Skip to main content

Brought to you by
b^n

Defense of your enterprise cannot be overstated. Finally a Blue-Team Community.

Eiffel65 is a blue team (defensive security) community. In this shade of Blue we’ll entertain the topics of Threat Intelligence, Threat Hunting, Incident Response, and Forensics. You can expect to get a taste of the day to day responsibilities, duties, and tools in these areas.

Everything you need to know…

Eiffel65 is a place of learning. Many are accustomed to exploits of red teaming, but it’s much more common to be involved in defending a network than hacking it. Come explore the layers of the defensive security. From the inner core of incident response, where analysts and engineers pull apart the scene of the attack. To supporting roles of threat hunting, discovering what tooling doesn’t catch, and forensics that digs to ground zero. And finally, threat intelligence which informs the whole apparatus to make better decisions with context from real-world hacker activity.

At Eiffel65 we will give you hands-on opportunities to explore what it means to be on the blue side. You’ll gather more information on indicators using OSINT. You’ll investigate datasets on a device and in OpenSearch. You’ll poke at phishing emails and malware. And you might even dive into the depths of forensics artifacts. Here are some things we’ve prepared for you:

  • Threat Intelligence
    • Understanding current events
    • Understanding threat reports
    • Determining if indicators are malicious using OSINT
    • Creating MITRE ATT&CK maps
  • Threat Hunting
    • Malware sandbox submissions
    • Log anomaly detection
    • Dumping logs to OpenSearch
    • Investigating logs in OpenSearch
  • Incident Response
    • Zeek security monitoring
    • PCAP analysis
    • Collecting intrusion evidence
    • Phishing email analysis
  • Forensics
    • Exploring forensics artifacts
    • Registry and forensic image analysis

Eiffel65 has something new for novices and experts to learn (or teach). Come test your steel and sharpen your skills. Leave with something to make you better at your day job.


FAQ

Does your community have a minibadge? If so, how can I get it?

Yes! We have a Blue Team Community minibadge. You can get it by participating in our community. 

What kind of things can I do in the community?

There are multiple exercises you can participate in. Do as few or as many as you want. Each should take about 5 minutes. They range from learning more about an indicator to capturing logs to looking at forensics artifacts.

What skill level is needed to participate in the community?

There is something available to people of all skill levels. There will be something from entry level to mid-advanced exercises.

What tools do I need to participate?

You don’t need anything to participate in the community. We will have multiple workstations at the community to run through the various exercises provided.

Where do I go if I have questions?

You can find and contact the community staff on Discord or in person – b^n. Likewise, you can join our Discord Channel – #blue-team




Hours of Operation

  • Monday
    Expo Closed Monday
  • Tuesday
    10:30a – 5:00p
  • Wednesday
    10:30a – 5:00p
  • Thursday
    9:00a – 5:00p
  • Friday
    9:00a – 11:00a

What you Learn

  • Defensive Security Careers
  • Blue Team Tools
  • Intrusion Analysis
  • Creating Detection Rules (Zeek)
  • PCAP Analysis
  • SIEM Searching (OpenSearch)
  • Forensic Artifact Analysis
  • Threat Hunting Methodologies
  • Threat Intelligence Reporting
  • Threat Intelligence Platform
  • Incident Response
  • Indicator Enrichment
  • Threat Data Tools
  • OSINT Techniques
  • OSINT Data Sources
  • MITRE ATT&CK
  • Event Log Analysis
  • Malware Sandbox

MiniBadge Details

We will have a MiniBadge available at our Community.

Details are still being worked out, but to collect our MiniBadge, come visit our booth for more details on how get this cool MiniBadge.

Love our Community!

Desktop Wallpaper

Our community has desktop wallpaper available for download.