Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.

Fits in the jump bag & a zip lock to protect the pages - Crafted my own pocket flap inserts to add personal notes for my employer on large index cards (org chart by title with penciled in names, numbers & schedules); IT LAN map with details on each system in case it is needed in a jiff (except passwords - don't be stupid!) It didn't help me pass the minors, but I am a non-military female. I don't think God could have gotten me through those men who love to fail women!

This is a must-have for blue-team / defensive and red-team/ offensive folks. It provides a great jump-off point for a lot of security monitoring skills, and has a very rugged feel to it that tells you its written by someone with a lot of experience. The first 35 pages or so is process / paperwork related stuff, but everything after that is high-signal and very useful.

Simply because I didnt know what I was doing. This manual will grow with you. I have added and taken away some tips and tripsnof my own. Awesome read!

Great. Between this and RTFM, I keep these always within reach.

Deep dive of crucial information for when the worst is happening for your organization's information security. Very packed and concise. Loaded with tips and useful information I haven't seen anywhere else.

This book is a must read for those responsible for developing and implementing an IR plan and team.

Excellent!

Highly recommended

Great info for dealing with the threats

Great content and reference material. I hope they can update the content to make it more relevant to current OS versions.

Fits in the jump bag & a zip lock to protect the pages - Crafted my own pocket flap inserts to add personal notes for my employer on large index cards (org chart by title with penciled in names, numbers & schedules); IT LAN map with details on each system in case it is needed in a jiff (except passwords - don't be stupid!) It didn't help me pass the minors, but I am a non-military female. I don't think God could have gotten me through those men who love to fail women!

This is a must-have for blue-team / defensive and red-team/ offensive folks. It provides a great jump-off point for a lot of security monitoring skills, and has a very rugged feel to it that tells you its written by someone with a lot of experience. The first 35 pages or so is process / paperwork related stuff, but everything after that is high-signal and very useful.

Simply because I didnt know what I was doing. This manual will grow with you. I have added and taken away some tips and tripsnof my own. Awesome read!

Great. Between this and RTFM, I keep these always within reach.

Deep dive of crucial information for when the worst is happening for your organization's information security. Very packed and concise. Loaded with tips and useful information I haven't seen anywhere else.

This book is a must read for those responsible for developing and implementing an IR plan and team.

Excellent!

Highly recommended

Great info for dealing with the threats

Great content and reference material. I hope they can update the content to make it more relevant to current OS versions.

informative book

If your a blue teamer keep this is a must have guide. No nonsense of reading through dozens of pages to find what you need.

The book has come in handy sorry for not reviewing it as its been two years

Book has Nice feel and laid out well.

Great Book to give insight to the blue team side. It has some of that simple common sense stuff. But it takes that and puts it into a plan! Very deep insight into the importance of being prepared and explaining why. Also has some cool more advance advice to read up on. Gives command line examples of different parameters to use and shows the result you will get.

This book is good, but is deprecated at this point, does need a new version as this one was released in 2014, there are plenty of items that have changed within

Perfect

Great Blue Team handbook will great offensive attack commands

I was recommended this Handbook by an Incident Responder with over 10 years experience (whom was also recommended it within his professional network). I've been utilizing version 1.0 of this handbook for almost 3 months now and, I must say, it's the perfect field manual not only for Incident Responders but for any class of Information Security Professional. Back in college I started crafting a reference manual of my own wishing I had something like this. I'm happy to see that I wasn't the only person when I was recommended this Handbook. Initially my only wish was for it to have had reference diagrams for common packet headers. However, shortly after that I learned of version 2.0. For that reason, I immediately purchased version 2.0. Background: 3 years experience as an Information Security Analyst

Very comprehensive

Great book, as a newer person to the detail of IR this book is providing reference material I needed.

good reference

When Red and Blue meet this is a must have to win!

Great reference with a dash of context. A lot of you will probably have a .doc or .txt with some of this stuff in it, but now you don't have to print it all out. :) Recommended for any admin not just the sec folk.

As a red team guy, I found this book to be a little optimistic and perfect world geared, but it did have good idea and insight

Love it! Small and focus on the most important aspects we should consider.

Very clear, excellent book

The perfect counterbalance to RTFM for anyone doing compsec.

impressive book, very detailed, found some parts difficult to understand, but this is a great book to have on hand

great book

Well written and straight to the point. Its a great reference book and explains incident response in a step by step fashion.

This is a Most Excellent Book and well worth the money. My Son whom is a programmer loves it.

Gave as a gift, receiver was very excited.

