// defensive security operations

blue team operations
& SOC analysis

Documented investigations across SIEM platforms, BTL1 labs, and real-world alert triage. Every lab completed, documented, and linked — proof of active daily grind toward SOC operations.

0
Total Labs
80+
Investigations
CDSA
Certified
BTL1
In Progress
// live platform stats
HackTheBox Profile
// blue team labs online
inksec
Junior Defender
Points
Global
AU Rank
Labs
Challenges
blueteamlabs.online updated nightly ›
// featured achievements
HTB CDSA Certificate
HTB Certification · Proctored Exam
Certified Defensive Security Analyst (CDSA)
Certification Exam · Credly Verified
SOC Fundamentals SIEM · Splunk & Elastic Threat Intelligence DFIR PCAP Analysis

HTB proctored certification exam covering SOC fundamentals, alert triage workflows, SIEM analysis with Splunk & Elastic, threat intelligence & IOC correlation, digital forensics, incident response, phishing analysis, malware detection, and network traffic analysis.

verify on credly →
BTL1 · In Progress
Blue Team Labs Level 1
Security Blue Team · Certification
  • Phishing analysis & email header forensics
  • SIEM threat detection & log correlation
  • Network forensics & PCAP analysis
  • Digital forensics & endpoint investigation
  • Malware analysis & IOC identification
LetsDefend · Completed Pathway
SOC Analyst Learning Path
Completed February 2026 · 34 Investigations · 97% Success Rate
  • Real-world SIEM alert triage
  • Log analysis & correlation
  • Malware investigation & IOC identification
  • Incident documentation & reporting
  • Threat intelligence integration
view dashboard → certificate →
CyberDefenders · Completed Track
SOC Analyst Tier 1
Completed April 2026 · 30 Investigations · 227 Questions
  • SIEM alert triage & log correlation
  • Network forensics & PCAP analysis
  • Memory forensics & disk image analysis
  • Threat intelligence & IOC attribution
  • Incident response & malware investigation
verify achievement →
CyberDefenders · In Progress
SOC Analyst Tier 2
Active lab grind · Endpoint & Memory Forensics focus
  • Memory forensics & volatile data analysis
  • Disk image forensics & file recovery
  • Malware triage & static analysis
  • Threat actor attribution & TI correlation
  • Advanced incident response workflows
TryHackMe · SAL1 Path
46 Cases · 100% Detection Rate
SOC Analyst Level 1 · All publicly verifiable
  • Alert triage & log analysis
  • PCAP investigation & network forensics
  • Defensive reasoning & escalation methodology
  • Advent of Cyber 2025 — completed & certified
  • Night Shift CTF — medium difficulty simulation
view profile →
// youtube · daily grind
Day X: becoming a SOC analyst

One real LetsDefend alert per day, triaged out loud on camera. Structured workflow, log correlation, containment decisions — real analyst thinking documented publicly.

Format
Real alert → triage → log analysis → IOC correlation → containment decision → escalation or close. Every step narrated, every tool explained.
Also on YouTube
TryHackMe SAL1 walkthroughs · BTL1 lab investigations · platform-agnostic SOC methodology.
LetsDefend SOC Investigations
LetsDefend SOC Investigations
40+ videos · ~4 hours
TryHackMe Blue Team
TryHackMe Blue Team Ops
12+ videos · ~3 hours
// daily soc practice · live investigation log
daily investigations

Every alert triaged, documented, and mapped to MITRE ATT&CK. Updated daily as part of the Day N of Becoming a SOC Analyst series.

Investigations
True Positives
MITRE Techniques
Critical
Latest:
view full investigation log →
// mitre att&ck enterprise · technique coverage
att&ck heatmap

Every technique observed across labs and investigations mapped to MITRE ATT&CK Enterprise. Generated live from documented writeups — no manual curation.

Observations
Unique Techniques
14
Tactics Covered
Most Observed
explore full att&ck matrix →
// selected investigations
featured writeups

Nine investigations selected across core blue team disciplines. Hard-rated labs, real artefacts, documented methodology.

incident response
digital forensics & reverse engineering
soc operations & threat intelligence
cloud forensics & investigation
// all completed labs
lab grid

All platforms, all labs. Filter by platform, difficulty, or category. Adding new labs weekly. BTL1: 1 of 9 completed.

skill
diff
showing 0 labs
no labs match that filter.
// challenges
challenge log

Shorter CTF-style challenges. Same platforms, less depth.

// home lab infrastructure
lab environments
📡
Splunk Enterprise SIEM
Production-style SIEM for alert detection, log analysis, and threat hunting.
Host:Ubuntu 24.04 · Splunk Enterprise
Agent:Windows 11 · Universal Forwarder
Telemetry:Sysmon event collection & parsing
Use Cases:Detection rules · SPL queries · dashboards
🦠
Malware Analysis Sandbox
Isolated environment for safe detonation, static analysis, and reverse engineering.
Platform:FlareVM · isolated virtual network
Tools:IDA · Ghidra · PE analysis · debuggers
Analysis:Static & dynamic examination
Use Cases:IOC extraction · behaviour analysis
🏠
Home Lab — Full Stack
pfSense + Security Onion + Splunk + Active Directory environment for realistic detection practice.
Network:SPAN mirroring · network segmentation
Detection:Zeek · Suricata · Splunk dashboards
AD Lab:Windows domain · attack simulation
Platform:CachyOS · virtualisation workstation
// investigation documentation
documentation & profiles
🗂️
Alert Triage Log
Every SOC investigation documented — dated, MITRE ATT&CK mapped, and publicly queryable. Updated daily.
  • investigations logged & counting
  • true positives · false positives
  • unique MITRE ATT&CK techniques observed
  • Latest:
view full log →
⌨️
Command Reference
Every command used across real lab investigations — searchable, filterable, and copyable. Built so future me doesn't have to google the same thing twice.
  • 26 commands and growing
  • Volatility · Splunk · Wireshark · Zeek
  • Linked back to source lab for context
  • Auto-extracted from investigation notes
view command reference →
🔗
Public Platform Profiles
Verified investigation work across multiple SOC training platforms — all publicly verifiable.
  • LetsDefend — 34 cases, 97% success
  • TryHackMe — 46 cases, 100% detection
  • GitHub — full writeup repository
  • Real-time metrics & platform rankings