HTB Certified Defensive Security Analyst

Intermediate Practical SOC/DFIR case exam + report Pass: Report/objective quality based; exact threshold n… $210

CDSA validates practical blue-team skills across SOC triage, threat hunting, and incident response reporting. 2026 prep should prioritize query fluency, investigation timelines, and decision justification.

Official Page

IssuerHackTheBox

FormatPractical SOC/DFIR case exam + report

DurationUp to 7 days (indicative)

Pass ScoreReport/objective quality based; exact threshold n…

Overview Syllabus (5) Tools (7) Cheat Sheets (2) Labs (3)

Recommended Tools

Volatility 3 Essential

Memory

Memory forensics and process-level investigation.

installpipx install volatility3

usagevol -f mem.raw windows.pslist

Splunk Essential

SIEM

Search and correlation for SOC triage workflows.

usageindex=* | stats count by sourcetype

Sigma CLI Essential

Sigma

Detection rule conversion and validation.

installpipx install sigma-cli

usagesigma convert -t splunk rule.yml

Velociraptor

Endpoint artifact collection and rapid response.

usagevelociraptor query artifacts

Wireshark

Network

Packet analysis for incident reconstruction.

installsudo apt install -y wireshark

usagewireshark capture.pcap

Pwnbox/Kali

Platform

Consistent HTB exam-like tooling baseline.

usageMaintain reusable aliases and workflow scripts

Timesketch

Timeline

Collaborative timeline analysis for incidents.

usagetimesketch