Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level.

The toolkit allows you to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk.

BT3 includes the latest version of Encripto’s Maligno. This module is designed with a client-server architecture, and it allows you to simulate malware infections or targeted attacks with specific C&C communications in a safe manner.

Network Traffic Manipulation and Replay

BT3 includes Encripto’s Pcapteller, a module designed for traffic manipulation and replay. Pcapteller can customize and replay network traffic stored in PCAP files. This allows you not only to re-create scenarios where computer attacks or malware infections occurred, but also make it look like everything is really happening in your own network.

BT3 is also shipped with multiple malware indicator profiles that ensure a “plug & play” experience, when planning and preparing a training session, incident response drill or red team engagement.

Malware Sample Simulation

BT3 includes Encripto’s Mocksum, which provides access to a collection of files that mimic malware samples via MD5 hash collisions. The files downloaded via Mocksum allow you to simulate and plant realistic artifacts, without the risk of handling real malware.

In a nutshell, these artifacts are harmless files that produce the same MD5 checksum as real malicious files. In many cases, the harmless artifacts also get detected by anti-virus software.

Powerful Resource for Red Teams

BT3 modules can assist with the production of network indicators, or decoys during a red team engagement. Let us consider advanced security assessments that result in access to the target’s internal network. In environments with tight network countermeasures and a (proactive) blue team in place, red teams must measure their movements across the target network, in order to fly under the radar.

Ease of Use and Flat Learning Curve

To ensure usability from the first moment, BT3 uses an interactive command-line interface inspired by Rapid7’s Metasploit Framework (MSF). This means that learning how to use BT3 should take a minimum effort, and you will be able to focus on your training session, rather than figuring out how to use a new tool.

You can read more and download the toolkit over here: https://www.bt3.no/