Get to know Duncan Whitley, one of Security Blue Team’s Marketing Executives, who creates blog posts, newsletters, emails, and ads to deliver genuinely useful cybersecurity content. From a background shaped by gaming and technology to a career in marketing, Duncan shares why he values clear, helpful communication and enjoys seeing...
Security Blue Team started from a simple frustration: the gap between academic learning and real SOC work. What began as...
Ranked #2 on G2 for cybersecurity training with a 4.8 rating. See how hands-on, real-world learning helps SOC teams and...
Ransomware attacks rarely happen all at once. They follow a series of stages that unfold over time, from initial access to data exfiltration and encryption. Understanding this lifecycle helps analysts spot threats earlier, respond more effectively, and focus on the stages where intervention makes the biggest difference.
Have you ever needed to transfer data from one computer to another but found yourself blocked by strict security policies? Perhaps you cannot connect any USB devices, most of your programs (including PowerShell and Command Prompt) are disabled, and internet access is heavily restricted.
Picture a team diving into a winter wonderland where snowmobiles hunt the Northern Lights, huskies charge through snowy trails, and drinks come in glasses chiseled from ice. That’s what SBT got up to during our annual Global Connect, a company get-together that took us from Stockholm to the icy wilds...
From understanding the foundations of ransomware to engaging in negotiation simulations, students will gain practical insights into managing cyber extortion scenarios.
This blog series will explore Security Blue Team's adventure into the reverse engineering of a novel SmartLoader malware variant. This malware was discovered during our research into Belsen Group's high-profile FortiGate leak. This leak was advertised as containing a list of affected companies with associated configuration data from their FortiGate...
We need a suitable environment to detonate the malware in a repeatable fashion. This environment should allow us to substitute our mock APIs and host to ensure the malware operates as close to real as possible.
The Black Basta ransomware gang recently made headlines for all the wrong reasons when someone using the online handle “ExploitWhispers” shared internal chat logs of the group with the public — close to a year’s worth of messages in a JSON file.
