Blue Team Defender
A comprehensive training program covering threat hunting, digital forensics, and incident response.
248 Hours
Blue Team
248 Hours
Blue Team


Securing corporate information has never been an easy task, and the challenge has become increasingly complex in recent years. As systems grow more complexed, they also become more vulnerable. The biggest problem for businesses is that cybercriminals are constantly developing, becoming more skilled and efficient, and their employees are not. This skill gap is creating a dilemma that is becoming hard to bridge.

The course covers the following topics:


It’s important to improve the accordion’s behaviour

Anatomy of a Cyberattack
  • The attack lifecycle and the cyber kill chain model
  • Information gathering
  • Vulnerability assessments
  • Server-side attacks
  • Client-side attacks
  • Web application hacking
  • Windows privilege escalation
  • Lateral Movement
Enterprise Defenses
  • Enterprise information systems as a battleground
  • Introduction to inventories
  • Vulnerability assessment and path management
  • Network segmentation, segregation, and separation
  • Deep visibility into endpoints
  • Managing privileged accounts and hosts
  • Anti-malware defenses
  • Windows client configuration and hardening
  • Linux server and service configuration and hardening
Network Monitoring and Detection
  • Networking 101
  • Parsing traffic with the network shell
  • Indexing and generating statistics
  • Parsing the higher layers
  • Case #1: Mail harassment
  • Introduction to malware and targeted attacks
  • Case #2: Browser exploitation
  • Sniffers, sensors, taps, and protocol analyzers
  • Case #3: Malware in pcap
  • IDS/IPS, monitoring, and network security analytics
Windows Malware Forensics
  • Digital forensics in rapid-changing space
  • Disk and filesystem analysis
  • Generating filesystem timelines
  • Windows system artifacts
  • Internet-related artifacts
  • Super timeline all the things
  • Windows memory forensics
  • Digging deeper into Windows memory
Linux Forensics
  • Disk and filesystem analysis
  • Generating filesystem timelines
  • Linux filesystem artifacts
  • Server and service-related artifacts
  • Super timeline all the things
  • Linux memory forensics
  • Linux Forensic Challenge
Threat Hunting with SIEM
  • State of the SOC/SIEM
  • Log collection, normalization, and aggregation
  • SIEM architectures
  • Profiling Windows endpoints
  • Profiling Linux endpoints
  • Profiling infrastructure services
  • Profiling application services
  • Generating baselines, thresholds, and detection rules
  • Hunting IoCs (indicators of compromise)
Final Blue Team Challenge
  • Enterprise-scale breach CTF
  • Hunting and investigating of “targeted” multi-vector attacks
  • Following SOC leads and carrying out ad-hoc investigations
  • Submission of full incident reports
  • Challenge walkthrough and investigative conclusions
Don't touch this tab

About CYBERPRO was founded in cooperation with international information security and instruction authorities who bring to Israel world-leading cyber training technologies and a learning experience of the highest standard available today.

The partners include the IITC group which has been training graduates for the high tech industry for over 20 years, and was selected as the training center for the Cisco Company in Israel.

CYBERPRO’s advanced, sought-after training courses in the areas of infrastructures, information security and cyber are world famous. These training courses were developed by some of the best cyber experts in the world, for international security organizations that emphasize the high training capabilities, the professional learning methods and the unique training and practice technologies. Our connection with international groups allows our students to be exposed to unique employment opportunities in Israel and abroad.

The training and learning tracks are all based much hands-on practice and preparation for the industry and profession requirements, so they include technological labs and practice sessions using one of the most advanced simulators in the world.

    • Blue-team members
    • SOC operators and analysts
    • Security researchers
    • Forensics experts
    • IT and network specialist
    • Incident response teams
    • Advanced knowledge of Windows operating systems
    • Advanced knowledge of Linux operating systems
    • Familiarity with cyberwarfare technology
    • Familiarity with TCP/IP protocols
    • Understanding attack vectors
    • Familiarity with network forensic
    • Understanding the basics of malware analysis
    • Proactively hunt for threats using SIEM\Logs