com/pyrebox) - Python-scriptable reverse engineering sandbox, based on QEMU.
 - Watchtower (https://containrrr.dev/watchtower/) - Container-based solution for automating Docker container base image updates, providing an unattended upgrade experience.
@@ -99,12 +99,11 @@
 See also asecure.cloud/tools (https://asecure.cloud/tools/).
 
 - Aaia (https://github.com/rams3sh/Aaia) - Helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j.
-- Falco (https://falco.org/) - Behavioral activity monitor designed to detect anomalous activity in containerized applications, hosts, and network packet flows by auditing the Linux kernel and enriched by runtime data such as Kubernetes
-metrics.
-- Kata Containers (https://katacontainers.io/) - Secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a 
-second layer of defense.
-- Principal Mapper (PMapper) (https://github.com/nccgroup/PMapper) - Quickly evaluate IAM permissions in AWS via script and library capable of identifying risks in the configuration of AWS Identity and Access Management (IAM) for an AWS
-account or an AWS organization.
+- Falco (https://falco.org/) - Behavioral activity monitor designed to detect anomalous activity in containerized applications, hosts, and network packet flows by auditing the Linux kernel and enriched by runtime data such as Kubernetes metrics.
+- Kata Containers (https://katacontainers.io/) - Secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a second layer 
+of defense.
+- Principal Mapper (PMapper) (https://github.com/nccgroup/PMapper) - Quickly evaluate IAM permissions in AWS via script and library capable of identifying risks in the configuration of AWS Identity and Access Management (IAM) for an AWS account 
+or an AWS organization.
 - Prowler (https://github.com/toniblyx/prowler) - Tool based on AWS-CLI commands for Amazon Web Services account security assessment and hardening.
 - Scout Suite (https://github.com/nccgroup/ScoutSuite) - Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
 - gVisor (https://github.com/google/gvisor) - Application kernel, written in Go, that implements a substantial portion of the Linux system surface to provide an isolation boundary between the application and the host kernel.
@@ -115,8 +114,8 @@
 
 - Cortex (https://cortexmetrics.io/) - Provides horizontally scalable, highly available, multi-tenant, long term storage for Prometheus.
 - Jaeger (https://www.jaegertracing.io/) - Distributed tracing platform backend used for monitoring and troubleshooting microservices-based distributed systems.
-- OpenTelemetry (https://opentelemetry.io/) - Observability framework for cloud-native software, comprising a collection of tools, APIs, and SDKs for exporting application performance metrics to a tracing backend (formerly maintained by
-the OpenTracing and OpenCensus projects).
+- OpenTelemetry (https://opentelemetry.io/) - Observability framework for cloud-native software, comprising a collection of tools, APIs, and SDKs for exporting application performance metrics to a tracing backend (formerly maintained by the 
+OpenTracing and OpenCensus projects).
 - Prometheus (https://prometheus.io/) - Open-source systems monitoring and alerting toolkit originally built at SoundCloud.
 - Zipkin (https://zipkin.io/) - Distributed tracing system backend that helps gather timing data needed to troubleshoot latency problems in service architectures.
 
@@ -127,8 +126,8 @@
 - KubeSec (https://kubesec.io/) - Static analyzer of Kubernetes manifests that can be run locally, as a Kuberenetes admission controller, or as its own cloud service.
 - Kyverno (https://kyverno.io/) - Policy engine designed for Kubernetes.
 - Linkerd (https://linkerd.io/) - Ultra light Kubernetes-specific service mesh that adds observability, reliability, and security to Kubernetes applications without requiring any modification of the application itself.
-- Managed Kubernetes Inspection Tool (MKIT) (https://github.com/darkbitio/mkit) - Query and validate several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside
-the cluster.
+- Managed Kubernetes Inspection Tool (MKIT) (https://github.com/darkbitio/mkit) - Query and validate several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the 
+cluster.
 - Polaris (https://polaris.docs.fairwinds.com/) - Validates Kubernetes best practices by running tests against code commits, a Kubernetes admission request, or live resources already running in a cluster. 
 - Sealed Secrets (https://github.com/bitnami-labs/sealed-secrets) - Kubernetes controller and tool for one-way encrypted Secrets.
 - certificate-expiry-monitor (https://github.com/muxinc/certificate-expiry-monitor) - Utility that exposes the expiry of TLS certificates as Prometheus metrics.
@@ -141,8 +140,8 @@
 
 See also ServiceMesh.es (https://servicemesh.es/).
 
