Post

Blue Team Level 1 Review

Posted
By Mickhat 2 min read

What is the Blue Team Level 1 Certificate?

The BTL1 is an entry level certification into Blue Teaming. The course is created by Security Blue Team.

In this course you will work your way through 6 Domains. It also covers security fundamentals which are mandatory in order to complete the course. While I don’t deep dive into the Domains, let’s go ahead and start with my short review.

Course Overview

As I said before you will go through the Security Fundamentals Domain where you learn a basic skillset for Networking and Physical Security. One big takeaway is that you get an introduction with basic networking.

The Phishing Analysis Domain stood out to me because you learn how emails work and how to identify phishing emails. I was impressed with just how thorough this Domain was.

Next is the Threat Intelligence Domain where you learn about threat actors. You examine threat actor goals, get an intro to APTs, and how to use the MITRE ATT&CK Framework.

My favorite was the Digital Forensics Domain. In this Domain you break down the DFIR (Digital Forensics Incident Response) process. It covers tools can you use, some hardware that exists to make your life easier, how to create a disk image or memory dump, and analyzing the collected information for Linux and Windows.

The SIEM (Security Information and Event Monitoring) Domain was the hardest for me because I had no prior experience with SIEM. At first the labs for each Domain were hard, but as I became more familiar with Splunk they became more manageable. Unfortunately, there aren’t any labs with open source software alternatives.

Last but not least, is the Incident Response Domain. This section teaches you how you defend your company and respond to attacks. You’ll learn the steps to take during an incident, and cover some basics of CMD and Powershell, which are vital in this field.

Exam

You are given 24 hours to complete the exam. Don’t rush and be sure to double check your answers. You have enough time. It took me around 4.5 hours to complete the exam and I passed with 85%. I had some minor mistakes but in the end no one will ask for the failures (I hope).

BTL1 Certificate

I took the exam on the 20th July 2022 and I am still waiting as of August 18th 2022 for my physical certificate to arrive.

Update: My Physical Certifacte arrived on the 30th September 2022.

Review, BTL1, Blue Team
Blue Team exam review
This post is licensed under CC BY 4.0 by the author.