Blue team - SOC practice lab

gunmr · June 2020

Hi,

Is there any certification or environment for practicing blue team skills?

stryder144 · June 2020

If you have the know how and a suitable computer, you can use Splunk to monitor VMs and use a book like 30Bird's CySA+ book/VM labs to build your skillset.

UnixGuy · June 2020

eLearnSecurity have a incident handling and DFIR certs that are lab based

Nyblizzard · June 2020

https://securityblue.team/

This is what you're looking for. They just recently launched their first certification.

LonerVamp · June 2020

There are two different types of blue teams, imo. The one where you live in a SOC and you want infosec knowledge. These can be CompTia's CySA+ or maybe something from SANS/GIAC. For labs, Security Onion is a place you could start. That said, I think all of the blue type stuff are self-hosted, rather than something you can log into and play around with.

If you're new to infosec, there's always the Security+ -> SSCP/CISSP track to follow, too.

And the rest are people who secure systems/design security, and often any cert you can think of that goes over how to build/operate a technology is going to be worthwhile. You want to secure Azure or AWS? Yes, there are security tracks, but you also need to know how to build/operate Azure and AWS.

triplea · June 2020

sign up for the Splunk fundamentals 1 - its free and fun to complete and you get a completion cert at the end. You can then pay for CORE user if you want to go further.

gunmr · October 2020

Thanks all advices. I found these, look cool

https://www.dfir.training/
https://letsdefend.io

Blue team - SOC practice lab

Comments