An open-source, Active Defense & EDR Program

Get Started with BLUESPAWN Download

What is it?


BLUESPAWN is an active defense and endpoint detection and response tool which means it can be used by defenders to quickly detect, identify, and eliminate malicious activity and malware across a network.




Why BLUESPAWN?


Move Faster

A security analyst should be able to quickly detect, assess, and respond to any malicious activity on a live system.

Know Your Coverage

Defenders should know exactly what their tools will catch so they can better focus their efforts on specific lines of effort and have confidence in the status of others

Analyze the Windows Attack Surface

Blue teams should seek to better understand their attack surface in order to defend it better.

Embrace Open-Source Blue Team Software

While there are many open-source Red Team Tools out there, the vast majority of some of the best Blue Team tools are closed-source (ie, AVs, EDRs, SysInternals, etc). That makes it harder for students to learn about these.

Understand more about the Windows API

We combed through a ton of Microsoft Documentation, StackOverflow Answers, and more to create this. Hopefully others may find some of the code useful.