-- Consul (https://consul.io/) - Solution to connect and configure applications across dynamic, distributed infrastructure and, with Consul Connect, enabling secure service-to-service communication with automatic TLS encryption and 
-identity-based authorization.
+- Consul (https://consul.io/) - Solution to connect and configure applications across dynamic, distributed infrastructure and, with Consul Connect, enabling secure service-to-service communication with automatic TLS encryption and identity-based 
+authorization.
 - Istio (https://istio.io/) - Open platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data.
 
 Communications security (COMSEC)
@@ -150,8 +149,8 @@
 See also Transport-layer defenses (#transport-layer-defenses).
 
 - GPG Sync (https://github.com/firstlookmedia/gpgsync) - Centralize and automate OpenPGP public key distribution, revocation, and updates amongst all members of an organization or team.
-- Geneva (Genetic Evasion) (https://censorship.ai/) - Novel experimental genetic algorithm that evolves packet-manipulation-based censorship evasion strategies against nation-state level censors to increase availability of otherwise 
-blocked content.
+- Geneva (Genetic Evasion) (https://censorship.ai/) - Novel experimental genetic algorithm that evolves packet-manipulation-based censorship evasion strategies against nation-state level censors to increase availability of otherwise blocked 
+content.
 - GlobaLeaks (https://www.globaleaks.org/) - Free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.
 - SecureDrop (https://securedrop.org/) - Open source whistleblower submission system that media organizations and NGOs can install to securely accept documents from anonymous sources.
 - Teleport (https://goteleport.com/) - Allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments.
@@ -235,8 +234,7 @@
 Tarpits
 
 - Endlessh (https://github.com/skeeto/endlessh) - SSH tarpit that slowly sends an endless banner.
-- LaBrea (http://labrea.sourceforge.net/labrea-info.html) - Program that answers ARP requests for unused IP space, creating the appearance of fake machines that answer further requests very slowly in order to slow down scanners, worms, 
-etcetera.
+- LaBrea (http://labrea.sourceforge.net/labrea-info.html) - Program that answers ARP requests for unused IP space, creating the appearance of fake machines that answer further requests very slowly in order to slow down scanners, worms, etcetera.
 
 Host-based tools
 
@@ -284,8 +282,8 @@
 - OSXCollector (https://github.com/Yelp/osxcollector) - Forensic evidence collection & analysis toolkit for macOS.
 - ir-rescue (https://github.com/diogo-fernan/ir-rescue) - Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
 - Margarita Shotgun (https://github.com/ThreatResponse/margaritashotgun) - Command line utility (that works with or without Amazon EC2 instances) to parallelize remote memory acquisition.
-- Untitled Goose Tool (https://github.com/cisagov/untitledgoosetool) - Assists incident response teams by exporting cloud artifacts from Azure/AzureAD/M365 environments in order to run a full investigation despite lacking in logs 
-ingested by a SIEM.
+- Untitled Goose Tool (https://github.com/cisagov/untitledgoosetool) - Assists incident response teams by exporting cloud artifacts from Azure/AzureAD/M365 environments in order to run a full investigation despite lacking in logs ingested by a 
+SIEM.
 
