Book review - BTFM (Blue Team Field Manual)

Not as good as RTFM, and considerably more expensive too, exact same style of book though which is nice.
Some of the things in here are basic windows / Linux knowledge in my opinion, there's some reasonably ok stuff about registry values to check, if I was to check these as part of incident response I'd be there all day, it really needs to be scripted to be of real value, but in the books defense it's not there to teach you scripting, buy the book if your looking for some scripts to right but just need the pointers of things to check.

Chapter 1 Identify
To start the author kicks us into some nmap scanning, I'm unsure about my views on this - do we need another book that tells us how how to use nmap? Surely we know how to use nmap and we know to use it to Identify systems.

We end up just a few pages later covering some Windows network discovery using 'net view', service logging for DHCP / DNS

A visit through Active Directory thas got some good pointers - especially if you have a team with a stronger linux background than windows.

Next up the same sort of tour through linux (2 pages)

Chapter 2 - protect (defend)
Starts us of with (windows) listing & disabling services in, host firewalls, passwords, flushing dns, the host file, pac files, Application Restrictions & GPO (actually a good section to read over), Registry values (again some good quick reference how do I do that stuff here)
Followed up with a similar view of linux.

Chapter 3 Detect
A fairly handy guide through TCPDUMP & TSHARK, NETCAT, and some basic quick honepots, logging

Chapter 4 analysis, a bit "meh" in my opinion, some of this is where you really need to script it to get the value out of it and not overly critical to the flow

Chapter 5 Recover (remediate)
Applying patches, creating backups, stoping processes, I think the author could have covered more here like root kits hunting etc.

Chapter 6 Tactics (trips & tricks)
Personally in my view, pointless section

Chapter 7 Incident management
Author kicks of straight away with an incident response checklist, this is really handy as a lot of incident managements aren't trained properly when it comes to security incidents and do what they do best, try and treat it like a service outage. Some really good in-depth stuff in this chapter.

Chapter 8 is more of the technical side of chapter 7 so more for your wider security teams, iso's etc

Who should buy the book if you have guys on your blue team that are fresh to the industry or they "flap" and stop thinking on their feet. If your team is new to your organization and need some incident response type brief guides.

All in all, worth having in your arsenal but not overly "enlightening" but looking at the style of the book it's probably aimed more at getting you out of a sticky spot than there to be enlightening