Blue Team Defender
A comprehensive training program covering threat hunting, digital forensics, and incident response.
248 Hours
Blue Team
248 Hours
Blue Team


Securing corporate information has never been an easy task, and the challenge has become increasingly complex in recent years. As systems grow more complexed, they also become more vulnerable. The biggest problem for businesses is that cybercriminals are constantly developing, becoming more skilled and efficient, and their employees are not. This skill gap is creating a dilemma that is becoming hard to bridge.

The course covers the following topics:


It’s important to improve the accordion’s behaviour

Anatomy of a Cyberattack
  • The attack lifecycle and the cyber kill chain model
  • Information gathering
  • Vulnerability assessments
  • Server-side attacks
  • Client-side attacks
  • Web application hacking
  • Windows privilege escalation
  • Lateral Movement
Enterprise Defenses
  • Enterprise information systems as a battleground
  • Introduction to inventories
  • Vulnerability assessment and path management
  • Network segmentation, segregation, and separation
  • Deep visibility into endpoints
  • Managing privileged accounts and hosts
  • Anti-malware defenses
  • Windows client configuration and hardening
  • Linux server and service configuration and hardening
Network Monitoring and Detection
  • Networking 101
  • Parsing traffic with the network shell
  • Indexing and generating statistics
  • Parsing the higher layers
  • Case #1: Mail harassment
  • Introduction to malware and targeted attacks
  • Case #2: Browser exploitation
  • Sniffers, sensors, taps, and protocol analyzers
  • Case #3: Malware in pcap
  • IDS/IPS, monitoring, and network security analytics
Windows Malware Forensics
  • Digital forensics in rapid-changing space
  • Disk and filesystem analysis
  • Generating filesystem timelines
  • Windows system artifacts
  • Internet-related artifacts
  • Super timeline all the things
  • Windows memory forensics
  • Digging deeper into Windows memory
Linux Forensics
  • Disk and filesystem analysis
  • Generating filesystem timelines
  • Linux filesystem artifacts
  • Server and service-related artifacts
  • Super timeline all the things
  • Linux memory forensics
  • Linux Forensic Challenge
Threat Hunting with SIEM
  • State of the SOC/SIEM
  • Log collection, normalization, and aggregation
  • SIEM architectures
  • Profiling Windows endpoints
  • Profiling Linux endpoints
  • Profiling infrastructure services
  • Profiling application services
  • Generating baselines, thresholds, and detection rules
  • Hunting IoCs (indicators of compromise)
Final Blue Team Challenge
  • Enterprise-scale breach CTF
  • Hunting and investigating of “targeted” multi-vector attacks
  • Following SOC leads and carrying out ad-hoc investigations
  • Submission of full incident reports
  • Challenge walkthrough and investigative conclusions
Don't touch this tab

SOTERIA Global is a global leader in cyber-security training solutions and services.

The cyber world is now a part of our everyday life. New technology emerges daily, and as opportunities increase, so do cyber risks. Threats constantly evolve, and we must protect our valuable assets.

A successful cyber defense has many factors, but they all have one thing in common: dedicated, skilled individuals.

SOTERIA Global experts develop our solutions and rely on the best technological assets in the market. Our impressive global presence expands over four continents, giving us access to the best cybersecurity professionals.

Our solutions range from customized training programs to developing cyber-oriented facilities, ensuring that individuals and organizations are ready to face real-world threats. Over the years, we have worked with various organizations across many sectors, giving us the skillset to shape and adapt our solutions to meet our client’s needs.

    • Blue-team members
    • SOC operators and analysts
    • Security researchers
    • Forensics experts
    • IT and network specialist
    • Incident response teams
    • Advanced knowledge of Windows operating systems
    • Advanced knowledge of Linux operating systems
    • Familiarity with cyberwarfare technology
    • Familiarity with TCP/IP protocols
    • Understanding attack vectors
    • Familiarity with network forensic
    • Understanding the basics of malware analysis
    • Proactively hunt for threats using SIEM\Logs