Malware analysis for beginners (step-by-step)
Get familiar with industry-standard tools and methodologies to identify, understand, and detect malware threats.
HTB > Blue Teaming
5 Active Directory misconfigurations (& how they're exploited)
Audit your AD environment for misconfigurations (and attacks) that can lead to severe consequences when exploited by malicious actors.
NTDS dumping attack detection
Learn how to detect NTDS dumping attacks in issue five of a special series on critical Active Directory (AD) attack detections & misconfigurations.
Essential SOC analyst tools (+ insights from real blue teamers)
How to get good at these fundamental SOC tools and their related skills.
NTLM relay attack detection
Learn how to detect NTLM relay attacks in part four of a special series on critical Active Directory (AD) attack detections & misconfigurations.
LLMNR poisoning attack detection
Learn how to detect LLMNR poisoning attacks in part three of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations
AS-REP roasting detection
Learn how to detect AS-REP roasting attacks in part two of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations.
Kerberoasting attack detection
Learn how to detect Kerberoast attacks in part one of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations.
A step-by-step guide to crafting an incident response plan
Incident response plans lay the foundations for a defensive team’s actions in the face of an incident, making them essential for speedy and effective response.
5 Windows event log analysis tools (for beginner blue teamers)
Windows event logs are the gateway to understanding suspicious activity, making these event log analysis tools essential for beginner blue teamers.
Beat SOC analyst burnout with better L&D
SOC analyst burnout is rife thanks to the “always-on” nature of the role paired with a lack of training. Tackle this major issue with effective L&D.
Guarding against SQL injection: Techniques to enhance code security
Learn how to avoid these common vulnerabilities in your applications with our SQL injection attack examples.
Decoding Windows event logs: A definitive guide for incident responders
Windows event logs can provide valuable insights when piecing together an incident or suspicious activity, making them crucial for analysts to understand.
A (realistic) template for writing incident response response reports
Discover how to write an incident response report, including an incident reporting template, and a step-by-step reporting process for analysts.
Our top 5 DFIR labs for beginner analysts (to get good fast)
Sherlocks are powerful blue team labs for security analysts looking to quickly develop threat-landscape-relevant DFIR skills. In this post, we put together our top picks for beginners.
All the latest news and insights about cybersecurity from Hack The Box. Hacking trends, insights, interviews, stories, and much more