This is good for those who need a refresher or are new to the field of InfoSec.

Must have

As advertised. A good book and it can come in handy.

Must have book.

Muy buena infornación

Good reference. Have read it completely and think its going to be very helpful. Have also started adding my own notes. Good addition to my library. A better index would be nice.

Very good

Good fast read, and cuts to the chase.

Good stuff!

Excellent Read!!

Good :)

Amazing tool for any InfoSec first responder. Perfect complement to the RTFM (red team field manual) as a professional. Short/ clean to the point, which is what you need when you are in a fight.

Well written and a great guide for IR related tools and tips.

Perfect reference book

Fantastic, great information. A must have for any jump bag!

Solid info, brief and informative, wide coverage on incident issues. Bought a second copy recently (gave away #1), have read through it, and the update does improve wording, fixes the few spelling errors someone complained about in V1, and has great packet header charts in the back. Got my copy autographed at a SANS conference to boot! I hear there are more titles in the series planned with a few underway.

A very handy little book with checklists and command examples for incident response.

A great title for the IRers!

Get a printed copy of this book. Because if you need it, the analog world might be the only safe place around. Jokes apart, I appreciated the straightforward style; seems that a script tells more than thousands of words.

Great book.

Great Resource to Have on hands for Security Analysts. I have been using many of the techniques described in this book over the past few years but this book expanded on that knowledge a bit more than I was used to. It's great because it has all of the most common things one would typically run into on their day-to-day job as a security analyst. Not completely comprehensive but that's not the purpose of this book.

This is a good reference manual for those interested in how the other side approaches network compromises. Good reference for knowing the opposition if you're interested in hacking principles.

I don't leave home without it.

Great guide for beginners and vets alike!

Great reference book!

TBH I think this book was probably just written to try and make money from to the hype of the "RTFM" book. I guess its OK but if you are looking for something to learn to blue team go get some certs, this book will not help you to become a "blue team"er.

I can't think of any other resources with the kind of perspective this book offers. This book talks about security relative to an office environment, as if you had an expert right next to you guiding you with practical steps for analysis.

So many great things in the book.

This book is okay. It's an interesting compilation of cheat sheets and notes on how to use some basic tools. It's a neat book to thumb through, but I didn't really sense I could use it for "reference". I was hoping for a little more out of this book. It's clear it's meant to complement the RTFM (Red Team Field Manual), but aside from the "cheat-sheet" feel, I don't know that I would keep this at my desk for use in investigating incidents. Maybe for the guys who are new to the field? There are a lot of books available for "red teams" and penetration testers. It's good to see new books aimed at "blue teams" at all levels.

Very Good book. Great reference guide to keep close

Exceeded my expectations.

Awesome book! fast delivery!

I have yet to really work through this book but it looks very promising with the sheer amount of information and procedures. Unfortunately this is not *quite* the book an aspiring penetration tester would find useful.

Don, Your books have been a tremendous tool for me and the teams I’ve led and I can’t thank you enough! Both Blue Team books are mandatory reading on my teams! By putting such great material all in one (now two) places your propelling the rest of us forward further and faster allowing us to stand on the shoulders of giants (you)! Go Blue Team! - Mark

I ordered this book because one of my colleagues on the Blue team had it and it looked interesting, I just started reading this book and I believe it'll be a great help!

Nice companion to the RTFM. I have been in INFOSEC for a while and I found most of the book to be somewhat generic. My feelings may not apply to everyone else though. There seems to be an idea out there that everyone in INFOSEC sits around grepping Snort logs and/or TCP dumps; this simply is not the case. As an incident first responder the job is fairly straight forward: isolate and collect the logs. Everyone has their own methods I guess. Some OS'es require you leave the system connected before collecting logs this book does not cover that aspect. Not everyone can afford a SANS course so in that respect this condensed field guide is a plus+. Simply put; you cannot afford to not have this book. A must buy.

Good reference for assessment/ forensics/ recovery. Not all inclusive, and not a beginner/ small business reference

If you are responsible for defending your castle, you need to add this book to your high-tech "bug-out" bag. Don makes it easy to find the most pertinent methods and tools to assist with your Incident Response tasks. If your like me, and not just strictly dedicated to corporate IR duty, this will be your bible!! Brian Redick KTH Parts Industries, Inc.

First, the book is very handy and to the point. Sec

Great book, blue team's version of the RTFM, but better.

Great field manual for incident response and forensics professions. Carry size. Great checklists. Buy it

Use it all the time. Good stuff. Just need to be proactive and update it every 2-3 yrs.

