OWASP, Application Security Verification Standard, ASVS, 3.0, OWASP ASVS

Blue Team Training Toolkit (BT3) is software for defensive security training. The toolkit allows you to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk.

Blue Team Training Toolkit also offers an optional content subscription via an online API, which includes realistic network traffic related to a wide range of network attacks, mock malware samples, and important malware indicator profiles. The online library is growing constantly, and ensures a “plug & play” experience, when planning and preparing a training session.

This blog post will document the most important aspects of managing a subscription account. If you are not familiar with how to create a subscription account, you can read more about it in this previous blog post.

Content Subscription Account Authentication

Existing accounts can authenticate directly from Blue Team Training Toolkit with the “apiconnect” command. This will require an e-mail address as user name and its associated password.

Account authentication process

Welcome message after successful authentication

Content Subscription Account Log Out

Authenticated accounts can log out by using the “apidisconnect” command.

Disconnecting from the BT3 API

Content Subscription Account Details

Authenticated accounts can check subscription details by typing “show subscription”.

API subscription details

Content Subscription Account Credentials Reset

Registered accounts may request a password change or account recovery by invoking “apinewcreds”.

Requesting a new set of credentials

The first step of this process will require a valid e-mail address associated with an existing account. A security code will be sent to such address, and the code must be provided as verification proof.

Step 1 – Account verification during new credentials request

The last step will require you to provide a new set of credentials.

Step 2 – Setting new credentials

The new credentials will be ready for use as soon as the process has been completed.

Successful credentials reset

Content Subscription Credit Voucher Redemption

Users who have purchased content credits will gain access to a credit voucher. The voucher can be redeemed with by invoking “apiredeem”, with the voucher code as argument. Please, note that redeeming a code requires an authenticated API session.

Successful voucher redemption

Content Subscription Account Deletion

Your content subscription account can be deleted at any time by invoking “apidelete” while being authenticated with your user account. Beware any information associated with your user account, credit balance and licensed materials will be lost once the command is completed. This operation cannot be reverted.

API account deletion will require confirmation

Once the account is deleted, you will be able to use the Blue Team Training Toolkit in offline mode. Any training materials previously downloaded to your hard disk will not be destroyed during the content subscription account deletion process.

Check out the BT3 user guide, or the Blue Team Training Toolkit Video Series for practical examples.

You can also download the Blue Team Training Toolkit and test it for yourself!