SecurityBlueTeam Blue Team Level

/1. Introduction to BTL1/

1. Boring Legal Stuff.pdf

2. Course Overview.pdf

3. Navigating The Course.mp4

3. Navigating The Course.pdf

5. Credits & Special Mentions.pdf

6. Lab and Forum Access.pdf

/.../1. Intro To Security Fundamentals/

1. Introduction to Security Fundamentals.pdf

2. Blue Team Rules.pdf

2. Blue Team Rules.txt

/2. Soft Skills/

2. Section Introduction, Soft Skills.pdf

3. Communication.pdf

3. Communication.txt

4. Teamwork.pdf

4. Teamwork.txt

5. Problem Solving.pdf

5. Problem Solving.txt

6. Time Management.pdf

6. Time Management.txt

7. Motivation.pdf

8. Burnout, Imposter Syndrome, Alert Fatigue.pdf

8. Burnout, Imposter Syndrome, Alert Fatigue.txt

/3. Security Controls/

10. Physical Security.pdf

11. Network Security.pdf

12. Endpoint Security.pdf

13. Email Security.pdf

14. Activity) End of Section Review, Security Controls.pdf

9. Section Introduction, Security Controls.pdf

/4. Networking 101/

15. Section Introduction, Networking 101.pdf

16. Network Fundamentals.pdf

16. Network Fundamentals.txt

17. The OSI Model.pdf

18. Network Devices.pdf

19. Network Tools.pdf

19. Network Tools.txt

20. Ports and Services.pdf

20. Ports and Services.txt

21. Activity) End of Section Review, Management Principles.pdf

/5. Management Principles/

1. Section Introduction, Management Principles.pdf

2. Risk.pdf

3. Policies and Procedures.pdf

4. Compliance & Frameworks 1.pdf

4. Compliance & Frameworks.pdf

5. Activity) End of Section Review, Management Principles.pdf

/.../1. Intro to Email and Phishing/

1. Section Introduction, Emails and Phishing.pdf

2. How Electronic Mail Works.pdf

3. Anatomy of an Email.gif

3. Anatomy of an Email.pdf

4. What is Phishing.pdf

5. Impact of Phishing.pdf

5. Impact of Phishing.txt

6. Further Reading Material, Phishing Analysis.pdf

7. Phishing Analysis Glossary.pdf

7. Phishing-Analysis-Glossary.pdf

8. Activity) End of Section Review, Emails and Phishing.pdf

/.../2. Types of Phishing Emails/

1. Section Introduction, Phishing Emails.pdf

10. Email Types.mp4

10. [Video] Types of Phishing Attacks & Examples.pdf

11. Lab) Categorizing Phishing Emails.pdf

12. Activity) End of Section Review, Phishing Emails.pdf

2. Reconnaissance.pdf

3. Spam.pdf

4. False Positives.pdf

5. Credential Harvester.pdf

6. Social Engineering.pdf

6. Social Engineering.txt

7. Vishing, Smishing.pdf

7. Vishing, Smishing.txt

8. Whaling.pdf

9. Malicious Files.pdf

9. Malicious Files.txt

/.../3. Tactics and Techniques Used/

1. Section Introduction, Tactics and Techniques.pdf

10. Use of Legitimate Services.pdf

11. Business Email Compromise.pdf

12. Tactics and Techniques & Examples.mp4

12. Tactics and Techniques & Examples.pdf

13. Activity) Reporting on Tactics Used.pdf

14. Activity) End of Section Review, Tactics and Techniques.pdf

2. Spear Phishing.pdf

3. Impersonation.pdf

4. Typosquatting and Homographs.pdf

4. Typosquatting and Homographs.txt

5. Sender Spoofing.pdf

6. HTML Styling.pdf

7. Attachments.pdf

8. Hyperlinks.pdf

9. URL-Shortening Services.pdf

/.../4. Investigating a Phishing Email/

1. Section Introduction, Investigating Emails.pdf

10. Activity) End of Section Review, Investigating Emails.pdf

2. Artifacts We Need to Collect.pdf

2. Artifacts We Need to Collect.txt

3. Hello.zip

