LetsDefend: Blue Team Training Review
As a Blue Team member, your role is to defend your networks and systems from attackers. This means you must intimately understand your environment and everything within it. Constant monitoring of all data at all times. You need the skills to analyze, determine if there is a threat, and respond to the incident quickly. Blue Team requires a greater level of discipline and commitment than the Red Team. Just one mistake can compromise a network.
Being on top of your game requires training and practice. SANS is the industry leader in Blue Team training, however, spending $7K is not something everyone can afford. It is difficult to find affordable Blue Team training resources and materials. LetsDefend created a platform to teach the skills needed to be a Blue Team Defender. It is a great resource for anyone who wants to know what Blue Team is all about, without emptying your wallet.
LetsDefend.io
LetsDefend is an online training resource focused on incident response and forensic analysis. They have gamified being a SOC Analyst. Your role is to review events generated from the fictional network you defend. Investigate the event for signs of malicious activity, correctly respond to the alert and protect your network from further compromise. Correctly responding to the incident will gain you points. The training is a great starting point if you are looking to get a job as a SOC Analyst.
The best part is LetsDefend uses real-world malware and attack methods to create the events you will be investigating. The malware comes from current samples being discovered in the wild. You will get to analyze malware like Emotet, CobaltStrike, and many more. Your investigations will lead you to hunt down hacker’s real-world Command & Control(C2) Servers. You do not need to have or buy any special software to do these investigations. LetsDefend shows you all the free online resources you can use to do your investigations. These online resources are what real SOC Analysts use daily. So you are gaining job skills you need as a SOC Analyst and Blue Team member.
Where to start?
If you are new to incident response then start with the LetsDefend Academy. The Academy training courses will walk you through the basic concepts of Incident Response, Threat Intelligence, Malware Analysis, and more. Courses give you the basic concepts so you can jump in and start the hands-on learning.
VIP Access
LetsDefend has two account levels; Free and VIP(paid). With the free account, you get access to a few Academy training modules, and the first three events to investigate. The VIP status grants access to all event investigations, and advanced level Academy training modules. You will learn about Digital Forensics, Incident Response, and Malware Analysis in the advanced level modules. VIP members who complete all the required training also receive a certificate of completion. Access to VIP membership is only $25 a month and it is well worth it! You can sign up today for the free account to try it out.
Final Note. LetsDefend does not pay me in any form. I just really liked their product.
[…] LetsDefend has released a new DFIR challenge to investigate a ransomware attack. I will walk you through the digital forensic investigation and how to find the answers to the questions. I will also try to explain my thinking as the investigation unfolds, so you can understand how I came to my conclusions. Attempt the challenge on your own first, but If you get stuck then refer to the guide. […]
Normally I don’t read article on blogs, however I wish to say that this write-up very compelled me to take a look at and do so! Your writing style has been amazed me. Thanks, quite nice article.
[…] LetsDefend has released a new DFIR challenge called “Infection with Cobalt Strike.” Let’s walk through this investigation together and answer questions for this challenge! […]
[…] LetsDefend has released a new DFIR challenge called “REvil Ransomware.” Let’s walk through this investigation together and answer questions for this challenge! […]
[…] LetsDefend has released a new DFIR challenge called “IcedID Malware Family.” Let’s walk through this investigation together and answer questions for this challenge! […]
[…] LetsDefend has released a new malware analysis challenge called “Suspicious Browser Extension.” Let’s walk through this investigation together and answer questions for this challenge! […]