Awesome book for the travel bag for incident response. Also tells you what else should be in your travel bag ;) priceless.

This book has some pretty good reference material for anyone responsible for InfoSec! There are a few typos here and there but, don't let those small insignificant errors deter you from purchasing this book. After reading through it, I convinced management to purchase a copy for everone on our InfoSec team.

great collection of useful commands and tools for incident response.

Insightful book. Processes are the 1st thing any organization needs to establish for a successful and consistent mitigation strategy.

Good to have with you at all time in you are in a CERT

Has different information than other books I have.

Excellent !! MUST BUY !!!

Excellent book for guidance to incident response!

good book to have on hand. I use it to show network engineers how they are wrong.

perfect

This was a gift. Tech guy seems to enjoy this stuff!

best read i have had in a while.

This was much better than I was expecting. A lot of it was what I would expect to see/read, but there was quite a bit that was really eye opening. I definite recommend for those responsible for network and security!

A useful gathering of many different kinds of info

Dons book is excellent ! I learnt new things on each pages

Cool book really.

Great book!

I haven't really gotten into this yet, but from what I have skimmed, I believe it will provide some valuable information.

Great reading and a great supplement for the RTFM

Great book! Lots of insights in threat management and processes. I received this book right on time!

Riddled with typos and mistakes in English, a weird layout for a book, and it's poorly typed and formatted. This is indeed a very "condensed field guide" -- more of a checklist actually -- so don't expect much explanation. Too much jargon that many may not understand. Okay, at $15 this is still a good deal but the average reader will have to do a lot of research to learn much.

congrats... this is a great book and I recommended to everybody..

This is a good read. Even if you don't do IR, its worth your time.

Have the Red Team Handbook, as well. They go together very well with tons of useful info.

In the acknowledgements the author boasts of getting his 'money's worth' from his editor. I'm only into the first 15 pages or so and finding edit problems such as: Pg 9 "...internal vs external and network constancy". Likely meant to be "consistency".? Then Pg 12 " Collet network logs, ..." and "System or network segment may isolation may be necessary" Calling these out may seem picking knits but poor editing breaks the flow of concentration and the reader's mind must attempt to edit on the fly. That said through 15 pages I think this will make a good reference book and look forward to implementing some of the author's idea.

Real thing.

Excellent approach to incident response and a good book to keep in your IR kit.

Great for looking up codes

I recently purchased four incident handling books and one of them was the Blue Team Handbook. The other three books were much larger in volume but this handbook provided so much applicable content in such a condensed fashion that I'm not sure I needed to purchase the other three. This book would be great for both beginners or seasoned professionals. At this point I've bought a copy of the Blue Team Handbook for every security team member at my organization. Thank you Don Murdoch for putting this handbook together. I highly encourage all security professionals whether red team or blue team to purchase this book.

The book does not provide complete coverage for the topic of incident response

More technical than I wanted.

A steal at $15 - Must Have for Incidents, Admins, InfoSec This is a detailed review of the Blue Team Handbook Incident Response Edition. The book is organized in 35 major topics, each one very focused on a particular topic relating to the cyber security incident response process. For example, the “Using Snort” section has a discussion, practical examples, and real world command line usage of the tool. Sections have varying degree of detail – but they all include advice from a clear expert who has done the job. Two things that are nice. First, the book is well edited, has very good sentences, and no glaring spelling mistakes you would expect from a first edition self-published title. Second, at the end of nearly each section, there’s a tag line which advises how the topic is used for incident response. From beginning to end: The book starts with some ideas borrowed from the military – fog of war, etc. Good advice. Next there is an in depth, and practical, treatment of the incident response process, with illustrations. After that, the author provides insightful guidance on reporting through two different templates – one which follows the IR process previously described, and one from the commercial sector. These section both give spot on advice. There is a pretty clear outline of the attack process. This section doesn’t have a lot of depth; it does have a good overview to help an IR person understand how they will be assaulted, in keeping with the IR focus (not pen test focus). There is advice on using GPG, which would likely work well in the academic space. The netcat and crypt cat discussions tell you how to use these tools nicely – and there are some funny pictures for humor. The automated tools info doesn’t have a lot of “follow up usage” depth – but it does have solid advice, and does tell you how to preserve data for later analysis. Also in keeping with “incident response”. The volatile data collection sections (Windows, Linux) have lots of examples organized along the volatility order. One thing missing is making a disk image of RAID or server type systems. The “network device”, “network analysis”, and “suspicious traffic patterns” sections are great. This is where the book really shines. You can tell this author has “been there, done that” and preserved lots of useful information for the reader.