3. Manual Collection Techniques – Email Artifacts.pdf

3. Manual Collection Techniques – Email Artifacts.txt

4. Manual Collection Techniques – Web Artifacts.pdf

5. Manual Collection Techniques – File Artifacts.pdf

5. Manual Collection Techniques – File Artifacts.txt

6. Collecting Artifacts – Manual Methods.mp4

6. Collecting Artifacts – Manual Methods.pdf

7. Automated Collection With PhishTool.pdf

8. Collecting Artifacts – Automated Methods.mp4

8. Collecting Artifacts – Automated Methods.pdf

9. Lab) Manual Artifact Extraction.pdf

/.../5. Analysing URLs, Attachments, and Artifacts/

1. Section Introduction, Analysing Artifacts.pdf

2. Visualization Tools.pdf

3. URL Reputation Tools.pdf

4. File Reputation Tools.pdf

5. Malware Sandboxing.pdf

5. Malware Sandboxing.txt

6. Manual Artifact Analysis.mp4

6. Manual Artifact Analysis.pdf

6. Manual Artifact Analysis.txt

7. Artifact Analysis With PhishTool.pdf

8. Artifact Analysis with PhishTool.mp4

8. Artifact Analysis with PhishTool.pdf

9. Activity) End of Section Review, Analysing Artifacts.pdf

/.../6. Taking Defensive Actions/

1. Section Introduction, Defensive Measures.pdf

10. Reactive Measures Blocking File-Based Artifacts.pdf

11. Reactive Measures Informing Threat Intelligence Team.pdf

12. Activity) End of Section Review, Defensive Measures.pdf

2. Preventative Measures Marking External Emails.pdf

3. Preventative Measures Spam Filter.pdf

4. Preventative Measures Attachment Filtering.pdf

5. Preventative Measures Attachment Sandboxing.pdf

6. Preventative Measures Security Awareness Training.pdf

6. Preventative Measures Security Awareness Training.txt

7. Reactive Measures Immediate Response Process.pdf

8. Reactive Measures Blocking Email-Based Artifacts.pdf

9. Reactive Measures Blocking Web-Based Artifacts.pdf

/7. Report Writing/

1. Section Introduction, Report Writing.pdf

2. Email Header, Artifacts, and Body Content.pdf

3. Analysis Process, Tools, and Results.pdf

3. Analysis Process, Tools, and Results.txt

4. Defensive Measures Taken.pdf

4. Defensive Measures Taken.txt

5. Artifact Sanitization.pdf

6. Activity) Report Writing Exercise.pdf

6. BTL1_Report_Writing_Exercise.zip

7. Activity Cont.) Report Writing Exercise Answers.pdf

8. Activity) End of Section Review, Report Writing.pdf

/.../8. Phishing Response Challenge/

1. Section Introduction, Phishing Response.pdf

2. Phishing Response Walkthrough.mp4

2. Phishing Response Walkthrough.pdf

3. BTL1_Phishing_Response_Challenge-2.zip

3. BTL1_Phishing_Response_Template.txt

3. Phishing Response Brief.pdf

4. Phishing Response Challenge.pdf

/.../1. Introduction to Threat Intelligence/

2. Threat Intelligence Explained.pdf

2. Threat Intelligence Explained.txt

3. Why Threat Intelligence can be Valuable.pdf

4. Types of Intelligence.pdf

5. The Future of Threat Intelligence.pdf

5. The Future of Threat Intelligence.txt

6. Further Reading, Threat Intelligence.pdf

6. Further Reading, Threat Intelligence.txt

7. Threat Intelligence Glossary.pdf

7. Threat-Intelligence-Glossary-1.pdf

/.../2. Threat Actors & APTs/

1. Section Introduction, Actors.pdf

2. Common Threat Agents.pdf

2. Common Threat Agents.txt

3. Motivations.pdf

4. Actor Naming Conventions.pdf

4. Actor Naming Conventions.txt

5. What are APTs.pdf

5. What are APTs.txt

6. Tools, Techniques, Procedures.pdf

