HTB > Blue Teaming
21% of security teams train just once a year—here’s how to fix that
In this blog, we'll explore the main reasons why security teams fall behind, what you can do to fix it, and how to build a culture of continuous learning.
From Theory to Action: How dynamic benchmarking transforms cybersecurity readiness
Discover how dynamic benchmarking and CTF exercises can strengthen your security team in our Masterclass webinar, From Theory to Action. Stay ahead of evolving cyber threats!
Why security teams struggle to train—and how to fix it
Cybersecurity teams struggle to train amid constant threats. This blog explores the challenges and solutions to making structured training a priority.
How to use SmartScreen logs to find evidence of execution and user activity analysis
CyberJunkie walks us through a new detection technique he uncovered using Windows SmartScreen Debug Event Logs. Follow this step-by-step guide to see how it works.
Memory dump analysis with Signal decryption
A deep-dive into Signal’s move to safeStorage API and how an HTB forensic content engineer creates a CTF Challenge.
New Sherlocks updates: Academy recommendations, CPE credits (and more!)
Ready for a more rewarding dive into your blue team investigations? Well, we have made new updates to Sherlocks that will give you momentum and a bonus to time well spent.
Malware analysis for beginners (step-by-step)
Get familiar with industry-standard tools and methodologies to identify, understand, and detect malware threats.
5 Active Directory misconfigurations (& how they're exploited)
Audit your AD environment for misconfigurations (and attacks) that can lead to severe consequences when exploited by malicious actors.
NTDS dumping attack detection
Learn how to detect NTDS dumping attacks in issue five of a special series on critical Active Directory (AD) attack detections & misconfigurations.
Essential SOC analyst tools (+ insights from real blue teamers)
How to get good at these fundamental SOC tools and their related skills.
NTLM relay attack detection
Learn how to detect NTLM relay attacks in part four of a special series on critical Active Directory (AD) attack detections & misconfigurations.
LLMNR poisoning attack detection
Learn how to detect LLMNR poisoning attacks in part three of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations
AS-REP roasting detection
Learn how to detect AS-REP roasting attacks in part two of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations.
Kerberoasting attack detection
Learn how to detect Kerberoast attacks in part one of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations.
A step-by-step guide to crafting an incident response plan
Incident response plans lay the foundations for a defensive team’s actions in the face of an incident, making them essential for speedy and effective response.
5 Windows event log analysis tools (for beginner blue teamers)
Windows event logs are the gateway to understanding suspicious activity, making these event log analysis tools essential for beginner blue teamers.
Beat SOC analyst burnout with better L&D
SOC analyst burnout is rife thanks to the “always-on” nature of the role paired with a lack of training. Tackle this major issue with effective L&D.
Guarding against SQL injection: Techniques to enhance code security
Learn how to avoid these common vulnerabilities in your applications with our SQL injection attack examples.
Decoding Windows event logs: A definitive guide for incident responders
Windows event logs can provide valuable insights when piecing together an incident or suspicious activity, making them crucial for analysts to understand.
All the latest news and insights about cybersecurity from Hack The Box. Hacking trends, insights, interviews, stories, and much more