CyberDefenders

Online Cyber Security Blue Team Training Platform for

CyberDefenders is a blue team training platform focused on the defensive side of cybersecurity to learn, validate, and advance CyberDefense skills.

Become a CyberDefender
Hands holding a black and white letter and number puzzle cube against a black background

Defenders everywhere use CyberDefenders

Google
IBM
Microsoft
Cisco
Facebook
Mandiant
US-airforce
Us-Cert
PWC
Mitre

Latest blue team training, labs and CTF

This section features announcements about upcoming labs, new courses, and CTFs, so you can be sure you won't miss out on anything!

Newest Course

Certified CyberDefender (CCD) Certification - CCD is a vendor-neutral, hands-on cyber defense training and certification. This course will jumpstart and empower those on their way to becoming the next generation of defenders and SOC analysts.

Newest Lab

XZBackDoor - Instructions: Ensure that there are no blockers, such as Adblock extensions, that might prevent the lab from opening in a new tab or affect the lab’s functionality. This is a live forensics lab where all investigations are conducted within the provided environment using the system's available tools and resources. No external files or tools are provided or necessary for this lab. Scenario: You are part of the incident response team at a mid-sized financial services company. Recently, your network monitoring systems have flagged unusual SSH traffic patterns emanating from one of your Linux servers. Preliminary analysis suggests potential unauthorized access, which could be compromising the security and integrity of your network. The server in question has been identified to be running a version of the Linux operating system that includes the XZ Utils software package, versions 5.6.0 and 5.6.1. These versions are known to contain a sophisticated backdoor vulnerability that was deliberately inserted as part of a complex cyber-espionage campaign. Your task is to determine how the threat actor got in and trace back its TTPs.

Defend Smarter, Not Harder

Enhance your cyberdefense skills with our blue team labs and real-world scenarios.

Less hype

We do not use jargons like 'cutting-edge', 'game-changing', and 'revolutionary'. We respect our users and trust their judgment.

More value

If we were to describe what we are trying to do in simple words, it would be 'solving defenders problems' one problem at a time, providing straightforward yet reliable solutions.

Community powered

The best projects are community-driven ones. Our users are our partners. They drive, shape, and lead vision execution.

Our Users Are Our Biggest Fans

We don't like to brag, but we don't mind letting our users do it for us.

Here are a few nice things folks have said about our blue team and DFIR work!

View All Review
testimonials
Certified CyberDefender Blue Team Training & Certification for SOC Analysts Badge

LEARN FROM THE EXPERTS

Empower your CyberDefense/Blue team skills and learn from established industry veterans.

Learn now

Frequently asked questions

What is CyberDefenders?

CyberDefenders is a blue team training platform focused on the defensive side of cybersecurity, aiming to provide a place for SOC analysts, threat hunters, and DFIR professionals to practice and validate their skills and acquire the ones they need.

  • CCD Certification: A one-time payment program offering a rigorous certification program with predefined labs and lessons. Designed for SOC analysts and blue teams to master key DFIR and CyberDefense techniques, it culminates in a 48-hour hands-on exam. Successful candidates earn the title of Certified Cyber Defender.
  • BlueYard Pro: A cyber range subscription service granting users continuous access to an evolving landscape of exclusive labs. New labs are added weekly to simulate emerging security threats and are separate from those in the CCD program.

Choose CCD for structured training and certification; pick BlueYard Pro for ongoing, dynamic lab experiences.

BlueYard is a self-guided, high-quality blue team labs and challenges.

They are blue team exercises meant to provide a way to practice CyberDefense skills. They come in different formats, such as attack investigation (SIEM style), PCAP analysis, memory analysis....etc. Each lab has its scenario and a list of questions. Answering questions correctly requires going through an investigation scenario, analyzing data, and extracting the right piece of information. They can be played on the cloud locally.

What is a red team?

The National Institute of Standards and Technology (NIST) defines a red team as “a group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise's security posture.” The red team plays the part of the attacker or competitor with the intention of identifying vulnerabilities in a system.

Red team activities

When you’re part of a red team, you’re tasked with thinking like a hacker in order to breach an organization’s security (with their permission). Some common red team activities include:

  • Social engineering.
  • Penetration testing
  • Intercepting communication
  • Card cloning
  • Making recommendations to blue team for security improvements

Red team activities

NIST defines a blue team as “the group responsible for defending an enterprise's use of information systems by maintaining its security posture against a group of mock attackers.” If the red team is playing offense, the blue team is playing defense to protect an organization'’'s critical assets.

Blue team activities

As a blue team member, it’s your job to analyze the current security posture of your organization and take measures to address flaws and vulnerabilities. Playing for the blue team also means monitoring for breaches and responding to them when they do occur. Some of these tasks include:

  • Digital footprint analysis
  • DNS audits
  • Installing and configuring firewalls and endpoint security software
  • Monitoring network activity
  • Using least-privilege access