Copyright © Blue Team Handbook. All rights reserved.

"This guide is chock full of useful information for infosec pros, especially blue team members and incident handlers.  You could read it end-to-end for a treasure-trove of useful tips and tricks, or just keep it close by as a handy reference.  Or both!"  -- Ed Skoudis, Counter Hack. 


Print: Purchase on Amazon

ISBN-13: 978-1500734756 (CreateSpace Assigned) ISBN-10: 1500734756 



The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders – those who staff the Blue Team. The BTHb includes essential information for any incident responder, such as key information for the incident response process, how attackers work and common tools, a methodology for network analysis, Windows and Linux analysis processes, tcpdump usage examples, and numerous other topics. The book is peppered with practical real life techniques from the authors 12 year career working in academia and a corporate setting.  Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server – this book should help you handle the case and teach you some new techniques along the way. 

BTHb events - book tour, Podcasts, Blog mentions, tweets,  and Don sightings. If you want your copy autographed ... look here.

As of Dec 2016, 25,000 copies are in print, with an average 4.5/5 score on Amazon. As of June 2015, about 10,200 copies sold! Average Amazon review is 4.6/5.0!

Don was on Security Weekly (10/2/2014).



Check out the Table of Contents. and the cover art. Read the forwards.

Welcome to the Blue Team Handbook (BTHb). Incident Response Edition Version 2.2. As of October 2016, BTHb has undergone a major face lift with a chapter based restructuring, and a significant content update,. 2.2 has about 16 pages of additional material.  Whats next? Volume Two is under development, and it will focus on Security Operations, SIEM, and Log Management, all based on 12 years of practical experience.  (Update 1/2/17).

Buy large Quantities from CreateSpace

If you want multiple copies, you may be better off purchasing directly from CreateSpace at the book site. The password is "blueteam". 

Custom Covers and Branded Editions

A few different organizations have asked for a branded cover to use BTHb as part of their marketing program.  Information on Branded Covers is summarized below:

1) The lower portion, beneath the white area, can be customized with a color scheme and text particular to your organization.

2) The ISBN / Bar Code area on the back of the book cannot be moved.

3) Customized editions are delivered through an organization specific site hosted by CreateSpace, and are not available through any other distribution method. 

4) There is a nominal setup fee to manage the book customization and creation process. 

5) You will receive the same content as the ​currently shipping version on Amazon (2.2 as of 10/20/2016).

6) You may request specific interior content for your organizational copy.