6. Tools, Techniques, Procedures.txt

7. Activity) Threat Actor Research.pdf

7. Activity) Threat Actor Research.txt

8. Activity) End of Section Review, Actors.pdf

/.../3. Operational Threat Intelligence/

1. Section Introduction, Operational Intelligence.pdf

2. Precursors Explained.pdf

2. Precursors Explained.txt

3. Indicators of Compromise Explained.pdf

3. Indicators of Compromise Explained.txt

4. MITRE ATT&CK Framework.pdf

4. MITRE ATT&CK Framework.txt

5. Lockheed Martin Cyber Kill Chain.pdf

6. Attribution and its Limitations.pdf

7. Pyramid of Pain.pdf

8. Activity) End of Section Review, Operational Intelligence.pdf

/.../4. Tactical Threat Intelligence/

1. Section Introduction, Tactical Intelligence.pdf

2. Threat Exposure Checks Explained.pdf

3. WatchlistsIOC Monitoring.pdf

4. Public Exposure Checks Explained.pdf

4. Public Exposure Checks Explained.txt

5. Threat Intelligence Platforms.pdf

5. Threat Intelligence Platforms.txt

6. Malware Information Sharing Platform (MISP).pdf

6. Malware Information Sharing Platform (MISP).txt

7. Activity) Deploying MISP.mp4

7. Activity) Deploying MISP.pdf

7. Activity) Deploying MISP.txt

8. Activity) End of Section Review, Tactical Intelligence.pdf

/.../5. Strategic Threat Intelligence/

1. Section Introduction, Strategic Intelligence.pdf

2. Intelligence Sharing and Partnerships.pdf

3. IOCTTP Gathering and Distribution.pdf

3. IOCTTP Gathering and Distribution.txt

4. OSINT vs Paid-for Sources.pdf

4. OSINT vs Paid-for Sources.txt

5. Traffic Light Protocol (TLP).pdf

5. Traffic Light Protocol (TLP).txt

6. Activity) End of Section Review, Strategic Intelligence.pdf

/.../6. Malware and Global Campaigns/

1. Section Introduction, Global Campaigns.pdf

2. Types of Malware Used by Threat Actors.pdf

3. Global Campaign Trickbot.pdf

4. Global Campaign Sodinokibi.pdf

5. Global Campaign Sodinokibi.pdf

5. Global Campaign Sodinokibi.txt

6. Global Campaign Emotet.pdf

6. Global Campaign Emotet.txt

7. Activity) End of Section Review, Global Campaigns.pdf

/.../1. Introduction to Digital Forensics/

1. Section Introduction, Digital Forensics.pdf

2. What is Digital Forensics.pdf

3. Digital Forensics Process.pdf

4. Further Reading Material, Digital Forensics.pdf

4. Further Reading Material, Digital Forensics.txt

5. Digital Forensics Glossary.pdf

5. Digital-Forensics-Glossary.pdf

/2. Forensics Fundamentals/

1. Section Introduction, Forensics Fundamentals.pdf

10. Metadata and File Carving.pdf

11. Lab) Metadata and File Carving.pdf

12. Memory, Pagefile and Hibernation File.pdf

13. Hashing and Integrity.pdf

14. Lab) Hashing and Integrity.pdf

15. Activity) End of Section Review, Forensics Fundamentals.pdf

2. Introduction to Data Representation.mp4

2. Introduction to Data Representation.pdf

2. Introduction to Data Representation.txt

3. Activity) Data Representation.pdf

4. Hard Disk Drive Basics.pdf

5. SSD Drive Basics.pdf

6. File Systems.pdf

7. Lab) File Systems.pdf

8. Digital Evidence and Handling.pdf

9. Order of Volatility.pdf

/.../3. Digital Evidence Collection/

1. Section Introduction, Evidence Collection.pdf

2. Equipment.pdf

3. ACPO Principles of Digital Evidence Collection & Preservation.pdf

3. ACPO Principles of Digital Evidence Collection & Preservation.txt

4. Chain of Custody.pdf

5. Chain of Custody.pdf

