What is it?
BLUESPAWN is an active defense and endpoint detection and response tool which means it can be used by defenders to quickly detect, identify, and eliminate malicious activity and malware across a network.
A security analyst should be able to quickly detect, assess, and respond to any malicious activity on a live system.
Know Your Coverage
Defenders should know exactly what their tools will catch so they can better focus their efforts on specific lines of effort and have confidence in the status of others
Analyze the Windows Attack Surface
Blue teams should seek to better understand their attack surface in order to defend it better.
Embrace Open-Source Blue Team Software
While there are many open-source Red Team Tools out there, the vast majority of some of the best Blue Team tools are closed-source (ie, AVs, EDRs, SysInternals, etc). That makes it harder for students to learn about these.
Understand more about the Windows API
We combed through a ton of Microsoft Documentation, StackOverflow Answers, and more to create this. Hopefully others may find some of the code useful.