SQL Scripts

-- Verificar Integridade Física do Banco

DBCC CHECKDB ('SeuBancoDeDados') WITH NO_INFOMSGS, ALL_ERRORMSGS;

-- Consultar Estatísticas de Fragmentação de Índices

SELECT 

    dbschemas.[name] AS 'Schema',

    dbtables.[name] AS 'Table',

    dbindexes.[name] AS 'Index',

    indexstats.avg_fragmentation_in_percent

FROM sys.dm_db_index_physical_stats (DB_ID(), NULL, NULL, NULL, 'LIMITED') AS indexstats

INNER JOIN sys.tables dbtables ON dbtables.[object_id] = indexstats.[object_id]

INNER JOIN sys.schemas dbschemas ON dbtables.[schema_id] = dbschemas.[schema_id]

INNER JOIN sys.indexes AS dbindexes ON dbindexes.[object_id] = indexstats.[object_id]

    AND indexstats.index_id = dbindexes.index_id

WHERE indexstats.avg_fragmentation_in_percent > 30;

-- Monitorar Sessões com Bloqueios

SELECT 

    blocking_session_id AS Bloco,

    session_id AS Sessão,

    wait_type,

    wait_time,

    wait_resource,

    text AS Query

FROM sys.dm_exec_requests

CROSS APPLY sys.dm_exec_sql_text(sql_handle)

WHERE blocking_session_id <> 0;

-- Top 10 Queries Mais Pesadas (CPU)

SELECT TOP 10 

    qs.total_worker_time / qs.execution_count AS AvgCPUTime,

    qs.execution_count,

    qs.total_worker_time,

    st.text AS QueryText

FROM sys.dm_exec_query_stats qs

CROSS APPLY sys.dm_exec_sql_text(qs.sql_handle) st

ORDER BY AvgCPUTime DESC;

-- Verificar Uso de Espaço por Tabela

EXEC sp_MSforeachtable 

@command1="EXEC sp_spaceused '?'";

-- Consultar Estatísticas Desatualizadas

SELECT 

    OBJECT_NAME(s.[object_id]) AS TableName,

    s.name AS StatsName,

    STATS_DATE(s.[object_id], s.stats_id) AS LastUpdated

FROM sys.stats AS s

WHERE STATS_DATE(s.[object_id], s.stats_id) < DATEADD(DAY, -7, GETDATE());

-- Verificar Contenção de TempDB

SELECT 

    session_id, 

    wait_type, 

    wait_duration_ms, 

    resource_description

FROM sys.dm_os_waiting_tasks

WHERE wait_type LIKE 'PAGE%LATCH_%' AND resource_description LIKE '2:%';

-- Tamanho Atual e Espaço Livre dos Arquivos do Banco

SELECT 

    name AS FileName,

    size  / 128.0 AS SizeMB,

    size / 128.0 - CAST(FILEPROPERTY(name, 'SpaceUsed') AS INT) / 128.0 AS FreeSpaceMB

FROM sys.database_files;

-- Validação de Consistência de Dados (Exemplo em PKs/FKs)

SELECT fk.name AS ForeignKey, OBJECT_NAME(fk.parent_object_id) AS ChildTable

FROM sys.foreign_keys fk

WHERE NOT EXISTS (

    SELECT 1 

    FROM sys.foreign_key_columns fkc

    JOIN sys.columns c ON fkc.parent_object_id = c.object_id AND fkc.parent_column_id = c.column_id

    WHERE fkc.constraint_object_id = fk.object_id);

-- Ver Sessões Ativas e Consumo

SELECT 

    s.session_id,

    s.login_name,

    r.status,

    r.cpu_time,

    r.total_elapsed_time,

    t.text AS SqlText

FROM sys.dm_exec_sessions s

JOIN sys.dm_exec_requests r ON s.session_id = r.session_id

CROSS APPLY sys.dm_exec_sql_text(r.sql_handle) t;

MORE ... 

