Which blue team Labs do you know?
u1tras
Member Posts: 81 ■■■□□□□□□□
There are plenty of red teams virtual labs where attackers can sharpen their offensive skills. But what about blue teamers? Which blue team labs for sharpening defensive skills do you know (free is preferable)?
Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610
Comments
-
supasecuritybro Member Posts: 206 ■■■■□□□□□□There isn't a lot of labs for detection online but there are a few people who have built something for you to build.
https://github.com/clong/DetectionLab
There is also a great book called Wireshark for Security Professionals, that book has a lab that they reference as well.Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
Current Goal: CCSE
Continuous Education Plan: AWS-SAA, OSCP, CISM
Book/CBT/Study Material: Max Power -
Mooseboost Member Posts: 778 ■■■■□□□□□□I think one of the best ways to sharpen your blue team skills is to setup your own lab. There simply isn't a lot of blue team labs online. Best of both worlds is to setup a blue team VM (SecurityOnion or something similiar) and a vulnerable VM, then attack it. It doesn't have to be a VM from VulnHub or anything either. Want to see what an Apache Struts exploit looks like? Setup a vulnerable version and slam it, then go back and review on the blue team VM. What did you see? Could you identify the IOCs? Run exploits on boxes and try to do forensics.You'll improve your blue and red team skills and you will better understand the tools used by both.
-
u1tras Member Posts: 81 ■■■□□□□□□□Thanks a lot! Do you know any paid options?Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Blue team labs. . . could always download a handful of CIS benchmarks and start hardening away. There's probably a hundred of them you can download from CIS for free.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
u1tras Member Posts: 81 ■■■□□□□□□□I mean some interactive labs, where you can detect, respond, hunt for threats etc. Like SANS Netwars or ISACA CSX, but cheaper or free at all.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
tedjames Member Posts: 1,182 ■■■■■■■■□□I honestly have not heard of any labs like that, but you might find something among these sites:
https://www.checkmarx.com/2015/04/16/15-vulnerable-sites-to-legally-practice-your-hacking-skills/
https://www.checkmarx.com/2015/11/06/13-more-hacking-sites-to-legally-practice-your-infosec-skills/
-
u1tras Member Posts: 81 ■■■□□□□□□□tedjames, thanks for your links. Seems like both of them are about "offense informs defense" approach.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
tedjames Member Posts: 1,182 ■■■■■■■■□□tedjames, thanks for your links. Seems like both of them are about "offense informs defense" approach.
That's the way I see it. The best way to know and beat your enemy is to think like him. -
u1tras Member Posts: 81 ■■■□□□□□□□Very interesting cyberguy, thank you!Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
evopilot Member Posts: 16 ■□□□□□□□□□subscribed to this on the basis of your prep, i like what you have done so far, good luck buddy
-
u1tras Member Posts: 81 ■■■□□□□□□□So, what about Immersivelabs? Has anyone tried this? Seems like their Labs contain different blue team exercises (as it's stated on the website).Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
Danielm7 Member Posts: 2,310 ■■■■■■■■□□So, what about Immersivelabs? Has anyone tried this? Seems like their Labs contain different blue team exercises (as it's stated on the website).
-
u1tras Member Posts: 81 ■■■□□□□□□□Thank you Daniel! I've asked them about access and prices for individual infosec professional, not a student.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
u1tras Member Posts: 81 ■■■□□□□□□□And the answer from Immersive Labs: "Unfortunately we do not offer individual licenses."Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Blue team stuff is pretty hard to come by in the lab sphere. You could always monitor your own network and see whats rolling around there. Also, for some training with labs perhaps look at the following:
https://www.elearnsecurity.com/course/practical_network_defense/
https://www.elearnsecurity.com/course/threat_hunting_professional/
https://www.elearnsecurity.com/course/digital_forensics_professional/
Good luck!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
tedjames Member Posts: 1,182 ■■■■■■■■□□Set up a VM and then create another VM. Attack the first VM from the second (or vice versa) and practice both red and blue teaming at the same time.