5. Chain of Custody.txt

6. Live Forensics.pdf

7. Live Acquisition KAPE.pdf

7. Live Acquisition KAPE.txt

8. Evidence Destruction.pdf

8. Evidence Destruction.txt

9. Activity) End of Section Review, Evidence Collection.pdf

/4. Windows Investigations/

1. Section Introduction, Windows Investigations.pdf

2. Windows Artifacts – Programs [Video 1].mp4

2. Windows Artifacts – Programs [Video 2].mp4

2. Windows Artifacts – Programs.pdf

2. Windows Artifacts – Programs.txt

3. 2. Windows Artifacts – Programs [Video 3].mp4

3. Lab) Windows Investigation 1.pdf

4. Windows Artifacts – Internet Browsers.pdf

4. Windows Artifacts – Internet Browsers.txt

5. Lab) Windows Investigation 2.pdf

6. Activity) End of Section Review, Windows Investigations.pdf

/5. Linux Investigations/

1. Section Introduction, Linux Investigations.pdf

2. Linux Artifacts – Passwd and Shadow.pdf

2. Linux Artifacts – Passwd and Shadow.txt

3. Activity) Password Cracking.pdf

3. BTL1_Password_Cracking_Activity-1.zip

4. Linux Artifacts – VarLib and VarLog.pdf

5. Linux Artifacts – User Files.pdf

5. Linux Artifacts – User Files.txt

6. Activity) End of Section Review, Linux Investigations.pdf

/6. Volatility/

1. Section Introduction, Volatility.pdf

2. What is Volatility.pdf

3. Volatility Walkthrough.pdf

4. Volatility Walkthrough.mp4

4. Volatility Walkthrough.txt

5. Lab) Memory Analysis Investigation.pdf

/7. Autopsy/

1. Section Introduction, Autopsy.pdf

2. What is Autopsy.pdf

3. Installing Autopsy.pdf

3. Installing Autopsy.txt

4. Autopsy Walkthrough.pdf

4. Autopsy Walkthrough.txt

5. Lab) Autopsy For Disk Analysis.pdf

/.../1. Introduction to SIEM/

1. Section Introduction, SIEM.pdf

2. Security Information Management (SIM).pdf

3. Security Event Management (SEM).pdf

4. What is a SIEM.pdf

5. SIEM Platforms.pdf

5. SIEM Platforms.txt

6. Further Reading Material, SIEM.pdf

6. Further Reading Material, SIEM.txt

7. SIEM Glossary.pdf

7. SIEM-Glossary.pdf

8. Activity) End of Section Review, SIEM.pdf

/2. Logging/

1. Section Introduction, Logging.pdf

2. What is Logging.pdf

3. Syslog.pdf

4. Windows Event Logs.pdf

4. Windows Event Logs.txt

5. Lab) Event Log Analysis.pdf

6. Sysmon.pdf

6. Sysmon.txt

7. Other Logs.pdf

7. Other Logs.txt

8. Activity) End of Section Review, Logging.pdf

/3. Aggregation/

1. Section Introduction, Aggregation.pdf

2. Log Aggregation Explained.pdf

3. Activity) End of Section Review, Aggregation.pdf

/4. Correlation/

1. Section Introduction, Correlation.pdf

2. Normalization and Processing.pdf

3. SIEM Rules.pdf

3. SIEM Rules.txt

4. Sigma Rules.pdf

4. Sigma Rules.txt

5. Regex.pdf

5. Regex.txt

6. Activity) Writing Sigma Rules.pdf

6. Activity) Writing Sigma Rules.txt

7. Activity) End of Section Review, Correlation.pdf

/5. Using Splunk/

1. Section Introduction, Splunk.pdf

2. Splunk Crash Course – Navigating Splunk.pdf

3. Splunk Crash Course – Search Queries.pdf

3. Splunk Crash Course – Search Queries.txt

4. Splunk Crash Course – Creating Alerts.pdf

5. Splunk Crash Course – Creating Dashboards.pdf

6. Splunk Investigation 1.pdf

7. Splunk Investigation 2.pdf

/.../1. Introduction to Incident Response/

1. Section Introduction, Incident Response.pdf

1. Section Introduction, Incident Response.txt

2. What is Incident Response.pdf

3. Why is Incident Response Needed.pdf

