BTL1
Field Notes
Practical reference for the Security Blue Team BTL1 certification and SOC Tier 1 operations. Built from real exam experience. Real commands. Real workflows. No fluff.
Each domain contains cheatsheets, command references and investigation workflows.
The most-reached-for commands across all six domains.
These notes were built during preparation for the BTL1 exam and refined over several years working as a Tier 1 SOC analyst in detection and response at VAR Group, Madrid.
The goal was never to replace the course material — it was to have a fast reference during live investigations. When an alert fires at 2am, you need the Volatility plugin name, not a paragraph explaining what memory forensics is.
If you are preparing for BTL1 or working in a SOC, use it, fork it, improve it.