Blue team
Table of contents
Introduction
For more information about the purposes of this site view the about page. This page is meant to provide the neccessary info pertaining to Blue Team activities occured in the 7th semester, the minor. For more information relating to the context of why this page exists visit the personal learning plan.
Learning focuses
In order to shape the upcoming curriculum, I’ve chosen various learning focuses for the blue team side. These are work in progress, and have to be developed out further.
Category
T = Technical skills
N = Non-technical skills
R = Research & development skills
P = Professional skills
Learning tasks
Task summary |
Category |
Duration |
Requirement |
Status |
|---|---|---|---|---|
Follow workshops related to blue teaming |
T |
0.5day |
Must |
Done |
Take part of Red v Blue team event |
T+N |
1day |
Must |
Done |
Expand IDS knowledge(Zeek & Suricata) |
T |
2days |
Must |
Done |
Try monitoring techniques (netflow, flow monitoring) |
T |
1-2days |
Must |
Done |
Try out SIEM and dashboarding (i.e Elastic Stack) |
T |
2days |
Must |
Done |
Learn reverse engineering and apply to malware |
T |
2-3days |
Should |
Open |
Blue-team visit a local building and document findings |
N |
1day |
Should |
Cancl |
Set up and experiment with a Web Application Firewall |
T |
1day |
Should |
Done |
Set up vulnerability scanning with OpenVAS |
T |
1day |
Should |
Done |
Research & development tasks
Task summary |
Category |
Duration |
Requirement |
Status |
|---|---|---|---|---|
Visit the infosecurity.nl convention |
R |
1day |
Should |
Cancelled |
Visit seminars related to SIEM/CERT and make a blogpost |
R |
1day |
Should |
Cancelled |
Organize or join a session to analyze a vuln. |
R |
1-2days |
Should |
Open |
Setup a SoC and a SIEM with a registration system |
R+T |
5days |
Should |
Done |
Setup a malware analysis lab for static and dynamic |
R+T |
5days |
Could |
Open |
Professional application tasks
Task summary |
Category |
Duration |
Requirement |
Status |
|---|---|---|---|---|
Define threat use cases |
N+P |
1day |
Must |
Open |
Develop and tune an IDS sensor for an operational env. |
R+T |
3days |
Must |
Done |
Set up security monitoring(IDS,logging,SIEM,dashboard) |
R+P+T |
5days |
Must |
Done |
Set up vuln.scan in an operational network with OpenVAS |
R+N+P |
2days |
Must |
Done |
Set up a register system for triage, analysis, priority |
R+N+P |
2days |
Should |
Done |
Run security monitoring on an operation env. |
P+T+N |
2-4days |
Must |
Done |
Report a security incident in an operational env. |
N+P |
1day |
Could |
Done |
Custom tasks
Task summary |
Category |
Duration |
Requirement |
Status |
|---|---|---|---|---|
Setting this server up |
T |
1day |
Must |
Done |
Set up reverse proxy using NGINX |
T |
1day |
Must |
Done |
Provision servers with certbot SSL |
T |
1day |
Must |
Done |
Implement a secure password manager |
T/N/R/P |
1day |
Should |
Open |
Implement sensor monitoring like Zabbix/Nagios/PRTG |
T |
1day |
Should |
Open |
Learning tasks execution
- 1. Follow the workshops related to hacking & blue team
- 2. Take part of the Red v Blue team event
- 3. Expand IDS knowledge(Zeek & Suricata)
- 4. Try monitoring techniques (netflow, flow monitoring)
- 5. Try out SIEM and dashboarding (i.e Elastic Stack)
- 6. Learn reverse engineering and apply to malware
- 7. Blue-team visit a local building and document findings(cancelled due to COVID)
- 8. Set up and experiment with a Web Application Firewall
- 18. Set up vulnerability scanning with OpenVAS
Research & development tasks execution
Professional application tasks
- 15. Define threat use cases
- 16. Develop and tune an IDS sensor for an operational environment
- 17. Set up security monitoring(IDS,logging,SIEM,dashboard)
- 18. Set up vulnerability scanning with OpenVAS
- 19. Set up a register system for triage, analysis, priority
- 20. Run security monitoring on an operation env.
- 21. Report a security incident in an operational env.