Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level. The toolkit allows you to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk.
To ensure usability from the first moment, BT3 uses an interactive command-line interface inspired by Rapid7’s Metasploit Framework (MSF). Since MSF is a tool well-known by information security professionals, it makes sense to provide some degree of familiarity. This means that learning how to use BT3 should take a minimum effort, and most blue teams will be able to focus on their training session, rather than figuring out how to use a new tool.
This blog post will cover the most relevant commands supported by the application.
Interactive Command-Line Interface
- Starting Blue Team Training Toolkit
You may start the interface by running “python BT3.py” from your Linux terminal, with root or sudo privileges.
- Help overview
A quick command overview can be obtained with the “help” command.
- Resource files
Blue Team Training Toolkit supports resource files, which allow you to script module commands in a simple manner. Invoking the “resource” command, with the resource file name as an argument, should execute all the instructions automatically. Resource files should be able to run any actions supported by a module. However, resource files can only execute commands within a single module in use.
- Version check and updates
The application’s current version can be displayed with “version”, while “bt3update” will check for new updates. The update mechanism is able to download and deploy new updates on demand. Updates will be deployed in a new folder at the same directory level as the existing installation. This means that the existing installation will remain as it is without modifications, which reduces the risk for inconsistencies or data loss.
- Tool modules list
Supported application modules can be displayed with “show modules”.