********** Blue team ********** .. contents:: Table of contents Introduction ============= For more information about the purposes of this site view the `about`_ page. This page is meant to provide the neccessary info pertaining to Blue Team activities occured in the 7th semester, the minor. For more information relating to the context of why this page exists visit the `personal learning plan`_. .. _about: /about.html .. _personal learning plan: /personal%20learning%20plan.html Learning focuses ================ In order to shape the upcoming curriculum, I've chosen various learning focuses for the blue team side. These are work in progress, and have to be developed out further. ------------- .. sidebar:: Blue-teaming .. image:: security.svg Category ^^^^^^^^^ | In the tables below the category tab depicts the nature of the skill concercning the listed task. | The duration is not something I came up with; it is derived from the Personal Learning Plan assignment template. | Additionally to the standard, I've expanded with a custom table with tasks I came up with. - T = Technical skills - N = Non-technical skills - R = Research & development skills - P = Professional skills Learning tasks --------------- +--------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +========================================================+==========+==========+=============+========+ | Follow workshops related to blue teaming | T | 0.5day | Must | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ | Take part of Red v Blue team event | T+N | 1day | Must | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ | Expand IDS knowledge(Zeek & Suricata) | T | 2days | Must | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ | Try monitoring techniques (netflow, flow monitoring) | T | 1-2days | Must | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ | Try out SIEM and dashboarding (i.e Elastic Stack) | T | 2days | Must | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ | Learn reverse engineering and apply to malware | T | 2-3days | Should | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Blue-team visit a local building and document findings | N | 1day | Should | Cancl | +--------------------------------------------------------+----------+----------+-------------+--------+ | Set up and experiment with a Web Application Firewall | T | 1day | Should | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ | Set up vulnerability scanning with OpenVAS | T | 1day | Should | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ Research & development tasks ----------------------------- +---------------------------------------------------------+----------+----------+-------------+-------------+ | Task summary | Category | Duration | Requirement | Status | +=========================================================+==========+==========+=============+=============+ | Visit the infosecurity.nl convention | R | 1day | Should | Cancelled | +---------------------------------------------------------+----------+----------+-------------+-------------+ | Visit seminars related to SIEM/CERT and make a blogpost | R | 1day | Should | Cancelled | +---------------------------------------------------------+----------+----------+-------------+-------------+ | Organize or join a session to analyze a vuln. | R | 1-2days | Should | Open | +---------------------------------------------------------+----------+----------+-------------+-------------+ | Setup a SoC and a SIEM with a registration system | R+T | 5days | Should | Done | +---------------------------------------------------------+----------+----------+-------------+-------------+ | Setup a malware analysis lab for static and dynamic | R+T | 5days | Could | Open | +---------------------------------------------------------+----------+----------+-------------+-------------+ Professional application tasks ------------------------------- +----------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +==========================================================+==========+==========+=============+========+ | Define threat use cases | N+P | 1day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Develop and tune an IDS sensor for an operational env. | R+T | 3days | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up security monitoring(IDS,logging,SIEM,dashboard) | R+P+T | 5days | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up vuln.scan in an operational network with OpenVAS | R+N+P | 2days | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up a register system for triage, analysis, priority | R+N+P | 2days | Should | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Run security monitoring on an operation env. | P+T+N | 2-4days | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Report a security incident in an operational env. | N+P | 1day | Could | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ Custom tasks ------------- +----------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +==========================================================+==========+==========+=============+========+ | Setting this server up | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up reverse proxy using NGINX | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Provision servers with certbot SSL | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Implement a secure password manager | T/N/R/P | 1day | Should | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Implement sensor monitoring like Zabbix/Nagios/PRTG | T | 1day | Should | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ ------------ Learning tasks execution ^^^^^^^^^^^^^^^^^^^^^^^^^ .. toctree:: :maxdepth: 2 learning/blueteam/workshopblue learning/blueteam/redvblueteam learning/blueteam/expandids learning/blueteam/monitoringblue learning/blueteam/monitoringbluesiem learning/blueteam/reverseengineeringblue learning/blueteam/bluevisit learning/blueteam/waf learning/blueteam/setupopenvas Research & development tasks execution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. toctree:: :maxdepth: 2 learning/blueteam/infosecurity learning/blueteam/siemseminar learning/blueteam/vulnsessionblue learning/blueteam/setupsocsiem learning/blueteam/setupmalwareanalysisblue Professional application tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. toctree:: :maxdepth: 2 learning/blueteam/definethreat learning/blueteam/developids learning/blueteam/setupsiem learning/blueteam/setupopenvas learning/blueteam/setupem learning/blueteam/runsmenv learning/blueteam/siopenv Custom tasks ^^^^^^^^^^^^ .. toctree:: :maxdepth: 2 .. learning/blueteam/setupportfolio learning/blueteam/reverseproxynginx learning/blueteam/implementpwmanager learning/blueteam/implementmonitor ..