Starting your first SOC role can feel overwhelming, even with prior training and labs behind you. This blog breaks down the realities of day-to-day SOC work, from alerts that arrive with little context to investigations that rarely end with clean answers. It highlights why judgement, documentation, and communication matter as...
Many of the challenges that slow investigations and increase escalations in SOCs are not caused by missing tools or technical...
Say hello to Alaina and Dora, the brilliant creative duo behind Security Blue Team’s distinctive look and feel. As our...
Ransomware training helps cybersecurity professionals move beyond technical response to become trusted contributors during high-pressure incidents. By understanding attacker behavior, business impact, negotiation dynamics, and the full incident lifecycle, practitioners gain credibility across technical, legal, and executive teams. This practical, real-world knowledge builds confidence, expands career options across multiple security...
This blog series will explore Security Blue Team's adventure into the reverse engineering of a novel SmartLoader malware variant. This malware was discovered during our research into Belsen Group's high-profile FortiGate leak. This leak was advertised as containing a list of affected companies with associated configuration data from their FortiGate...
We need a suitable environment to detonate the malware in a repeatable fashion. This environment should allow us to substitute our mock APIs and host to ensure the malware operates as close to real as possible.
The Black Basta ransomware gang recently made headlines for all the wrong reasons when someone using the online handle “ExploitWhispers” shared internal chat logs of the group with the public — close to a year’s worth of messages in a JSON file.
This write-up is a POC (Proof of Concept) to demonstrate a potential vulnerability in GitHub and Discord that can be exploited. You are free to verify the issue, as we encourage the developers at GitHub and Discord to properly secure their systems to lower the risk of an exploit.
It started like many incident response cases: an urgent Security Operation Center (SOC) alert.
Welcome to our first Faces of SBT blog post, where we’ll be showcasing a member of our team and giving you a behind-the-scenes look at what it’s like to work at SBT. First up is Trevor, our Director of Cloud Services.
