Blue Team Training Toolkit (BT3) introduces improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk.
Mocksum – New Module
This version includes Mocksum, a new module that provides access to mock files. In a nutshell, these are harmless files that produce the same MD5 checksum as real malicious files. With Mocksum, blue teams can simulate and plant realistic artifacts during training sessions, without the risk of handling real malware.
Multiple Possibilities
Multiple possibilities and goals can be accomplished with mock files, such as:
- Flags
Mock files could be used as flags during training sessions, and they let the blue team know that a (simulated) malicious file has been found.
- Mastering log correlation and third party threat intelligence
Mock files have MD5 hash collisions that mimic real malware samples.
By calculating their checksums, your blue team can find real information about the mimicked malware sample in different sources.This kind of practice can allow the blue team to master event investigation, get used to using third party threat intelligence services,
or correlate in-house logs (e.g. Centralized anti-malware solution).
Check out the BT3 user guide, or the Blue Team Training Toolkit Video Series for practical examples.
You can also download the new version of the Blue Team Training Toolkit and test it for yourself!