We all know that learning how to be an amazing blue team professional can be a little hard. There are tons of red team labs but if you know where to look they do have good Blue Team labs too! In this topic I want to start gathering different tools and learning opportunities to become a great blue teamer!
For full transparency:
Always run these labs in an isolated virtual machine that has no connection to the internet as a minimum safety precaution.
At the root of many detection opportunities is network detection and response (NDR). By using Wireshark and PCAPs with samples, you can learn how to investigate malicious behaviour.
Malware Traffic Analysis
The website https://malware-traffic-analysis.net/ is a good starting point to learn and understand threats on the network. Be aware, some samples contain live malware; do take precautions.
You’ll want to start to learn the free content for Splunk: https://www.splunk.com/en_us/training/free-courses/splunk-fundamentals-1.html
SIEM Case Investigation:
2) https://cyberdefenders.org/labs/15 - Splunk’s Boss of the SOC v1
3) https://cyberdefenders.org/labs/16 - Splunk’s Boss of the SOC v2
4) https://cyberdefenders.org/labs/8 - Splunk’s Boss of the SOC v3
5) https://cyberdefenders.org/labs/40 - GittheGate - Kibana/ELK SIEM
https://blueteamlabs.online/ is a reliable blue-team focused range similar to TryHackMe and does have certification options. It’s good to get your skills up at about 15 pounds / 20 USD a month.
TryHackMe | Cyber Defense Training has a great starting course for cybersecurity enthusiasts. It gives you the basics of multiple analysis methods and helps lay a basis for future growth!
https://www.brimsecurity.com/ is an open-source search and analytics tool for network visibility, troubleshooting and security. It is similar to Wireshark in many respects, but unique in its approach on PCAP data.