[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-45529-en":3,"doc-seo-45529-105":30,"detail-sidebar-cat-0-en-105":95},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":21,"is_downloadable":21,"audit_status":21,"page_count":22,"language":23,"language_code":24,"site_id":25,"html_lang":24,"table_of_contents":26,"faqs":27,"seo_title":13,"seo_description":14,"update_tm":28,"read_time":29},45529,16904993612988,"Olivia Brown","https://ap-avatar.wpscdn.com/davatar_a8503ba1806abce46bf441b54a3ca4cd",6,"Technology","BTFM Blue Team Field Manual","BTFM Blue Team Field Manual by Alan White and Ben Clark is a cybersecurity operational guide aligned with the NIST Cybersecurity Framework. It focuses on blue-team activities for preparation, documentation review, identification and scope setting, and protective defense actions. The manual outlines practical command-line syntax considerations and organizes field workflows such as scanning, vulnerability assessment, network discovery, user activity review, hashing, and password-related checks across Windows and Linux environments.","BTFM  \nBlue Team Field Manual  \nALAN WHITE  \nBEN (LARK  \nVersion 1  \nHacked to PDF by: 0E800  \n(2/13/2017)  \nBTFM. Copyright © 2017 by Alan White and Ben Clark  \nAll rights reserved. No part of this work reproduced or transmitted in any form or means, without prior written permission copyright owner.  \nISBN-13: 978-1541016361  \nISBN-10: 154101636X  \nTechnical Editor: Matt Hulse  \nmay be by any of the  \nProduct and company names mentioned herein may bethe trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, the author uses the names only in an editorial fashion, with no intention of infringement of the trademark. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.  \nThe information in this book is distributed \"as is\". While every precaution was taken to ensure the accuracy of the material, the author assumes no responsibility or liability for errors or omissions, or for damages resulting from the use of the information contained herein.  \nPREFACE  \nBTFM Command-Line Syntax:  \nNotation  \nC:\\>  \nPS C:\\>>  \n\u003CIP ADDRESS>, \u003CPORT>,\u003CUSER>, \u003CPASSWORD>, etc.  \nspaces  \nDescription  \nGeneric Linux/*nux shell  \nprompt, sudo may also be used with $  \nWindows Prompt, may require Administrator CMD prompt  \nWindows PowerShell  \nGeneric prompt, multi OS  \nRequires user determined  \ninput and remove \u003C> brackets  \nCaution use of copy/paste with dash/hyphens.  \nen/em/dash hyphenEnsure you  \n- -  \nI I  \ncheck  \nspaces  \nand no spaces in commands.  \nUpdates, Edits and Supplement Material:  \nRef. [http://www.blueteamfieldmanual.com](http://www.blueteamfieldmanual.com)  \nBTFM is based on the NIST Cybersecurity Framework:  \nRef. [http://www.nist.gov/cyberframework/](http://www.nist.gov/cyberframework/)  \nTABLE OF CONTENTS  \n0 PREPARATION (DOCUMENTATION REVIEW} ............................................................................8  \nKEY DOCUMENTS....................................................................•...................................•.................. 9  \nREVIEW ...................................................................................................................................... 9  \n1 IDENTIFY (SCOPE} .................................................................................................................. 10  \nSCANNING AND VULNERABILITIES............................................................................................... 11  \nNMAP ...................' ................................................................................................................... 11  \nNESSUS .................................................................................................................................... 11  \nOPENVAS ................................................................................................................................. 12  \nWINDOWS ................................................................................................................................... 14  \nNETWORK DISCOVERY............................................................................................................. 14  \nDHCP........................................................................................................................................ 14  \nDNS .......................................................................................................................................... 