Blue Team Training Toolkit

Blue Team Training Toolkit (BT3) is software for defensive security training, which will bring your network analysis training sessions, incident response drills and red team engagements to a new level. The toolkit allows you to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk.

The Most Important Features

  • Adversary Replication and Malware Simulation
    BT3 includes the latest version of Encripto’s Maligno. This module is designed with a client-server architecture, and it allows you to simulate malware infections or targeted attacks with specific C&C communications in a safe manner.

    BT3 is also shipped with multiple malware indicator profiles that ensure a “plug & play” experience, when planning and preparing a training session, incident response drill or red team engagement. 


  • Network Traffic Manipulation and Replay
    BT3 includes Encripto’s Pcapteller, a module designed for traffic manipulation and replay. Pcapteller can customize and replay network traffic stored in PCAP files. This allows you not only to re-create scenarios where computer attacks or malware infections occurred, but also make it look like everything is really happening in your own network.


  • Malware Sample Simulation
    BT3 includes Encripto’s Mocksum, which provides access to a collection of files that mimic malware samples via MD5 hash collisions. The files downloaded via Mocksum allow you to simulate and plant realistic artifacts, without the risk of handling real malware. 

    In a nutshell, these artifacts are harmless files that produce the same MD5 checksum as real malicious files. In many cases, the harmless artifacts also get detected by anti-virus software.


  • Training Content Library
    By creating a free BT3 subscription account, you get access to the training content library. From here, you can download both free and premium training content ready for use with the Blue Team Training Toolkit. The library includes realistic network traffic related to a wide range of attacks, mock malware samples with hash collisions, as well as malware indicator profiles. Get the training content you need right at your fingertips!

    The training content library will save you preparation, testing and research time. Everything can be downloaded directly from the Blue Team Training Toolkit. Premium training content requires a BT3 subscription account and pre-paid credits.


  • Powerful Resource for Red Teams
    BT3 modules can assist with the production of network indicators, or decoys during a red team engagement. Let us consider advanced security assessments that result in access to the target’s internal network. In environments with tight network countermeasures and a (proactive) blue team in place, red teams must measure their movements across the target network, in order to fly under the radar.

    Occasionally, red teams may perform actions in the network that could draw a blue team’s attention. By using BT3 in combination with VPN pivoting, red teams can create a network diversion. In other words, they can make a blue team see ghosts, letting their red team hide in plain sight.


  • Ease of Use and Flat Learning Curve
    To ensure usability from the first moment, BT3 uses an interactive command-line interface inspired by Rapid7’s Metasploit Framework (MSF). This means that learning how to use BT3 should take a minimum effort, and you will be able to focus on your training session, rather than figuring out how to use a new tool.