A special acknowledgement: Rowland Harrison, for my ISSO combat training in the Wild, Wild, West of ODU’s academic environment.
About the Review Team:This book is hardly the work of one person. I would like to take the opportunity to thank a few people involved.
- Ed Skoudis from CounterHack for blazing the IR trail and getting me started, ideas, concepts, source material, SANS 504/560.
- Dean Bushmiller for guidance on business issues, VMLT, and adding the book to ExpandingSecurity.Com’s NICCS/CISSP programs.
- Larry Pesce for technical review, validation, thoughts.
- Peter Szczepankiewicz for Red and Blue team operations while he served as a US Naval Officer. Thank you for your service, both to me and to the US Navy.
- Nancy Carothers as my grammar, spelling, and style editor, I definitely got my money’s worth! Nancy also wrote the copy for the back cover.
- John Steele
Version 3.0 - 324 pages, 93K words. 2025.
Version 2.2 - 164 pages. 6x9, 32K words. 2016.
Still No Fluff. Just Facts. Period.
Purchase Options:
> Amazon Paperback: $49.95- Updated to Ver 3.0 on 12/15/266.
About the Book: The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders – those who staff the Blue Team. The BTHb includes essential information for any incident responder, such as key information for the incident response process, how attackers work and common tools, a methodology for network analysis, Windows and Linux analysis processes, tcpdump usage examples, and numerous other topics. The book is peppered with practical real life techniques from the authors 12 year career working in academia and a corporate setting. Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server – this book should help you handle the case and teach you some new techniques along the way.
Github - One and Two and Three.