Summary: Blue Team Field Manual

[ NOTE: These book summaries are designed as captures for what I’ve read, and aren’t necessarily great standalone resources for those who have not read the book. Their purpose is to ensure that I capture what I learn from any given text, so as to avoid realizing years later that I have no idea what it was about or how I benefited from it. ]


  • Starts with nmap, Nessus, and OpenVAS scanning for discovery
  • Like the network monitoring section, top talkers command is nice
  • Love the clear-text protocol password finder
  • Love the tshark stuff
  • Like the rkhunter mention
  • Love the sysinternals tools mention and checks
  • Typo on page 86 (stings instead of strings) That stings for me because I had typos in my book too
  • Love the identify malware section
  • Love the OS cheats / tricks section
  • Love the Snort section, esp detecting meterpreter
  • Love the incident management checklist

Lessons / Takeaways

  • It’s a reference book of helpful commands and resources
  • It got better as I got further into it and realized how important it’d be to parse it for useful commands as a defender

[ Find my other book summaries here. ]



  1. I left a five star review on Amazon.


I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.


Leave a Reply