I loved this book. For the price, this is a must have book for anyone who works within info sec. However I must add one item. This book is for people who have been in the field of info sec for a while. At a minimum please at-least have the basic understanding of Security+. Some of the concepts within this book are for advance IT Security personnel. Overall a great book to have for review. If you planning on taking your CISSP, this would be a good book to take a quick glance.

Useless

Amazing

Awesome

This book is better suited for managers than 'coal face' people. It talks about incident response at quite a high level and doesn't get into the weeds enough. When you compare this to the Red Team Field Manual you will notice they cannot be compared, which is quite sad. If you need a reference book to do your job, use the RTFM, or The Way of the Packet this is a book you give to your boss when s/he asks you to explain your job.

Perfect to keep in your desk draw and whip out when needed, hugely helpful book to have during an incident and to keep around for reference. I would also recommend the following book

Price and shipping is good. The book doesn't need comments. :)

Great book for the beginner, which most of us are. We know it all, this tells us to think again. Recommended for my year 1 undergraduate forensic computing students.

An excellent introduction to cyber security incident response.

Excellent quick lecture. For the price it cannot be wrong.

Good for commercial use.

Outstanding and very useful

Excellent book

The best ratio of useful information to padding and waffle of pretty much any infosec book I've read.

Great book

Great playbook for intrusion response. Recommended to any network admin.

Very good for professionals working in incident response and information security in general.

Handy handbook to have a hand!

Love this book, helpful to have on hand.

Questo libro ha lo scopo di fornire un approccio rapido verso la difesa da eventuali attacchi informatici. Offre diversispunti per mettere insiemeuna procedura per definire/catalogare l'incidente fino ad offrire comandi e software per scoprire chi, come e quando è riuscito a creare una breccia nel sistema. Sono ancora ai primi capitoli, ma giá da lì ho scoperto alcune vulnerabilità di cui non ero a conoscenza. Con poche direttive aggiunte ad apache, ho un sistema più sicuro. Davvero, gli spunti e gli strumenti per analizzare la propria infrastruttura sono molti. Più lo leggo, più mi appassiono al versante "sicurezza". Consigliato a chi gestisce server e reti aziendali. Essendo un libriccino veloce, non si può dire di non avere tempo per leggerlo!

This book is quite good. Condensed commands and references to what needs to be looked at from an Incident Response perspective. I would highly recommend this to anyone willing to add to their knowledge. Please be aware, this book is not for learning Incident Response, but for bring a structure to how you handle these incidents/cases.

Tiene muy buen material, tanto de ataque como de defensa. Inclusive templates de documentos como por ejemplo contrato de pentesting. Me ha gustado, además, todo con explicación no sólo con los comandos escupidos. Libro recomendado. Lástima que no estaba en perfecto estado el libro, las esquinas algo dobladas, aunque el libro estaba totalmente nuevo.

Ritengo che questo libro sia un MUST, mi trovo spesso a sfogliarlo per rivedere la sintassi di alcuni comandi. Naturalmente estremamente utile nella gestione degli incidenti di sicurezza. Lo consiglio, vista anche l'ottimo prezzo.

It can be compare to a guide, a recipe book that has to be at hand when you face, the hard work of forensics and basic security. We need procedures that some how warranty a minimum of healthy systems, and bring back system to work. Easy to read, good in content.

Le falta algo de didáctica, pero está bien. Muestra una buena colección de apuntes diversos. Se parece bastante a las chuletas que he ido acumulando con el tiempo.

preso per sfizio, interessanti spunti di riflessione circa le tecniche di analisi e ricerca in apparati elettronici da leggere con calma interessante

Ottimo libro ma che non fa per chi è un beginner in queste tematiche. Scritto in inglese, diventa difficile per chi non ha le basi inerenti le tecniche di reazione da attacchi wbe per siti e cloud

E' un manuale quasi tascabile, molto comodo durante i viaggi o per una consultazione veloce. Tratta molti argomenti dando idee su quali approfondire. Ottimo rapporto qualità-prezzo.

ottimo libro per chi vuole sempre avere a portata di mano indicazioni sulla gestione degli incidenti. Condensa in un unico manuale i vari mitre, nist enisa.

Not useful.. it seems that the writer has tried to publish a book based on his notes of commands put some text around...not worth buying..

Cool beans

Cool

Buen libro

Everything OK

Very handy, straight to the point and very direct. Highly recommended.