Copyright © Blue Team Handbook. All rights reserved.

A special acknowledgement:  Rowland Harrison, for my ISSO combat training in the Wild, Wild, West of ODU’s academic environment.

About the Review Team:This book is hardly the work of one person. I would like to take the opportunity to thank a few people involved.

  • Ed Skoudis from CounterHack for blazing the IR trail and getting me started, ideas, concepts, source material, SANS 504/560.
  • Dean Bushmiller for guidance on business issues, VMLT, and adding the book to ExpandingSecurity.Com’s NICCS/CISSP programs.
  • Larry Pesce for technical review, validation, thoughts.
  • Peter Szczepankiewicz for Red and Blue team operations while he served as a US Naval Officer. Thank you for your service, both to me and to the US Navy.
  • Nancy Carothers as my grammar, spelling, and style editor, I definitely got my money’s worth!  Nancy also wrote the copy for the back cover.
  • John Steele

154 pages. 6x9.

No Fluff. Just Facts. Period.


In the social media...
How to connect.

Facebook page - Blue Team Handbook.


Purchase Options: 
> Amazon: $14.99 - Updated to Ver 2 on 10/5/2014.
> VMLT: $1 for app, $7 for book right now, will go up Oct 1, 2014.
> CreateSpace: For large volume purchase, try the book's eStore. Site password is "blueteam". 15% off discount code -
X5RD6EW2.

About the Book:
The Blue Team Handbook is a zero fluff reference guide for cyber security incident responders – those who staff the Blue Team. The BTHb includes essential information for any incident responder, such as key information for the incident response process, how attackers work and common tools, a methodology for network analysis, Windows and Linux analysis processes, tcpdump usage examples, and numerous other topics. The book is peppered with practical real life techniques from the authors 12 year career working in academia and a corporate setting.  Whether you are writing up your cases notes, analyzing potentially suspicious traffic, or called in to look over a misbehaving server – this book should help you handle the case and teach you some new techniques along the way.


About the Digital Edition:  Due to the proliferation of free copies of PDF and other digital format books on the Internet, the only legal way to receive a digital edition of the book is through VMLT, an IPad app developed by ExpandingSecurity.com. Don't believe me? Just hit the goog and search for download "red team field manual" filetype:pdf. The RTFM is the opposite of the BTHb, so its author (Ben Clark, is loosing money every day due to piracy. You can see 78 hits in the goog as of 8/5/2014. I bought my own print copy to support Ben.


About the Author: Don M, GSE, MBA, CISSP + 15 is a seasoned IT Security professional. Some career highlights:


  • Holder of a SANS Forensicatorcoin and SEC 617 coin.

  • Earned ISSAP (2013). Don is the ISSAP Track Owner for ExpandingSecurity.COM.
  • TOGAF Certification (2012)
  • SABSA Foundation and Certification (2011)
  • Fortune 500 Health Care - Security Engineer, Security Architect, and Enterprise Architect (2006 to present)
  • Old Dominion University - Information Systems Security Officer (2004-2006)
  • Established the Disaster Recovery Practice at Compass (2001)
  • Earned CISSP Certification (2001)