Get to know Duncan Whitley, one of Security Blue Team’s Marketing Executives, who creates blog posts, newsletters, emails, and ads to deliver genuinely useful cybersecurity content. From a background shaped by gaming and technology to a career in marketing, Duncan shares why he values clear, helpful communication and enjoys seeing...
Security Blue Team started from a simple frustration: the gap between academic learning and real SOC work. What began as...
Ranked #2 on G2 for cybersecurity training with a 4.8 rating. See how hands-on, real-world learning helps SOC teams and...
Ransomware attacks rarely happen all at once. They follow a series of stages that unfold over time, from initial access to data exfiltration and encryption. Understanding this lifecycle helps analysts spot threats earlier, respond more effectively, and focus on the stages where intervention makes the biggest difference.
Live acquisition is a computer forensics technique that involves collecting data from a running computer system, rather than one that is powered off or dormant. The goal is to capture volatile forensic data, such as that in the main memory (RAM) while minimizing any impact on the system’s integrity. This...
A Command and Control, also known as a C2 or C&C server, is an essential tool for cybercriminals and hackers, acting as the central hub for managing and coordinating malicious activities such as data breaches, malware distribution, and cyberattacks.
After a quiet season, it looks like Cozy Bear is out of hibernation and back on the hunt.
Cybersecurity is the field where precision and quick thinking are crucial. The field where you have to get everything right while the hackers just have to be right once. The field where you are trying to keep pace with endless streams of tasks, alerts, and evolving threats.
Imagine you’re working in a company, and an insider threat tampers with a critical file, like a financial document or a system configuration file. If you don’t know who, when, or what was modified, you may not even realize something is wrong until it’s too late. This can lead to...
Cloud security involves a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing.
