SOC metrics like alerts triaged and threats detected only tell part of the story, especially in financial services where performance is measured in risk, exposure, and business impact. This article explores how to reframe key metrics such as MTTR, containment time, and risk reduction to better align with financial outcomes,...
Meet Jess (Jessica Ryder), Security Blue Team’s HR Manager, leading the HR function across recruitment, onboarding, and employee relations. She...
Often, salary is blamed for SOC churn, but in reality it often is not the primary reason SOC analysts leave....
Locked Shields is as close as it gets to a real-world cyber war without it actually happening. This post breaks down what it’s like to support NATO’s largest live-fire exercise, the scenarios we built, and what training at that scale really looks like when pressure, complexity, and realism all come...
From understanding the foundations of ransomware to engaging in negotiation simulations, students will gain practical insights into managing cyber extortion scenarios.
This blog series will explore Security Blue Team's adventure into the reverse engineering of a novel SmartLoader malware variant. This malware was discovered during our research into Belsen Group's high-profile FortiGate leak. This leak was advertised as containing a list of affected companies with associated configuration data from their FortiGate...
We need a suitable environment to detonate the malware in a repeatable fashion. This environment should allow us to substitute our mock APIs and host to ensure the malware operates as close to real as possible.
The Black Basta ransomware gang recently made headlines for all the wrong reasons when someone using the online handle “ExploitWhispers” shared internal chat logs of the group with the public — close to a year’s worth of messages in a JSON file.
This write-up is a POC (Proof of Concept) to demonstrate a potential vulnerability in GitHub and Discord that can be exploited. You are free to verify the issue, as we encourage the developers at GitHub and Discord to properly secure their systems to lower the risk of an exploit.
It started like many incident response cases: an urgent Security Operation Center (SOC) alert.