14  \n[HASHING.................................................................................................................................. ls](HASHING.................................................................................................................................. ls)  \n[NETBIOS..................................................................................................................................](NETBIOS...................................","cbCaigNHzSSuWyTn","https://ap.wps.com/l/cbCaigNHzSSuWyTn","pdf",5938017,2,1,144,"English","en",105,"# Preparation (Documentation Review)\n## Key Documents\n## Review\n# Identify (Scope)\n## Scanning and Vulnerabilities\n## Network Discovery\n## User Activity\n## Passwords\n# Protect (Defend)\n## Disable/Stop Services","[{\"question\":\"BTFM Blue Team Field Manual主要基于什么框架？\",\"answer\":\"BTFM基于NIST Cybersecurity Framework进行组织与指导。它将蓝队活动映射到准备、识别与防护等阶段。\"},{\"question\":\"手册在命令行使用上有哪些注意事项？\",\"answer\":\"文档给出了命令行语法与提示符示例，并强调在复制/粘贴命令时要谨慎，尤其是与破折号/连字符相关的情况。\"},{\"question\":\"“Identify（Scope）”阶段包含哪些核心内容？\",\"answer\":\"该阶段涵盖扫描与漏洞相关内容（如NMAP、Nessus、OpenVAS），以及网络发现、用户活动、密码检查等，并覆盖Windows与Linux。\"},{\"question\":\"手册如何组织“Protect（Defend）”章节的防护方向？\",\"answer\":\"“Protect（Defend）”以防护措施为主线组织，文中在章节目录中列出针对Windows的防护主题，例如禁用/停止服务等。\"}]",1783460988,363,{"code":4,"msg":31,"data":32},"ok",{"site_id":25,"language":24,"slug":33,"title":13,"keywords":34,"description":14,"schema_data":35,"social_meta":90,"head_meta":92,"extra_data":94,"updated_unix":28},"btfm-blue-team-field-manual","",{"@graph":36,"@context":89},[37,53,68],{"@type":38,"itemListElement":39},"BreadcrumbList",[40,44,47,50],{"item":41,"name":42,"@type":43,"position":21},"https://docshare.wps.com","Home","ListItem",{"item":45,"name":46,"@type":43,"position":20},"https://docshare.wps.com/document/","Document",{"item":48,"name":12,"@type":43,"position":49},"https://docshare.wps.com/document/technology/",3,{"item":51,"name":13,"@type":43,"position":52},"https://docshare.wps.com/document/btfm-blue-team-field-manual/45529/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":24,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":41,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-12","2026-07-07",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81,85],{"name":72,"@type":73,"acceptedAnswer":74},"BTFM Blue Team Field Manual主要基于什么框架？","Question",{"text":75,"@type":76},"BTFM基于NIST Cybersecurity Framework进行组织与指导。它将蓝队活动映射到准备、识别与防护等阶段。","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"手册在命令行使用上有哪些注意事项？",{"text":80,"@type":76},"文档给出了命令行语法与提示符示例，并强调在复制/粘贴命令时要谨慎，尤其是与破折号/连字符相关的情况。",{"name":82,"@type":73,"acceptedAnswer":83},"“Identify（Scope）”阶段包含哪些核心内容？",{"text":84,"@type":76},"该阶段涵盖扫描与漏洞相关内容（如NMAP、Nessus、OpenVAS），以及网络发现、用户活动、密码检查等，并覆盖Windows与Linux。",{"name":86,"@type":73,"acceptedAnswer":87},"手册如何组织“Protect（Defend）”章节的防护方向？",{"text":88,"@type":76},"“Protect（Defend）”以防护措施为主线组织，文中在章节目录中列出针对Windows的防护主题，例如禁用/停止服务等。","https://schema.org",{"og:url":51,"og:type":91,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":93,"canonical":51},"index,follow",{"doc_id":7,"site_id":25},{"code":4,"msg":5,"data":96},[97,101,105,109,114,117,122,127,132,135,139],{"id":21,"doc_module":4,"doc_module_name":46,"category_name":98,"show_sort_weight":99,"slug":100},"Story & Novel",90,"story-novel",{"id":20,"doc_module":4,"doc_module_name":46,"category_name":102,"show_sort_weight":103,"slug":104},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":46,"category_name":106,"show_sort_weight":107,"slug":108},"Exam",70,"exam",{"id":110,"doc_module":4,"doc_module_name":46,"category_name":111,"show_sort_weight":112,"slug":113},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":46,"category_name":12,"show_sort_weight":115,"slug":116},50,"technology",{"id":118,"doc_module":4,"doc_module_name":46,"category_name":119,"show_sort_weight":120,"slug":121},7,"Healthcare",40,"healthcare",{"id":123,"doc_module":4,"doc_module_name":46,"category_name":124,"show_sort_weight":125,"slug":126},8,"Research & Report",30,"research-report",{"id":128,"doc_module":4,"doc_module_name":46,"category_name":129,"show_sort_weight":130,"slug":131},9,"Religion & Spirituality",20,"religion-spirituality",{"id":130,"doc_module":4,"doc_module_name":46,"category_name":133,"show_sort_weight":130,"slug":134},"World Cup","world-cup",{"id":136,"doc_module":4,"doc_module_name":46,"category_name":137,"show_sort_weight":136,"slug":138},10,"Lifestyle","lifestyle",{"id":140,"doc_module":4,"doc_module_name":46,"category_name":141,"show_sort_weight":110,"slug":142},19,"General","general"]