 Network perimeter defenses
 
@@ -304,9 +302,9 @@
 Operating System distributions
 
 - Computer Aided Investigative Environment (CAINE) (https://caine-live.net/) - Italian GNU/Linux live distribution that pre-packages numerous digital forensics and evidence collection tools.
-- Security Onion (https://securityonion.net/) - Free and open source GNU/Linux distribution for intrusion detection, enterprise security monitoring, and log management.
-- Qubes OS (https://qubes-os.org/) - Desktop environment built atop the Xen hypervisor project that runs each end-user program in its own virtual machine intended to provide strict security controls to constrain the reach of any 
-successful malware exploit.
+- Security Onion (https://securityonionsolutions.com/) - Free and open source GNU/Linux distribution for intrusion detection, enterprise security monitoring, and log management.
+- Qubes OS (https://qubes-os.org/) - Desktop environment built atop the Xen hypervisor project that runs each end-user program in its own virtual machine intended to provide strict security controls to constrain the reach of any successful 
+malware exploit.
 
 Phishing awareness and reporting
 
@@ -328,19 +326,16 @@
 
 - APTSimulator (https://github.com/NextronSystems/APTSimulator) - Toolset to make a system look as if it was the victim of an APT attack.
 - Atomic Red Team (https://atomicredteam.io/) - Library of simple, automatable tests to execute for testing security controls.
-- BadBlood (https://www.secframe.com/badblood/) - Fills a test (non-production) Windows Domain with data that enables security analysts and engineers to practice using tools to gain an understanding and prescribe to securing Active 
-Directory.
+- BadBlood (https://www.secframe.com/badblood/) - Fills a test (non-production) Windows Domain with data that enables security analysts and engineers to practice using tools to gain an understanding and prescribe to securing Active Directory.
 - Caldera (https://caldera.mitre.org/) - Scalable, automated, and extensible adversary emulation platform developed by MITRE.
 - Drool (https://www.dns-oarc.net/tools/drool) - Replay DNS traffic from packet capture files and send it to a specified server, such as for simulating DDoS attacks on the DNS and measuring normal DNS querying.
 - DumpsterFire (https://github.com/TryCatchHCF/DumpsterFire) - Modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events for Blue Team drills and sensor/alert mapping.
-- Infection Monkey (https://www.guardicore.com/infectionmonkey/) - Open-source breach and attack simulation (BAS) platform that helps you validate existing controls and identify how attackers might exploit your current network security 
-gaps.
+- Infection Monkey (https://www.guardicore.com/infectionmonkey/) - Open-source breach and attack simulation (BAS) platform that helps you validate existing controls and identify how attackers might exploit your current network security gaps.
 - Metta (https://github.com/uber-common/metta) - Automated information security preparedness tool to do adversarial simulation.
 - Network Flight Simulator (flightsim) (https://github.com/alphasoc/flightsim) - Utility to generate malicious network traffic and help security teams evaluate security controls and audit their network visibility.
 - RedHunt OS (https://github.com/redhuntlabs/RedHunt-OS) - Ubuntu-based Open Virtual Appliance (.ova) preconfigured with several threat emulation tools as well as a defender's toolkit.
 - Stratus Red Team (https://stratus-red-team.cloud/) - Emulate offensive attack techniques in a granular and self-contained manner against a cloud environment; think "Atomic Red Team™ for the cloud."
-- tcpreplay (https://tcpreplay.appneta.com/) - Suite of free Open Source utilities for editing and replaying previously captured network traffic originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention 
-Systems.
+- tcpreplay (https://tcpreplay.appneta.com/) - Suite of free Open Source utilities for editing and replaying previously captured network traffic originally designed to replay malicious traffic patterns to Intrusion Detection/Prevention Systems.
 
