BTL1 Review
I haven’t written on this blog for quite some time mainly because I’ve lost my interest in Ethical hacking/pentesting lately due to me having gone to a great depth with it and realizing that there just isn’t much work for this skillset at all and I’ve kind of had an ethical debate with myself if ethical hacking or any hacking for that manner is actually good.
Nevertheless a few months ago I completed the Blueteam Level 1 course and thought I would share my thoughts on this course in this short article.
Now the BlueTeam Level 1 Course or BTL1 is a course which tests you by having 2 machines which have been compromised by an attacker and you need to act as a first line incident responder who attempts to understand how the attacker got entry into the machines and also understand the lateral movement techniques that the attacker used in order to get into the machine which isn’t connected to the network. The exam is 12 hours and then you have 12 hours to submit the report.
For the exam it took me two attempts to pass because the first attempt I didn’t understand a key thing needed for extra points and my first attempt was 51% and I didn’t mention files that were stolen and failed to mention how the attacker identified there was a certain service running on the machine. I also didn’t do anything in Splunk due to me having overlooked this aspect because it is quite tedious going through lots of data and applying specific filters for specific sets of data and didn’t really take much interest in this specific module on the course.
The second attempt was a pass and I received 78%. The feedback that I received from BTL1 was generally positive and on this attempt, I actually identified the files which has been stolen by the attacker. I also did some work on Splunk but didn’t really enjoy it and look over it that much on my first attempt, but I advise you to have a basic understanding of Splunk if you are taking the BTL1.
As for the course material I thought it was well put together and enjoyed the phishing analysis segment and it gave good tips/tricks on how to analyze phishing emails which I thought courses like OSCP were lacking (mainly because they look at the offensive side of things). The digital forensics side is stuff I had already covered at university, but it was a nice refresher. I thought that the part on Memory analysis was really cool and tried doing it on my main computer, but it crashed my computer (so don’t try take a copy of ram while computer is still running).
In conclusion, the BTL1 was a fantastic exam which I enjoyed taking and others in my company have enjoyed taking this exam. Which I think is the most fun thing about this course the exam, because unlike OSCP this exam I would say is a lot more fun and less challenging that the OSCP. But the OSCP is still the most respected cyber security certification to this date – mainly because it is extremely difficult and the course for it is very long. If you want to a job in cyber security, then the OSCP is your best bet. But for the money the BTL1 has its place in the cyber security certification space.
Also, shoutouts to my company for having allowed me time to study for this BTL1 course and time off work to take the exam!
External links:
https://securityblue.team/courses/blue-team-level-1-certification-standard/