Blue Team - Labs and Study Recommendations

We all know that learning how to be an amazing blue team professional can be a little hard. There are tons of red team labs but if you know where to look they do have good Blue Team labs too! In this topic I want to start gathering different tools and learning opportunities to become a great blue teamer!

For full transparency:


Always run these labs in an isolated virtual machine that has no connection to the internet as a minimum safety precaution.

Basic NDR challenges

At the root of many detection opportunities is network detection and response (NDR). By using Wireshark and PCAPs with samples, you can learn how to investigate malicious behaviour.

Malware Traffic Analysis

The website is a good starting point to learn and understand threats on the network. Be aware, some samples contain live malware; do take precautions.

SIEM Challenges

You’ll want to start to learn the free content for Splunk:

SIEM Case Investigation:
2) - Splunk’s Boss of the SOC v1
3) - Splunk’s Boss of the SOC v2
4) - Splunk’s Boss of the SOC v3
5) - GittheGate - Kibana/ELK SIEM

Paid resources is a reliable blue-team focused range similar to TryHackMe and does have certification options. It’s good to get your skills up at about 15 pounds / 20 USD a month.

TryHackMe | Cyber Defense Training has a great starting course for cybersecurity enthusiasts. It gives you the basics of multiple analysis methods and helps lay a basis for future growth!

Useful Tools is an open-source search and analytics tool for network visibility, troubleshooting and security. It is similar to Wireshark in many respects, but unique in its approach on PCAP data.