3. Why is Incident Response Needed.txt

4. Security Events vs Security Incidents.pdf

5. Incident Response Lifecycle (NIST SP 800 61r2).pdf

5. Incident Response Lifecycle (NIST SP 800 61r2).txt

6. CSIRT and CERT Explained.pdf

7. Further Reading Material, Incident Response.pdf

7. Further Reading Material, Incident Response.txt

8. Incident Response Glossary.pdf

8. Incident-Response-Glossary.pdf

9. Activity) End of Section Review, Incident Response.pdf

/2. Preparation Phase/

1. Section Introduction, Preparation.pdf

10. Prevention Physical Defenses.pdf

11. Prevention Human Defenses.pdf

11. Prevention Human Defenses.txt

12. Activity) End of Section Review, Preparation.pdf

2. Preparation Incident Response Plan.pdf

2. Preparation Incident Response Plan.txt

3. Preparation Incident Response Teams.pdf

4. Preparation Assest Inventory and Risk Assessments.pdf

4. Preparation Assest Inventory and Risk Assessments.txt

5. Prevention DMZ.pdf

5. Prevention DMZ.txt

6. Prevention Host Defenses.pdf

7. Prevention Network Defenses.pdf

7. Prevention Network Defenses.txt

8. Legacy Activity) Setting up a Firewall.pdf

9. Prevention Email Defenses.pdf

/.../3. Detection and Analysis Phase/

1. Section Introduction, Detection & Analysis.pdf

10. Lab) CMD and PowerShell.pdf

11. Activity) End of Section Review, Detection & Analysis.pdf

2. Common Events & Incidents.pdf

2. Common Events & Incidents.txt

3. Using Baselines & Behavior Profiles.pdf

4. Introduction to Wireshark (GUI).pdf

5. Introduction to Wireshark (Analysis).pdf

6. Lab) Network Traffic Analysis.pdf

7. YARA Rules For Detection.pdf

7. YARA Rules For Detection.txt

8. BTL1_Hunting_With_YARA.zip

8. Legacy Activity) Threat Hunting With YARA.pdf

9. CMD and PowerShell For Incident Response.pdf

/.../4. Containment, Eradication, and Recovery Phase/

1. Section Introduction, CER.pdf

2. Incident Containment.pdf

3. Taking Forensics Images.pdf

4. Identifying and Removing Malicious Artifacts.pdf

4. Identifying and Removing Malicious Artifacts.txt

5. Identifying Root Cause and Recovery.pdf

6. Activity) End of Section Review, CER.pdf

/.../5. Lessons Learned and Reporting/

1. Section Introduction, Lessons Learned and Reporting.pdf

2. What Went Well.pdf

3. What Can be Improved.pdf

4. Importance of Documentation.pdf

4. Importance of Documentation.txt

5. Incident Response Metrics.pdf

6. Reporting Format.pdf

6. Reporting Format.txt

7. Reporting Considerations.pdf

7. Reporting Considerations.txt

/.../6. MITRE ATT&CK/

1. Section Introduction, ATT&CK.pdf

1. Section Introduction, ATT&CK.txt

10. Collection.pdf

10. Collection.txt

11. Command and Control.pdf

11. Command and Control.txt

12. Exfiltration.pdf

12. Exfiltration.txt

13. Impact.pdf

13. Impact.txt

14. Activity) ATT&CK Navigator.pdf

14. Activity) ATT&CK Navigator.txt

15. Activity) End of Section Review, ATT&CK.pdf

2. Initial Access.pdf

2. Initial Access.txt

3. Execution.pdf

3. Execution.txt

4. Persistence.pdf

4. Persistence.txt

5. Privilege Escalation.pdf

5. Privilege Escalation.txt

6. Defense Evasion.pdf

6. Defense Evasion.txt

7. Credential Access.pdf

7. Credential Access.txt

8. Discovery.pdf

8. Discovery.txt

9. Lateral Movement.pdf

9. Lateral Movement.txt

/8. Exam/

1. Exam Preparation.pdf

2. Using RDP and SSH.pdf

3. How to Start Your Exam.pdf

Total files 419