Red vs Blue Team Exercise Tools and Memory Shellcode Detection Resources

This collection focuses on resources for red-blue team exercises (often called HVV or network protection drills), specifically memory shellcode (Cobalt Strike, Metasploit) and memory horse detection tools. The directory below organizes relevant reports, toolkits, and documentation.

Resource Directory

General HVV Materials

  • Practical Offense and Defense: Purple Team Perspective on Exercises (PDF) – Qi An Xin
  • Practical Offense and Defense: Red Team Perspective on Breaking Defenses (PDF) – Qi An Xin
  • Practical Offense and Defense: Blue Team Perspective on Building Defenses (PDF) – Qi An Xin
  • Additional HW Materials (external link)

1. Self-Inspection

  • Enterprise Preparations for HW
  • Security Hardening – Linux Guide
  • Security Hardening – Windows Guide
  • 2020 HW Specific Protective Measures
  • Asset Collection – Three Key Points for HW Success
  • Asset Collection – Comprehensive Information Gathering
  • Asset Collection – Pre-HW Information Collection

2. Security Operations

  • Enterprise Blue Team Construction Considerations
  • Security Operations Perspective on Team Growth
  • My Understanding of Security Operations
  • Security Operations Trilogy: SOC and Corporate Culture
  • Security Operations Trilogy: International Alignment
  • Security Operations Trilogy: Concept Overview

3. Analysis and Investigation

  • CTF – Log Analysis
  • Enterprise Security Log Analysis System
  • Log Audit System Principles and Deployment
  • Traffic Analysis
  • Traffic Analysis in Offensive/Defensive Security

4. Traceback and Countermeasures

  • Multi-Person Traceback Countermeasure Guide (PDF)
  • MySQL Honeypot – Linux (ZIP)
  • MySQL Honeypot – Windows (ZIP)
  • Security Analysis – Tracing People
  • Attack Traceback Ideas and Cases
  • Methods of Attack Traceback
  • Comon Traceback Approaches
  • Red-Blue Countermeasures
  • Practical Traceback in Red-Blue Exercises
  • Traceback in Red-Blue Drills
  • Blue Team Countermeasures (PDF)
  • Blue Team Practical Traceback Manual
  • Investigating Web Attacks via Server Logs
  • Tracking Email Sender Location

5. HVV Report Templates

  • HW Summary Report Template 1
  • HW Summary Report Template 2
  • HW Summary Template (TXT)

6. Historical HVV Summaries

  • 2019 HVV Essential Defense Manual v1 (PDF)
  • Sepetmber 2020 Security Monitoring Report – High-Risk Vulnerabilities During HVV (PDF)
  • Vulnerabilities in 2020 HVV (PDF)
  • 2021 HVV Reference – Defense Experience Summary (PDF)
  • 2021 HVV Red Team Operations Manual (PDF)
  • 2021 Practical Offense-Defense Red-Blue Guide – Changting (PDF)
  • Post-Exercise Review Summary (PDF)

7. Defense Essentials

  • HVV Attack-Defense Approach 3 (PDF)
  • HVV Defense Manual (TXT)
  • 2019 HVV Defense Response Manual (PDF)
  • Building Defense from Red Team Perspective (PDF)
  • Breaking Defense from Blue Team Perspective (PDF)
  • Basic Security Guidance v5.4 (PDF)

8. Incident Response

  • Tomcat Filter Memory Horse and Detection Techniques (PDF)
  • Windows Intrusion Check Process (PDF)
  • Incident Response – Summary
  • HVV Linux Incident Response – Tools Section
  • HVV Emergency Drill Plan (PDF)

9. HVV Training Materials

  • HW01 – Overview of HVV Assurance v2.0 (PDF)
  • HW02 – Pre-Exercise Self-Check Points v2.0 (PDF)
  • HW03 – Practical Asset Inventory Guide v1.1 (PDF)
  • HW04 – Vulnerability Scanning Standards v1.0 (PDF)
  • HW05 – Common Vulnerability Remediation v1.0 (PDF)
  • HW06 – Weak Password Scanning Standards v1.0 (PDF)
  • HW07 – Network Security Protection Analysis v1.0 (PDF)
  • HW08 – Key Security Configuration Analysis v1.5 (PDF)
  • HW09 – Security Hardening Standards v1.0 (PDF)
  • HW10 – NTI Platform Training v1.0 (PDF)
  • HW11 – Situational Awareness Analysis Training v1.0 (PDF)
  • HW12 – IPS Analysis Training v1.0 (PDF)
  • HW12 – WAF Analysis Training v1.0 (PDF)
  • HW13 – ESPC Platform Analysis Training v1.0 (PDF)
  • HW14 – TAC Product Analysis Training v1.0 (PDF)
  • HW15 – Full Traffic Analysis Training v1.0 (PDF)
  • HW16 – Alert Log Analysis Techniques v1.1 (PDF)
  • HW17 – Rapid Incident Response v1.0 (PDF)
  • HW18 – Security Incident Closure Process v1.0 (PDF)
  • HW19 – Attack Methods and Common Techniques v1.0 (PDF)

Red Team Manuals

  • Red Team Operations Manual (PDF)
  • Detecting Cobalt Strike with Memory Signatures (PDF)
  • Microsoft Sysmon Usage Summary (PDF)
  • Red Team Development from Beginner to Expert – Book Recommendations (Encrypted 7z)
  • Red Team Resource Collection (MD)

Tags: red team blue team memory shellcode Cobalt Strike Metasploit

Posted on Thu, 14 May 2026 20:22:08 +0000 by Silver_Eclipse

Hot Tags

©2026 Freaks City