2. Blue and Red Team

2. Blue and Red Team


I have successfully led a team, prepared and completed coursework and presented to ~40 people on the following topics:


Penetration Testing

Attacker motives, APTs. Black box, grey box, white box. Testing considerations (scoping and data gathering, legal, communication, risk, record keeping, data handling, lifecycle management, standards). Steps of penetration testing (from recon. to expolitation). Nmap, Nessus, Greenbone, reflected XSS and stored XSS.


Threat Intelligence

Various forms of threat (e.g. hacktivist, insider), threat classification, intent, methodology (email, cloud, direct access etc.). Collection, processing, analysis, dissemination of actionable intelligence. Types of intelligence (strategic, tactical, operational). Sources (IoC, SOCMINT, OSINT, HUMINT, SIEM, deep and dark web etc.)


Security Operations Centre

SOC functions (analysis,engineering,mangement) and tiers. MITRE ATT&CK framework, SOAR and SIEM (Application, DLP, EDR, Firewalls, IDPS, NGAV). Splunk (inc.Phantom), QRadar. RegEx and YARA. Logs (windows and linux). Types of SOC (virtual, multifunctionals, co-managed, dedicated, command)





Share by: