SOC Analyst Tier 1
Build your foundational skills to monitor, detect, and escalate security alerts. This track includes essential tools, basic log analysis, and introductory incident response labs.
WebStrike
Network Forensics
Easy
30min
Analyze network traffic using Wireshark to investigate a web server compromise, identify web shell deployment, reverse shell communication, and data exfiltration.
6 Questions
Oski
Threat Intel
Easy
30min
Analyze a sandbox report using Any.Run to identify Stealc malware behavior, extract configuration details, and map observed tactics to MITRE ATT&CK.
7 Questions
PoisonedCredentials
Network Forensics
Easy
30min
Analyze network traffic for LLMNR/NBT-NS poisoning attacks using Wireshark to identify the rogue machine, compromised accounts, and affected systems.
5 Questions
Yellow RAT
Threat Intel
Easy
30min
Analyze malware artifacts using threat intelligence platforms like VirusTotal to identify IOCs, C2 servers, and understand adversary tactics.
6 Questions
Amadey - APT-C-36
Endpoint Forensics
Medium
30min
Reconstruct Amadey Trojan behavior by analyzing memory dumps with Volatility3 to identify malicious processes, C2 communications, payload delivery, and persistence mechanisms.
7 Questions
Lespion
Threat Intel
Easy
30min
Investigate an insider threat by analyzing GitHub repositories for exposed credentials, using OSINT tools to correlate online accounts, and performing image analysis to identify locations.
9 Questions
The Crime
Endpoint Forensics
Easy
1hr
Utilize ALEAPP to analyze Android device artifacts, reconstructing a victim's financial details, movements, and communication patterns.
6 Questions
PsExec Hunt
Network Forensics
Easy
30min
Analyze SMB traffic in a PCAP file using Wireshark to identify PsExec lateral movement, compromised systems, user credentials, and administrative shares.
7 Questions
Red Stealer
Threat Intel
Easy
30min
Analyze a suspicious executable using VirusTotal and MalwareBazaar to extract IOCs, identify C2 infrastructure, MITRE ATT&CK techniques, and privilege escalation mechanisms.
9 Questions
3CX Supply Chain
Threat Intel
Easy
45min
Reconstruct the 3CX supply chain attack by analyzing compromised MSI and DLL artifacts to identify TTPs and attribute the incident to a threat actor.
9 Questions
DanaBot
Network Forensics
Easy
30min
Analyze network traffic using Wireshark to identify DanaBot initial access, deobfuscate malicious JavaScript, and extract IOCs like IPs, file hashes, and execution processes.
6 Questions
Volatility Traces
Endpoint Forensics
Easy
30min
Analyze a memory dump using Volatility to identify malicious processes, persistence mechanisms, defense evasion techniques, and map them to MITRE ATT&CK.
7 Questions
Insider
Endpoint Forensics
Easy
45min
Analyze Linux disk image artifacts, including logs and Bash history, using FTK Imager to investigate insider threat activities and reconstruct user actions.
11 Questions
NerisBot
Threat Hunting
Easy
30min
Reconstruct the attack timeline by correlating Suricata and Zeek logs in Splunk to identify malicious IPs, C2 domains, targeted hosts, and file hashes.
5 Questions
Ramnit
Endpoint Forensics
Easy
30min
Analyze a memory dump using Volatility to identify a malicious process, extract network IOCs, file hash, and compilation timestamp, correlating with external threat intelligence.
7 Questions
GrabThePhisher
Threat Intel
Easy
45min
Analyze a cryptocurrency phishing kit to identify exfiltration methods, extract critical IOCs, and gather threat actor intelligence using local logs and Telegram APIs.
10 Questions
PacketDetective
Network Forensics
Easy
50min
Analyze network traffic in PCAP files using Wireshark to extract IOCs and reconstruct attacker tactics like authentication and remote execution.
8 Questions
JetBrains
Network Forensics
Easy
1hr
Analyze network traffic using Wireshark to identify web server exploitation, extract attacker IOCs and persistence mechanisms, and map attack techniques to MITRE ATT&CK.
9 Questions
RetailBreach
Network Forensics
Easy
45min
Investigate network traffic with Wireshark to identify attacker TTPs, extract XSS payloads and session tokens, and determine exploited web application vulnerabilities.
7 Questions
AWSRaid
Cloud Forensics
Easy
30min
Investigate AWS CloudTrail logs using Splunk to identify unauthorized access, analyze configuration changes, and detect persistence mechanisms.
6 Questions
Tomcat Takeover
Network Forensics
Easy
30min
Analyze network traffic using Wireshark's custom columns, filters, and statistics to identify suspicious web server administration access and potential compromise.
8 Questions
REvil - GOLD SOUTHFIELD
Threat Hunting
Easy
1hr 15min
Analyze Sysmon logs in Elastic SIEM to investigate REvil ransomware attack behaviors, decode recovery sabotage commands, and identify IOCs including the C2 onion domain.
6 Questions
XXE Infiltration
Network Forensics
Easy
45min
Analyze PCAP data using Wireshark to identify XXE vulnerabilities, extract compromised credentials, and detect web shell uploads for persistence.
7 Questions
RedLine
Endpoint Forensics
Easy
45min
Employ Volatility to analyze a memory dump, identifying suspicious processes, network IOCs, memory protections, and attacker's command-and-control infrastructure.
7 Questions
IcedID
Threat Intel
Easy
30min
Investigate IcedID malware using VirusTotal and threat intelligence platforms to identify IOCs, associated threat actors, and execution mechanisms.
6 Questions
AzureHunt
Cloud Forensics
Easy
30min
Correlate Azure AD, Activity, and Blob Storage logs in Elastic Stack to reconstruct an attack timeline, identifying initial access, lateral movement, persistence, and data exfiltration.
11 Questions
XMRig
Endpoint Forensics
Medium
1hr 30min
Reconstruct attacker methods on a Linux system by analyzing a disk image, recovering deleted files with Photorec, and correlating logs, command history, and configuration files.
12 Questions
Andromeda Bot - UNC4210
Endpoint Forensics
Medium
1hr
Analyze memory images and event logs using MemProcFS, EvtxECmd, and Timeline Explorer to identify Andromeda bot IOCs, reconstruct its infection timeline, and attribute it to an APT group.
7 Questions
Web Investigation
Network Forensics
Easy
45min
Examine network traffic with Wireshark to investigate web server compromise, identify SQL injection, extract attacker credentials, and detect uploaded malware.
9 Questions
Reveal
Endpoint Forensics
Easy
45min
Reconstruct a multi-stage attack by analyzing Windows memory dumps using Volatility 3, identifying malicious processes, command lines, and correlating findings with threat intelligence.
7 Questions