HTB > Blue Teaming

In this blog, we'll explore the main reasons why security teams fall behind, what you can do to fix it, and how to build a culture of continuous learning.

Discover how dynamic benchmarking and CTF exercises can strengthen your security team in our Masterclass webinar, From Theory to Action. Stay ahead of evolving cyber threats!

Cybersecurity teams struggle to train amid constant threats. This blog explores the challenges and solutions to making structured training a priority.

CyberJunkie walks us through a new detection technique he uncovered using Windows SmartScreen Debug Event Logs. Follow this step-by-step guide to see how it works.

A deep-dive into Signal’s move to safeStorage API and how an HTB forensic content engineer creates a CTF Challenge.

Ready for a more rewarding dive into your blue team investigations? Well, we have made new updates to Sherlocks that will give you momentum and a bonus to time well spent.

Get familiar with industry-standard tools and methodologies to identify, understand, and detect malware threats.

Audit your AD environment for misconfigurations (and attacks) that can lead to severe consequences when exploited by malicious actors.

Learn how to detect NTDS dumping attacks in issue five of a special series on critical Active Directory (AD) attack detections & misconfigurations.

How to get good at these fundamental SOC tools and their related skills.

Learn how to detect NTLM relay attacks in part four of a special series on critical Active Directory (AD) attack detections & misconfigurations.

Learn how to detect LLMNR poisoning attacks in part three of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations

Learn how to detect AS-REP roasting attacks in part two of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations.

Learn how to detect Kerberoast attacks in part one of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations.

Incident response plans lay the foundations for a defensive team’s actions in the face of an incident, making them essential for speedy and effective response.

Windows event logs are the gateway to understanding suspicious activity, making these event log analysis tools essential for beginner blue teamers.

SOC analyst burnout is rife thanks to the “always-on” nature of the role paired with a lack of training. Tackle this major issue with effective L&D.

Learn how to avoid these common vulnerabilities in your applications with our SQL injection attack examples.

Windows event logs can provide valuable insights when piecing together an incident or suspicious activity, making them crucial for analysts to understand.

Discover how to write an incident response report, including an incident reporting template, and a step-by-step reporting process for analysts.