I recently completed Security Blue Team’s “Blue Team Junior Analyst” pathway containing 6 entry-level courses/Intro courses in
– Digital Forensics
– Network Analysis
– Vulnerability Management
– Threat Hunting
– Darkweb Operations
– Open-Source Intelligence
Check out Security Blue Team’s website to get started with these courses.
Here’s my YouTube playlist covering a more in-depth review of my experience with each course.
An Introduction to Digital Forensics
This was the first course I completed on this path. This course covered the basics of Digital Forensic investigations and gave a very nice overview of the basics you need to get started.
The course starts with a brief tutorial of the Linux command line and how to navigate around then moves on to give a nice introduction to Steganography and then ends with a module on cracking passworded zip files.
The final challenge for this course was very interesting…in a good way. It cumulated all of the things I learned in the modules into an investigation into a hard drive. This challenge required a lot of attention to detail and a very meticulous approach to analyzing the hard drive for the pieces of evidence required to complete the challenge
This was quite fun to complete and I recommend it for anyone looking to get a nice welcome into the world of Digital Forensics.
An Introduction to Network Analysis
*Takes deep breath*…This is HANDS DOWN the best practical networking course I have ever taken. Undefeated. Undisputed. Un-whatever else. It starts with a Networking 101 module consisting of the basics of networking. Then this course takes you on a diving expenditure into analyzing PCAPs with Wireshark and tcpdump.
I mess around with Wireshark here and there on my own and even as a SOC Analyst but this one was different. The Wireshark module teaches you the ins and outs of Wireshark and then rounds it up with a Challenge where you’re required to prove your skills using the information you’ve learned.
I have never really liked the idea of analyzing packets using the CLI but this tcpdump module totally changed my perspective. It is amazing the number of things you can do with tcpdump on the command line. The tcpdump challenge really sharpened my analytical skills as well as my CLI skills. I had to google around for certain syntaxes but the learning experience from this is something that will stick with me.
The final course challenge was equally great and really brought together everything the course had covered. I think it is important to note that some understanding of networking and the CLI will help greatly with this course. However this course is an intro course and if you’re willing to put in the extra effort, you can definitely figure things out.
I am very pleased with this course. I might even go over it a couple more times if I have the time later on.
An Introduction to Vulnerability Management
This was a generally easier module and fun to complete. This module required you to create a small lab environment with Kali and Metasplotable 2 on the same network. After this, it works through some scanning techniques using different tools including Nessus and WPScan.
Each challenge either requires you to conduct your own scan or analyzing another scan. Although I’ve worked with the Qualys vulnerability scanner, this got me introduced to the world of Nessus and its amazing capabilities.
The final challenge was quite different from the last two challenges I did. This required launching a vulnerability scan and then creating a report (utilizing a provided template) showing certain vulnerabilities and how to fix them.
This was very smooth and quite easier than the Digital Forensics & Network Analysis course. I deliberately did this before the Threat Hunting course just to familiarize myself with some techniques (this is just my own intuition).
An Introduction to Threat Hunting
Threat Hunting is an area of Cybersecurity that I’ve always been interested in and this course gave me a very good introduction to it. This course took me longer than the previous three because I’d had a very rough week but after some rest, I always able to come back to it with a clear mind and was able to complete the challenges. Starting with an explanation of Indicators of Compromise (IOCs) and how to use them to identify & detect malware on target systems or files, this course introduces you to Mandiant IOCe and then moves on to taking you through how to actually hunt and create reports for those IOCs using Mandiant Redline.
This process requires a methodological approach to hunting for malware and you should ensure to be intentional with how you approach this process. I also recommend going through the final challenge in an isolated Windows 10 VM. Why? Because it’s malware. The instructions on how to properly handle this Malware are provided by Security Blue Team but for extra caution, I recommend that after downloading the samples, you completely isolate that VM from any external network.
This was a fun course to complete and I think I might dig deeper into Threat Hunting down the line in my cybersecurity career.
An Introduction to Darkweb Operations
This was another very well done course from Security Blue Team. This course introduced me to the world beyond the surface internet. Beyond the world wide web accessible to us for our regular browsing are other layers of the web that are not directly accessible or only accessible through non-conventional means. The challenges in this course definitely tasked my investigative abilities but it was really fun messing around in a “Safe Area” of the dark web and finding information here and there. The final challenge puts you in the scenario of a Dark Web Intelligence Analyst whose goal is to gather intelligence on some criminal activities. FUN STUFF!
An Introduction to Open-Source Intelligence
This course was a great introduction to Open-Source Intelligence. In my day-to-day job, I do use OSINT for several cases but this was an in-depth course that gave me a better insight into that world. There’s so much information that can be harvested about individuals or organizations that is freely available on the clear web.
This course gave me the most trouble out of all the courses. The course modules were easy to complete and the individual challenges were quite easy to complete. On the other hand, the course final challenge gave me a lot of difficulties and I had to reach out for help in the discord server. The nudges I got were not revealing at all but were enough to point me in the right channel to completing this course.
In a nutshell, this was another course that really built and sharpened my analytical and investigative skills.
In conclusion, this course from Security Blue Team is a great beginner course for anyone wanting to get their feet wet in different Cybersecurity Domains. I also recommend it for professionals who are looking to test or sharpen the skills they have.
With these six courses, I have my appetite wet for the Blue Team Level 1 and I’m looking forward to doing it in the nearest future.