What is the Blue Team Level 1 Certificate?
The BTL1 is an entry level certification into Blue Teaming. The course is created by Security Blue Team.
In this course you will work your way through 6 Domains. It also covers security fundamentals which are mandatory in order to complete the course. While I don’t deep dive into the Domains, let’s go ahead and start with my short review.
As I said before you will go through the
Security Fundamentals Domain where you learn a basic skillset for Networking and Physical Security. One big takeaway is that you get an introduction with basic networking.
Phishing Analysis Domain stood out to me because you learn how emails work and how to identify phishing emails. I was impressed with just how thorough this Domain was.
Next is the
Threat Intelligence Domain where you learn about threat actors. You examine threat actor goals, get an intro to APTs, and how to use the MITRE ATT&CK Framework.
My favorite was the
Digital Forensics Domain. In this Domain you break down the DFIR (Digital Forensics Incident Response) process. It covers tools can you use, some hardware that exists to make your life easier, how to create a disk image or memory dump, and analyzing the collected information for Linux and Windows.
SIEM (Security Information and Event Monitoring) Domain was the hardest for me because I had no prior experience with SIEM. At first the labs for each Domain were hard, but as I became more familiar with Splunk they became more manageable. Unfortunately, there aren’t any labs with open source software alternatives.
Last but not least, is the
Incident Response Domain. This section teaches you how you defend your company and respond to attacks. You’ll learn the steps to take during an incident, and cover some basics of CMD and Powershell, which are vital in this field.
You are given 24 hours to complete the exam. Don’t rush and be sure to double check your answers. You have enough time. It took me around 4.5 hours to complete the exam and I passed with 85%. I had some minor mistakes but in the end no one will ask for the failures (I hope).
I took the exam on the 20th July 2022 and I am still waiting as of August 18th 2022 for my physical certificate to arrive.
Update: My Physical Certifacte arrived on the 30th September 2022.