A Hands-On Companion for the Blue Team Level 1 Certification

🚀 Welcome Blue Teamer!

Welcome to this practical study guide designed to equip you with the hands-on skills needed for the Security Blue Team - Blue Team Level 1 (BTL1) certification. Drawing from real-world experience and a deep understanding of the BTL1 domains, this repository compiles essential notes, cheatsheets, workflows, and resources.

BTL1 tests practical application, not just theoretical knowledge. This guide mirrors that philosophy, focusing intently on what actions to take, how to perform them, and which tools to leverage effectively in realistic security scenarios.

This resource is tailored for:

• 👨‍🎓 Aspiring BTL1 Candidates: Individuals actively preparing for the certification exam.
• 💻 Junior Cyber Professionals: SOC Analysts (Tier 1/2), Junior Incident Responders, SysAdmins, or IT professionals aiming to transition into or solidify their skills in defensive security roles.
• 🛡️ Cyber Defense Enthusiasts: Anyone passionate about learning practical Blue Team operations through a structured, hands-on approach.

Assumed Knowledge: A foundational grasp of networking (TCP/IP, DNS, HTTP), operating systems (Windows & Linux command-line basics), and core cybersecurity concepts will be beneficial.

• 🛠️ Hands-On Focus: Directly aligned with the practical, scenario-based nature of the BTL1 exam.
• 📄 Detailed Cheatsheets: Quick-reference guides for crucial commands and tool functionalities.
• 💡 Structured Workflows: Step-by-step methodologies for common analysis tasks (Phishing, IoC Investigation, etc.).
• 🧩 Modular Organization: Content arranged by official BTL1 domains for focused learning.
• 🔗 Curated Resources: Vetted links to essential tools, official documentation, and effective practice platforms.

The guide is logically organized into modules reflecting the core BTL1 domains. Consult the README.md within each module folder for specific contents.

1. 🎯 Target Your Study: Use the Table of Contents or Repository Structure to navigate to specific BTL1 domains or tools.
2. 🧠 Understand Concepts: Read the "Key Concepts" sections first to grasp the fundamentals.
3. 🛠️ Learn the Tools: Review cheatsheets and practice with the essential tools (Volatility, Splunk, Wireshark, Autopsy, etc.).
4. ⚙️ Apply Workflows: Use the suggested workflows as a baseline for your analysis process in practice labs.
5. 🧪 Practice Relentlessly: The key to BTL1 success is hands-on practice. Use resources like BTLO, CyberDefenders, TryHackMe, and BOTS datasets. This guide serves as your reference during practice.
6. ✍️ Adapt & Contribute: This is a living guide. Fork it, add your insights, or suggest improvements via Issues or Pull Requests. See CONTRIBUTING.md.

While originating from personal study notes (including experience leading to a BTL1 Gold Coin), this guide aims to be a valuable community resource. Contributions are welcome! Please refer to the CONTRIBUTING.md file for guidelines and open an Issue for suggestions or bug reports.

The information herein is based on personal experience, study of BTL1 domain concepts, and publicly available resources. Cybersecurity is dynamic; always cross-reference with the official BTL1 syllabus and tool documentation. Use this information responsibly.

Crucially: The Security Blue Team Non-Disclosure Agreement (NDA) is strictly respected. This repository does not contain specific exam content, direct solutions, or any proprietary information protected by the NDA. It focuses on consolidating knowledge and techniques applicable to the BTL1 domains in general.

Distributed under the MIT License. See the LICENSE file for more details.

Nervi0zz