 Post-engagement analysis and reporting
 
@@ -380,15 +375,15 @@
 - VAST (https://github.com/tenzir/vast) - Free and open-source network telemetry engine for data-driven security investigations.
 - Wireshark (https://www.wireshark.org) - Free and open-source packet analyzer useful for network troubleshooting or forensic netflow analysis.
 - Zeek (https://zeek.org/) - Powerful network analysis framework focused on security monitoring, formerly known as Bro.
-- netsniff-ng (http://netsniff-ng.org/) -  Free and fast GNU/Linux networking toolkit with numerous utilities such as a connection tracking tool (flowtop), traffic generator (trafgen), and autonomous system (AS) trace route utility (
-astraceroute).
+- netsniff-ng (http://netsniff-ng.org/) -  Free and fast GNU/Linux networking toolkit with numerous utilities such as a connection tracking tool (flowtop), traffic generator (trafgen), and autonomous system (AS) trace route utility (astraceroute
+).
 
 Security Information and Event Management (SIEM)
 
-- AlienVault OSSIM (https://www.alienvault.com/open-threat-exchange/projects) - Single-server open source SIEM platform featuring asset discovery, asset inventorying, behavioral monitoring, and event correlation, driven by AlienVault 
-Open Threat Exchange (OTX).
-- Prelude SIEM OSS (https://www.prelude-siem.org/) - Open source, agentless SIEM with a long history and several commercial variants featuring security event collection, normalization, and alerting from arbitrary log input and numerous 
-popular monitoring tools.
+- AlienVault OSSIM (https://www.alienvault.com/open-threat-exchange/projects) - Single-server open source SIEM platform featuring asset discovery, asset inventorying, behavioral monitoring, and event correlation, driven by AlienVault Open Threat 
+Exchange (OTX).
+- Prelude SIEM OSS (https://www.prelude-siem.org/) - Open source, agentless SIEM with a long history and several commercial variants featuring security event collection, normalization, and alerting from arbitrary log input and numerous popular 
+monitoring tools.
 
 Service and performance monitoring
 
@@ -409,8 +404,8 @@
 
 - CimSweep (https://github.com/PowerShellMafia/CimSweep) - Suite of CIM/WMI-based tools enabling remote incident response and hunting operations across all versions of Windows.
 - DeepBlueCLI (https://github.com/sans-blue-team/DeepBlueCLI) - PowerShell module for hunt teaming via Windows Event logs.
-- GRR Rapid Response (https://github.com/google/grr) - Incident response framework focused on remote live forensics consisting of a Python agent installed on assets and Python-based server infrastructure enabling analysts to quickly 
-triage attacks and perform analysis remotely.
+- GRR Rapid Response (https://github.com/google/grr) - Incident response framework focused on remote live forensics consisting of a Python agent installed on assets and Python-based server infrastructure enabling analysts to quickly triage 
+attacks and perform analysis remotely.
 - Hunting ELK (HELK) (https://github.com/Cyb3rWard0g/HELK) - All-in-one Free Software threat hunting stack based on Elasticsearch, Logstash, Kafka, and Kibana with various built-in integrations for analytics including Jupyter Notebook.
 - Logging Made Easy (LME) (https://www.cisa.gov/resources-tools/services/logging-made-easy) - Free and open logging and protective monitoring solution serving.
 - MozDef (https://github.com/mozilla/MozDef) - Automate the security incident handling process and facilitate the real-time activities of incident handlers.
@@ -427,8 +422,8 @@
 - AttackerKB (https://attackerkb.com/) - Free and public crowdsourced vulnerability assessment platform to help prioritize high-risk patch application and combat vulnerability fatigue.
 - DATA (https://github.com/hadojae/DATA) - Credential phish analysis and automation tool that can accept suspected phishing URLs directly or trigger on observed network traffic containing such a URL.
 - Forager (https://github.com/opensourcesec/Forager) - Multi-threaded threat intelligence gathering built with Python3 featuring simple text-based configuration and data storage for ease of use and data portability.
-- GRASSMARLIN (https://github.com/nsacyber/GRASSMARLIN) - Provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) by passively mapping, accounting for, and 
-reporting on your ICS/SCADA network topology and endpoints.
+- GRASSMARLIN (https://github.com/nsacyber/GRASSMARLIN) - Provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) by passively mapping, accounting for, and reporting on 
+your ICS/SCADA network topology and endpoints.
 - MLSec Combine (https://github.com/mlsecproject/combine) - Gather and combine multiple threat intelligence feed sources into one customizable, standardized CSV-based format.
 - Malware Information Sharing Platform and Threat Sharing (MISP) (https://misp-project.org/) - Open source software solution for collecting, storing, distributing and sharing cyber security indicators.
 - Open Source Vulnerabilities (OSV) (https://osv.dev/) - Vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source.
@@ -437,8 +432,7 @@
 - ThreatIngestor (https://github.com/InQuest/ThreatIngestor) - Extendable tool to extract and aggregate IOCs from threat feeds including Twitter, RSS feeds, or other sources.
 - Unfetter (https://nsacyber.github.io/unfetter/) - Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework.
 - Viper (https://github.com/viper-framework/viper) - Binary analysis and management framework enabling easy organization of malware and exploit samples.
-- YARA (https://github.com/VirusTotal/yara) - Tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples, described as "the pattern matching swiss army knife" for file patterns and 
-signatures.
+- YARA (https://github.com/VirusTotal/yara) - Tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples, described as "the pattern matching swiss army knife" for file patterns and signatures.
 
