HTB > Blue Teaming

Show measurable cyber readiness to boards and regulators. TRI gives CISOs clear insights into SOC and DFIR performance under real-world attacks.

HTB’s first all-blue Holmes CTF brought 11,000+ defenders together to tackle DFIR, SOC, malware, and threat hunting challenges in a fully immersive investigation.

Hack The Box and LetsDefend join forces to create the world’s largest collaborative cybersecurity platform with hands-on labs, SOC simulations, and a unified upskilling experience.

Your step-by-step guide to building defenders with confidence, clarity, and hands-on SOC Analyst training from day one.

Cloud is the battleground attackers love most. New data from 796 teams shows most organizations aren’t quite ready. How do your defenses measure up?

Explore 25 years of Active Directory attacks—from PtH to ransomware—and learn how defenders can harden networks, stop lateral movement, and prepare with hands-on training.

Learn how to detect LLMNR poisoning attacks in part three of a special five-part series on critical Active Directory (AD) attack detections & misconfigurations

An ANAB‑accredited, threat‑informed coursework that prepares cyber defenders for DoD 8140 roles and competencies. Delivering verifiable skills in just 15 weeks.

In this blog, we'll explore the main reasons why security teams fall behind, what you can do to fix it, and how to build a culture of continuous learning.

Discover how dynamic benchmarking and CTF exercises can strengthen your security team in our Masterclass webinar, From Theory to Action. Stay ahead of evolving cyber threats!

Cybersecurity teams struggle to train amid constant threats. This blog explores the challenges and solutions to making structured training a priority.

CyberJunkie walks us through a new detection technique he uncovered using Windows SmartScreen Debug Event Logs. Follow this step-by-step guide to see how it works.

A deep-dive into Signal’s move to safeStorage API and how an HTB forensic content engineer creates a CTF Challenge.

Ready for a more rewarding dive into your blue team investigations? Well, we have made new updates to Sherlocks that will give you momentum and a bonus to time well spent.

Get familiar with industry-standard tools and methodologies to identify, understand, and detect malware threats.

Audit your AD environment for misconfigurations (and attacks) that can lead to severe consequences when exploited by malicious actors.

Learn how to detect NTDS dumping attacks in issue five of a special series on critical Active Directory (AD) attack detections & misconfigurations.

How to get good at these fundamental SOC tools and their related skills.

Learn how to detect NTLM relay attacks in part four of a special series on critical Active Directory (AD) attack detections & misconfigurations.