Blue Team Level 1

My Honest Review

image

Background

The Blue Team Level 1 Certification by Security Blue Team is an excellent certification if you are looking for an introduction into the world of Digital Forensics and Incident Response (DFIR). It gives you real hands-on experience with engaging labs and a practical 24-hour exam that walks you through a full incident response scenario, from an attacker’s initial access all the way to recovering artifacts that led to a full domain compromise.

I first heard about the Blue Team Level 1 Certification from the homie Noah. He was also one of the people who gave me some tips on Security+ before I took it (great guy he is). He gave it a lot of praise, which led me to become curious about it and eventually buy the course.

I had wanted to buy the course for a while and was pretty hesitant to pull the trigger for some reason. I think it might have been due to me being afraid of losing money and failing, but I’ve gotten better, and I’m honestly learning to have more confidence and bet on myself more.

I somehow ended up taking CRTO before doing this one, despite being exposed to BTL1 first???? I don’t really know how or why, but we are here now LOL 🤓.

The Course Logistics

The course itself covers six domains: Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Security Information and Event Management (SIEM), and Incident Response.

Security Fundamentals felt like review from Security+, and I didn’t find it very beneficial, but I can see it being valuable if you end up taking this cert before taking Sec+. Phishing Analysis was extremely well written, and I found it very valuable because it goes in depth on email security and other important protocols that can prevent a security event from turning into a security incident. Threat Intelligence was mostly researching different APTs and threat actors, but it does cover the MITRE ATT&CK Framework in depth, which I think is valuable if you want to get into a career in incident response or security operations (SOC). Digital Forensics was by far the longest domain, but it provides a tremendous amount of value. It goes very in depth on recovering artifacts from a security incident, and I would definitely recommend going over these labs more than once if you are seeking a career in Digital Forensics. The last two domains, SIEM and Incident Response, go hand in hand and were my favorite parts of the entire course. If you are new to security, you’ll often hear about Splunk but might not know what it is. This course gives you hands-on training on the Splunk platform, which, for some reason, seems very hard to find in my experience.

The exam is a 24-hour practical exam that takes you through a full investigation of an incident response scenario, from the initial access the attacker used to make their way into your network all the way to the artifacts that ultimately led to them compromising your corporate domain.

My Tips

I found it helpful to make a timeline during the exam to see when each artifact you found was placed, so you can later map out the incident. I definitely think Splunk is going to be your MVP in this exam, so learn it and learn it well. The course teaches you enough, but to be efficient, I would suggest doing more research and getting more practice beyond the labs. Another very important tool used is Autopsy, and I would recommend learning how to navigate it, since it will make things much easier during the exam. Overall, the exam was not too difficult, and I really enjoyed the time I spent on it. I finished in about 4 hours and passed with a 90 percent.

Rant

In my experience, I’ve noticed a weird imbalance of resources when it comes to practical, hands-on training on the red teaming side versus the blue teaming side. There seem to be far more free resources for red teaming than for blue teaming. I find this interesting since there is seemingly more demand for defenders in corporate environments, but I could be entirely wrong, and this just turned into me ranting about nonsense.

Final Thoughts

All in all, I think the Blue Team Level 1 Certification is a great attempt to close that gap. Although not completely free, it is affordable enough, worth the cost, and you get your money’s worth. I would definitely recommend this certification to people who genuinely have a desire to learn more about blue teaming and want hands-on training.