SQL Scripts

 https://github.com/CloudDBM/mentor

BlueTeam-Tools

https://github.com/A-poc/BlueTeam-Tools

Tool List

Blue Team Tips 4 tips

• Payload extraction with Process Hacker @embee_research
• Prevent Script Execution via Double Click Default Application GPO Change
• Detect Cryptojacking Malware with Proxy Logs Dave Mckay
• Remove null bytes in CyberChef malware analysis @Securityinbits

Network Discovery and Mapping 6 tools

• Nmap Network scanner
• Nuclei Vulnerability scanner
• Masscan Fast network scanner
• Angry IP Scanner IP/port scanner
• ZMap Large network scanner
• Shodan Internet facing asset search engine

Vulnerability Management 4 tools

• OpenVAS Open-source vulnerability scanner
• Nessus Essentials Vulnerability scanner
• Nexpose Vulnerability management tool
• HackerOne Bug Bounty Management Platform

Security Monitoring 10 tools

• Sysmon System Monitor for Windows
• Kibana Data visualization and exploration
• Logstash Data collection and processing
• parsedmarc Email DMARC data visualisation
• Phishing Catcher Phishing catcher using Certstream
• maltrail Malicious traffic detection system
• AutorunsToWinEventLog Windows AutoRuns Event Parser
• procfilter YARA-integrated process denial framework
• velociraptor Endpoint visibility and collection tool
• SysmonSearch Sysmon event log visualisation

Threat Tools and Techniques 11 tools

• lolbas-project.github.io Living Off The Land Windows Binaries
• gtfobins.github.io Living Off The Land Linux Binaries
• filesec.io Attacker file extensions
• KQL Search KQL query aggregator
• Unprotect Project Malware evasion techniques knowledge base
• chainsaw Fast Windows Forensic Artefacts Searcher
• freq Domain generation algorithm malware detection
• yarGen YARA rule generator
• EmailAnalyzer Suspicious emails analyser
• VCG Code security scanning tool
• CyberChef GCHQ online data manipulation platform

Threat Intelligence 4 tools

• Maltego Threat Intelligence Platform
• MISP Malware Information Sharing Platform
• ThreatConnect Threat data aggregation
• Adversary Emulation Library An open library of adversary emulation plans

Incident Response Planning 5 tools

• NIST Cybersecurity Framework
• Incident Response Plan Framework for incident response
• Ransomware Response Plan Framework for ransomware response
• Incident Response Reference Guide Incident preparation guidance paper
• Awesome Incident Response List of tools for incident response

Malware Detection and Analysis 11 tools

• VirusTotal Malicious IOC Sharing Platform
• IDA Malware disassembler and debugger
• Ghidra Malware reverse engineering tool
• decode-vbe Encoded VBE script decoder
• pafish Virtual machine sandbox detector
• lookyloo Phishing domain mapping
• YARA Malware identification via pattern matching
• Cuckoo Sandbox Malware analysis sandbox
• Radare2 Reverse engineering framework
• dnSpy .NET debugger and assembly editor
• malware-traffic-analysis.net Malware and packet capture samples

Data Recovery 3 tools

• Recuva File recovery
• Extundelete Ext3 or ext4 partition recovery
• TestDisk Data Recovery

Digital Forensics 3 tools

• SANS SIFT Forensic toolkit
• The Sleuth Kit Disk images analysis tools
• Autopsy Digital forensics platform

Security Awareness Training 4 tools

• TryHackMe Cyber security challenges platform
• HackTheBox Cyber security challenges platform
• CyberDefenders Blue team cyber security challenges platform
• PhishMe Phishing training

Communication and Collaboration 2 tools

• Twitter Cyber Security Accounts
• Facebook TheatExchange Malicious indicators sharing platform

Blue Team Tips

Learn from Blue Teamers with a collection of Blue Teaming Tips. These tips cover a range of tactics, tools, and methodologies to improve your blue teaming abilities.

🔙Payload extraction with Process Hacker

Description: 'Malware Analysis Tip - Use Process Hacker to watch for suspicious .NET assemblies in newly spawned processes. Combined with DnSpy - it's possible to locate and extract malicious payloads without needing to manually de-obfuscate.'

Credit: @embee_research