Blue team - SOC practice lab

Hi,

Is there any certification or environment for practicing blue team skills?

Find more posts tagged with

Comments

If you have the know how and a suitable computer, you can use Splunk to monitor VMs and use a book like 30Bird's CySA+ book/VM labs to build your skillset.

UnixGuy

eLearnSecurity have a incident handling and DFIR certs that are lab based

Nyblizzard

https://securityblue.team/

This is what you're looking for. They just recently launched their first certification.

LonerVamp

There are two different types of blue teams, imo. The one where you live in a SOC and you want infosec knowledge. These can be CompTia's CySA+ or maybe something from SANS/GIAC. For labs, Security Onion is a place you could start. That said, I think all of the blue type stuff are self-hosted, rather than something you can log into and play around with.

If you're new to infosec, there's always the Security+ -> SSCP/CISSP track to follow, too.

And the rest are people who secure systems/design security, and often any cert you can think of that goes over how to build/operate a technology is going to be worthwhile. You want to secure Azure or AWS? Yes, there are security tracks, but you also need to know how to build/operate Azure and AWS.

triplea

sign up for the Splunk fundamentals 1 - its free and fun to complete and you get a completion cert at the end. You can then pay for CORE user if you want to go further.

gunmr

Thanks all advices. I found these, look cool

https://www.dfir.training/
https://letsdefend.io