 Fingerprinting
 
@@ -448,8 +442,8 @@
 Threat signature packages and collections
 
 - ESET's Malware IoCs (https://github.com/eset/malware-ioc) - Indicators of Compromises (IOCs) derived from ESET's various investigations.
-- FireEye's Red Team Tool Countermeasures (https://github.com/fireeye/red_team_tool_countermeasures) - Collection of Snort and YARA rules to detect attacks carried out with FireEye's own Red Team tools, first released after FireEye 
-disclosed a breach in December 2020.
+- FireEye's Red Team Tool Countermeasures (https://github.com/fireeye/red_team_tool_countermeasures) - Collection of Snort and YARA rules to detect attacks carried out with FireEye's own Red Team tools, first released after FireEye disclosed a 
+breach in December 2020.
 - FireEye's Sunburst Countermeasures (https://github.com/fireeye/sunburst_countermeasures) - Collection of IoC in various languages for detecting backdoored SolarWinds Orion NMS activities and related vulnerabilities.
 - YARA Rules (https://github.com/Yara-Rules/rules) - Project covering the need for IT security researchers to have a single repository where different Yara signatures are compiled, classified and kept as up to date as possible.
 
@@ -500,8 +494,8 @@
 - Sigcheck (https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck) - Audit a Windows host's root certificate store against Microsoft's Certificate Trust List (CTL) 
 (https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/certificate-trust-list-overview).
 - Sticky Keys Slayer (https://github.com/linuz/Sticky-Keys-Slayer) - Establishes a Windows RDP session from a list of hostnames and scans for accessibility tools backdoors, alerting if one is discovered.
-- Windows Secure Host Baseline (https://github.com/nsacyber/Windows-Secure-Host-Baseline) - Group Policy objects, compliance checks, and configuration tools that provide an automated and flexible approach for securely deploying and 
-maintaining the latest releases of Windows 10.
+- Windows Secure Host Baseline (https://github.com/nsacyber/Windows-Secure-Host-Baseline) - Group Policy objects, compliance checks, and configuration tools that provide an automated and flexible approach for securely deploying and maintaining 
+the latest releases of Windows 10.
 - WMI Monitor (https://github.com/realparisi/WMI_Monitor) - Log newly created WMI consumers and processes to the Windows Application event log.
 
 Active Directory
@@ -515,3 +509,5 @@
 !CC-BY (https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/by.svg) (https://creativecommons.org/licenses/by/4.0/)
 
 This work is licensed under a Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/).
+
+cybersecurityblueteam Github: https://github.com/fabacab/awesome-cybersecurity-blueteam