-
JDMurray Admin Posts: 13,101 AdminSeeing as how a SIEM is a cornerstone in any non-trivial Blue Team, I sure would like an online lab featuring Spunk loaded with plenty of indexed data to practice searches, rule writing, and dashboard creation. I can download and use Splunk Free/Light, but getting sample data (syslog) filled with security issues to discover is the difficult bit.
-
u1tras Member Posts: 81 ■■■□□□□□□□JDMurray, you can use a special prepared "BOSS of the SOC" Datasets for Splunk, as cyberguy suggested earlier.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
u1tras Member Posts: 81 ■■■□□□□□□□There is a summary of all options we've collected for Blue Team Labs during this thread:
1. Chris Long Detection Lab (free).
2. Hand made Security Onion/Vulnhub lab (free).
3. Boss of the SOC Datasets with Splunk (free).
4. Traffic analysis exercises on Malware-Traffic-Analysis.net (free).
5. Cybrary Insider Pro labs (cheap)
6. SANS NetWars (Core Continuous/DFIR) (very expensive).
7. ISACA CSX Labs (expensive).
8. Immersive Labs (free if you have a .edu email).
9. eLearnSecurity Hera Labs (expensive).Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
JDMurray Admin Posts: 13,101 AdminJDMurray, you can use a special prepared "BOSS of the SOC" Datasets for Splunk, as cyberguy suggested earlier.
-
Kapital Member Posts: 33 ■■□□□□□□□□There is a summary of all options we've collected for Blue Team Labs during this thread:
1. Chris Long Detection Lab (free).
2. Hand made Security Onion/Vulnhub lab (free).
3. Boss of the SOC Datasets with Splunk (free).
4. SANS NetWars (Core Continuous/DFIR) (very expensive).
5. ISACA CSX Labs (expensive).
6. Immersive Labs (free if you have a .edu email).
7. eLearnSecurity Hera Labs (expensive). -
KAmes4545 Member Posts: 13 ■■■□□□□□□□If you're trying to be a soc analyst. I can't recommend enough Investigation Theory - by Chris Sanders https://www.networkdefense.io/home/ This course has great fundamentals of what a security analyst should be and how to get there, it's not all technical. An analyst should be able to read/interpret data, but also be able to communicate their finding. That's why I also recommend Visual Intelligence: Sharpen Your Perception, Change Your Life - by Amy Herman. This was also recommended in Chris's course and that book should be read by every analyst.
-
u1tras Member Posts: 81 ■■■□□□□□□□Thanks KAmes, very interesting resource!Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
SnotFunk Registered Users Posts: 4 ■□□□□□□□□□Why not setup you're own security onion lab, install a SIEM or use Kibana and then use tcpreplay and the pcaps from here:
Malware-Traffic-Analysis.net
Or if you just want to analyse pcaps, use wireshark. -
u1tras Member Posts: 81 ■■■□□□□□□□Why not setup you're own security onion lab, install a SIEM or use Kibana and then use tcpreplay and the pcaps from here:
Malware-Traffic-Analysis.net
Or if you just want to analyse pcaps, use wireshark.
Interesting resource with traffic analysis exercises! Added to the list.Certs: OSCP, eCTHP
2019 Goals:
eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610 -
SnotFunk Registered Users Posts: 4 ■□□□□□□□□□Here are some more as well as a link to using sec onion and tcpreplay
https://github.com/Security-Onion-Solutions/security-onion/wiki/Pcaps -
nicolettean Member Posts: 19 ■■■□□□□□□□Did anyone ever try any of these labs? If so, which ones?
Curious to try one but want to know if one is better than another.2018 Goals - AWS Certified Solutions Architect
Linkedin Profile : https://www.linkedin.com/in/andrew-nicolette-454721109/ -
tedjames Member Posts: 1,182 ■■■■■■■■□□nicolettean wrote: »Did anyone ever try any of these labs? If so, which ones?
Curious to try one but want to know if one is better than another.
I've used bWAPP a bit. It's great if you can actually get it to work. The buggy web app has some bugs...
Test Site is a good practice site as is Supercar Showdown - Supercar Showdown