<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
        <title>HTB Blog > Blue Teaming</title>
        <link>https://www.hackthebox.com/rss/blog/blue-teaming</link>
        <description>All the latest news and insights about cybersecurity from Hack The Box. Hacking trends, insights, interviews, stories, and much more</description>
        <language>en</language>
        <atom:link href="https://www.hackthebox.com/rss/blog/blue-teaming" rel="self" type="application/rss+xml" />
        <image>
            <url>
                https://www.hackthebox.com/images/landingv3/logo-htb-blog.svg
            </url>
            <title>HTB Blog > Blue Teaming</title>
            <link>https://www.hackthebox.com/rss/blog/blue-teaming</link>
        </image>
                    <item>
                <title>Stop the alert overload: How to train like you’re actually under attack</title>
                <link>https://www.hackthebox.com/blog/measuring-soc-dfir-resilience-with-threat-range</link>
                <description>SOC burnout is real. See how HTB’s Threat Range rebuilds resilience and delivers measurable value through realistic, data-driven blue team simulations.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/Q8XskdIZCbnHhXaGANW5dlVDHiwXotge.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Thu, 06 Nov 2025 08:30:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/measuring-soc-dfir-resilience-with-threat-range</guid>
            </item>
                    <item>
                <title>Board-ready cyber resilience: How to track and prove readiness</title>
                <link>https://www.hackthebox.com/blog/soc-dfir-resilience-metrics-reporting</link>
                <description>Show measurable cyber readiness to boards and regulators. TRI gives CISOs clear insights into SOC and DFIR performance under real-world attacks.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/0i8KPywyfnE7y22qWHnu8bwZ7dPTKnx4.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Wed, 29 Oct 2025 08:31:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/soc-dfir-resilience-metrics-reporting</guid>
            </item>
                    <item>
                <title>How 11,000+ investigators cracked the case in Holmes, HTB’s defensive CTF</title>
                <link>https://www.hackthebox.com/blog/blue-team-defensive-ctf-holmes-2025-recap</link>
                <description>HTB’s first all-blue Holmes CTF brought 11,000+ defenders together to tackle DFIR, SOC, malware, and threat hunting challenges in a fully immersive investigation.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/k5aPNprJSHC3VsDXVdSHNDV63e53FJLu.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Fri, 24 Oct 2025 10:52:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/blue-team-defensive-ctf-holmes-2025-recap</guid>
            </item>
                    <item>
                <title>Hack The Box + LetsDefend: Shaping the future of community-led cyber readiness</title>
                <link>https://www.hackthebox.com/blog/welcome-letsdefend</link>
                <description>Hack The Box and LetsDefend join forces to create the world’s largest collaborative cybersecurity platform with hands-on labs, SOC simulations, and a unified upskilling experience.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/Z2WlhL8ZmfSA2H448Wshsi9oG6DIExSl.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Tue, 16 Sep 2025 12:58:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/welcome-letsdefend</guid>
            </item>
                    <item>
                <title>A 30-60-90 day onboarding plan for SOC analysts</title>
                <link>https://www.hackthebox.com/blog/30-60-90-day-onboarding-plan-SOC-analyst-checklist</link>
                <description>Your step-by-step guide to building defenders with confidence, clarity, and hands-on SOC Analyst training from day one.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/CKez8kKh6CNTSpHQagDytbyIdDvd7R8p.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Tue, 12 Aug 2025 09:34:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/30-60-90-day-onboarding-plan-SOC-analyst-checklist</guid>
            </item>
                    <item>
                <title>Cloud on fire: What the data from 4,549 players says about your weakest defenses</title>
                <link>https://www.hackthebox.com/blog/global-cyber-skills-benchmark-cloud-security-breaches</link>
                <description>Cloud is the battleground attackers love most. New data from 796 teams shows most organizations aren’t quite ready. How do your defenses measure up?</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/GsCYycpNH7PhnBSTQLdTzPXA6jFyskfN.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Mon, 21 Jul 2025 08:23:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/global-cyber-skills-benchmark-cloud-security-breaches</guid>
            </item>
                    <item>
                <title>How Active Directory (AD) attacks have evolved—and what that means for blue teamers</title>
                <link>https://www.hackthebox.com/blog/active-directory-attacks-history-tactics-defenses</link>
                <description>Explore 25 years of Active Directory attacks—from PtH to ransomware—and learn how defenders can harden networks, stop lateral movement, and prepare with hands-on training.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/rL7D15JwCS54vTTgXI0WrambLEXniHiO.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Sat, 12 Jul 2025 02:45:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/active-directory-attacks-history-tactics-defenses</guid>
            </item>
                    <item>
                <title>LLMNR poisoning attack detection</title>
                <link>https://www.hackthebox.com/blog/llmnr-poisoning-attack-detection</link>
                <description>Learn how to detect LLMNR poisoning attacks in part three of a special five-part series on critical Active Directory (AD) attack detections &amp; misconfigurations</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/aYDAMxfJdRdFS9MQgMNWGKnGiAQTdsOv.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Fri, 13 Jun 2025 10:31:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/llmnr-poisoning-attack-detection</guid>
            </item>
                    <item>
                <title>Meet global cyber skills standards with the new HTB Defense Operations Analyst certificate program</title>
                <link>https://www.hackthebox.com/blog/anab-accredited-certificate-program</link>
                <description>An ANAB‑accredited, threat‑informed coursework that prepares cyber defenders for DoD 8140 roles and competencies. Delivering verifiable skills in just 15 weeks.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/9UobKBSLniIkMyZwoM91HvghKOw2Exby.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Thu, 12 Jun 2025 02:59:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/anab-accredited-certificate-program</guid>
            </item>
                    <item>
                <title>How to use SmartScreen logs to find evidence of execution and user activity analysis</title>
                <link>https://www.hackthebox.com/blog/smartscreen-logs-evidence-execution</link>
                <description>CyberJunkie walks us through a new detection technique he uncovered using Windows SmartScreen Debug Event Logs. Follow this step-by-step guide to see how it works.</description>
                <content:encoded>
                    <![CDATA[
                    <img src="/storage/blog/tOujAY5nGTxnSQwSRcnNCAfK6zXmJmEe.jpg" align="left" hspace="5"/>
                    
                ]]>
                </content:encoded>
                <category>Blue Teaming</category>
                <pubDate>Thu, 27 Feb 2025 03:24:00 +0000</pubDate>
                <guid>https://www.hackthebox.com/blog/smartscreen-logs-evidence-execution</guid>
            </item>
            </channel>
</rss>
