Tips for Blue Team

Would it make sense to add tips to the Blue Team on how to defend against attacks in a particular machine part of the writeup when its retired.
I know it’s straight forward for certain exploits which is to patch and keep the machine updated. However for machines which uses misconfiguration or other types of vulnerabilities or bypass mechanics to attain user or root.

This will help a lot for defenders to build their knowledge to avoid such cases. Please advise if this makes sense.

Coming from a blue team background, I think this would be a nice addition to most writeups. But some people aren’t super interested in how to defend against the attacks, they are exploiting. (It will also make writeups much longer)

From the feedback I received from some of write-ups I’ve posted is that people want to know how to detect rabbit holes, seeing what was tried that failed, and further explanation as to why you chose/tried “x” instead of “yz”.

Although I’m on-board with your idea if people want it. +1 +1 +1

That is true it will make write-ups longer and many at times people are not interested, also that there are multiple ways to defend against a particular attack methodology, but then again that will boost the community’s knowledge on the same.
I would request some of the amazing contributors to the community like @ippsec, @r00k and many others to endorse a bit of such defense mechanism’s in their videos, if they believe it makes sense :slight_smile:

On the point of detecting rabbit holes, I personally feel it is only until we figure out the actual route will we be going in circles. Ippsec does a good job in mentioning these in his videos. It would be off great help if we could also add ideas on this in the write-ups which will promote the ‘critical-thinking’ needed to approach a particular situation.

Thank You for your support.

1 Like