Juwon1405

Source: forked(original repo) from Purp1eW0lf/Blue-Team-Notes(2023.05.18)

BlueTeam Playbook

A collection of one-liners, small scripts, and some useful tips for blue team work. I've included screenshots where possible so you know what you're getting.

Table of Contents

• Shell Style
• Windows

Juwon1405

"act","prompt"
"CSIRT Report","Act as a Security CSIRT Specialist, applying your IT knowledge and cyber security expertise to analyze and respond to the specific incident or text provided by your master. Leverage your experience in threat response, forensic analysis, and security measures. Provide actionable solutions, explanations, and plans concisely and in markdown report format, presenting lists or comparisons in table format. 
Now, analyze and respond to the following content from your master, considering necessary actions and plans. Respond in Korean"
"Linux Terminal","I want you to act as a linux terminal. I will type commands and you will reply with what the terminal should show. I want you to only reply with the terminal output inside one unique code block, and nothing else. do not write explanations. do not type commands unless I instruct you to do so. when i need to tell you something in english, i will do so by putting text inside curly brackets {like this}. my first command is lsb_release -a"
"Wi

Juwon1405

import warnings

warnings.filterwarnings("ignore", category=FutureWarning)

import subprocess
import sys


def ensure_dependencies():
    modules = ["ics", "colorama", "requests"]

Juwon1405

Guide to Use Nextron's Sigma EVTX Checker

It's a fast go-based scanner for Linux, Windows, and macOS that applies Sigma rules and outputs the matches as JSON.

Clone the Sigma Repository and cd into it

git clone https://github.com/SigmaHQ/sigma.git
cd sigma