Professional

Blue Team Level 2 (BTL2)

Lessons available in 9 languages with native text-to-speech (beta)

Our Advanced Security Operations training and certification covers Malware Analysis, Threat Hunting, Vulnerability Management, and Advanced SIEM and Emulation.

Skills you'll gain

SIEM
Threat Hunting
Malware Analysis
Vulnerability Management
YARA
yarGen
String
BinText
Resource Hacker
ProcDOT
Process Monitor
PowerShell
Bash
Strings
pestudio
CAPA
PDFid
pdf-parser
OfficeMalScanner
CyberChef
Malwoverview
AutoRuns
TCPView
Regshot
VirusTotal
Hybrid Analysis
GRR
Velociraptor
KAPE
JumpList Explorer
Windows File Analyzer
PECmd
Chainsaw
Wireshark
tshark
RITA
DeTT&CT
ATT&CK Navigator
ATT&CK
OpenVAS
Nmap
Nmap NSE
Nikto
WPScan
Report Writing
Adversary Emulation
Threat Modelling
Threat Intelligence

Blue Team Level 2 (BTL2)

Our Advanced Security Operations training and certification covers Malware Analysis, Threat Hunting, Vulnerability Management, and Advanced SIEM and Emulation.

Recommended experience

2+ years experience

Estimated time to complete

approximately 50 hours to complete

On-demand access

Complete in 5 months

Training and exam price

£1,999.00 GBP

View Course Content Try Demo

Who is the course for?

BTL2 is aimed at security professionals with 2-4 years experience in a practical role, but can be suitable for individuals with less experience provided they can commit to the intense training. Roles that we believe would benefit from this course include:

  • Mid-Senior Security Analysts
  • Mid-Senior Incident Responders
  • Mid-Senior Security Consultants
  • DFIR Specialists
  • Threat Hunters
  • Malware Analysts

Why choose BTL2?

BTL2 is designed to strengthen technical defenders that already have experience and exposure to security operations. BTL2 will develop you in niche areas that make you stand out as an advanced defender. Below are some examples of the skills and experience you will gain.

  • Identify, analyze, prioritize, and remediate vulnerabilities to effectively reduce risk.
  • Conduct static and dynamic malware analysis to gather indicators of compromise and document details of the malware’s purpose and utilized techniques.
  • Conducting adversary emulation activities with the purpose of identifying gaps in SIEM detection rules, creating operational dashboards to identify threats, and hunting on remote systems.
  • Perform threat hunts on individual systems and at scale to detect adversaries that have already breached the perimeter.

Malware Analysis

59 topics

4 quizzes

11 labs

What you'll learn

This section will develop your understanding of malware analysis, and will teach you how to use a range of tools to perform static and dynamic analysis on portable executables, portable documents, and Microsoft Office document filetypes.

Lessons

  • Introduction to Malware Analysis
  • Setting up a Malware Analysis Home Lab
  • Static Malware Analysis
  • Dynamic Malware Analysis
  • Malware Analysis Practice

Skills you'll gain

Malware Analysis
YARA
yarGen
String
BinText
Resource Hacker
ProcDOT
Process Monitor
PowerShell
Bash
Strings
pestudio
CAPA
PDFid
pdf-parser
OfficeMalScanner
CyberChef
Malwoverview
AutoRuns
TCPView
Regshot
VirusTotal
Hybrid Analysis
Wireshark
Static Analysis
Dynamic Analysis
OSINT

Threat Hunting

Advanced SIEM

Vulnerability Management

BTL2 Exam Preparation

Course Authors

Photo of Joshua Beaman

Joshua Beaman

Academic Board

Unsure if BTL2 is right for you?

Frequently asked questions

Are there any exam entry requirements? If so, what are they?

No, there are no entry requirements for the exam. You can take the exam whenever you feel ready, however we strongly recommend you complete all the labs, as they are designed to prepare you for the practical exam.

What are the prerequisites for enrolling in this certification?

These are recommended, not required, prerequisites. It is advisable to complete BTL1 before enrolling in BTL2, but if you are confident in your abilities, you can jump straight in. BTL2 is designed for technical defenders with 2-4 years of experience in security operations. It aims to develop advanced skills in vulnerability management, malware analysis, adversary emulation, and threat hunting. While primarily targeted at experienced professionals, it can also be suitable for those with less experience who are willing to commit to intense training.

How long does it take to complete the certification?

Completing the BTL2 certification typically takes between 60 to 70 hours. However, the actual time may vary based on your prior knowledge of the course materials, your working speed, and the amount of time you can dedicate. Everyone's pace is different, so you might complete it more quickly or take a bit longer.

What's included in the price?

After gaining access to the course, you receive 45 months of access to 231 lessons and quizzes, 28 browser labs with 120 hours of access, and the BTL2 exam, which includes up to 72 hours to complete a practical assessment and submit a written report. The report is hand-marked within 30 working days, and you need to score 70% or higher to pass (90%+ on the first attempt earns a gold challenge coin). Detailed feedback is provided to help improve your skills. Upon passing, you receive Blue Team Level 2 certification for four years, a BTL2 Acclaim digital badge, a printed certificate, a Blue Team Labs Online digital badge, a silver challenge coin (gold if scoring 90%+ on the first attempt), and laptop stickers.

Is everything to pass the exam in the course?

Yes, there is nothing in the exam that hasn't been covered in the course, or without clear instructions being provided. The exam features a select subset of the tools covered in the course, similar to real incident response engagements.

How long is the access?

Individual Students: Once you purchase BTL2, it will immediately appear in your account. You will then be free to start the course whenever you want. Corporate Clients: Purchased licenses can be issued at any time within 12 months from the purchase date, providing you the flexibility to start the training when your team is ready. After gaining access to the course, you have 5 months on-demand access to the training material.

Are there any discounts available?

A 10% discount is available to verified students that are actively studying with an established educational institute. There are also discounts available to military personnel, first responders, and veterans. Read more here: https://support.securityblue.team/hc/en-gb/articles/11802106331164-Discounts-for-Students-and-Service-Members Corporate discounts are available based on the number of licenses purchased.