SOC Analyst Tier 2
Advance your expertise with hands-on labs focusing on threat detection, in-depth log analysis, and the effective use of SIEM tools for investigating and triaging incidents.
AndroidBreach
Endpoint Forensics
Medium
1hr 30min
Analyze an Android device dump and reverse engineer a malicious APK using ALEAPP and JADX-GUI to identify malware functionality, data exfiltration, and extract compromised credentials.
9 Questions
MeteorHit - Indra
Endpoint Forensics
Medium
1hr 30min
Reconstruct a wiper malware attack by analyzing registry, event logs, and USN journal artifacts using Registry Explorer, Event Log Explorer, and VirusTotal.
10 Questions
AsyncRAT
Malware Analysis
Medium
2hrs
This lab aims to equip learners with practical skills in malware analysis by dissecting a multi-stage AsyncRAT infection. Participants will explore obfuscation techniques, payload extraction, persistence mechanisms, and steganographic methods used in real-world malware, enhancing their ability to detect, analyze, and respond to complex cyber threats.
7 Questions
GoldenSpray
Threat Hunting
Medium
2hrs
Reconstruct a multi-stage intrusion timeline by analyzing Windows and Sysmon event logs within Elastic SIEM to identify key attack tactics, techniques, and procedures.
10 Questions
QBot
Endpoint Forensics
Medium
Reconstruct the QBot malware infection timeline by analyzing memory dumps, identifying malicious processes, files, and network communications using Volatility3 and VirusTotal.
6 Questions
Sigma 101
Detection Engineering
Medium
1hr
Analyze suspicious logs to author custom Sigma rules that detect lateral movement techniques within a SIEM environment.
3 Questions
ShadowRoast
Threat Hunting
Medium
1hr 30min
Investigate and analyze malicious activity in an Active Directory environment using log analysis and Splunk queries to identify initial access, persistence, lateral movement, and data exfiltration techniques.
8 Questions
OpenWire
Network Forensics
Medium
1hr 30min
Investigate a Java deserialization vulnerability in Apache ActiveMQ that enables remote code execution through insecure class loading.
8 Questions
GoogleCloudHunt
Cloud Forensics
Medium
1hr 30min
Learn cloud forensics by analyzing Google Cloud logs with JQ to identify compromised accounts, data exfiltration, and attacker persistence methods in a simulated breach scenario.
9 Questions
S3CredentialsHunt
Cloud Forensics
Medium
1hr 30min
Analyze AWS CloudTrail logs with `jq` to reconstruct attacker TTPs, identify privilege escalation, and detect persistence mechanisms within a compromised cloud environment.
10 Questions
T1595
Network Forensics
Easy
45min
Analyze the PCAP file to identify malicious activity, using tools like Wireshark to detect threats, IP origins, and attacker techniques.
12 Questions
BlackEnergy
Endpoint Forensics
Medium
1hr
Develop practical skills in Windows memory forensics using Volatility by detecting malware indicators, analyzing suspicious processes, and identifying code injection and unauthorized DLLs in a compromised system.
8 Questions
LGDroid
Endpoint Forensics
Medium
1hr 30min
Analyze Android disk images using SQLite, Python, and log analysis to reconstruct user activity and extract key forensic artifacts.
8 Questions
Brave
Endpoint Forensics
Medium
45min
Investigate Windows memory images using Volatility3, PowerShell, and a hex editor to extract system artifacts, analyze processes, network connections, and reconstruct user activity.
10 Questions
MalDoc101
Malware Analysis
Medium
1hr 10min
Analyze obfuscated scripts to identify malicious infrastructure, specifically extracting the first FQDN used to download a trojan, enhancing skills in threat hunting and incident response.
9 Questions
Ulysses
Endpoint Forensics
Medium
1hr 30min
Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.
11 Questions
Akira - Storm-1567
Endpoint Forensics
Medium
1hr 30min
Learn to investigate Akira ransomware using memory forensics to identify IOCs, analyze attacker behavior, reconstruct timelines, and uncover system compromise, defense evasion, and persistence methods.
10 Questions
Stealthy Ascent
Endpoint Forensics
Medium
2hrs
Reconstruct a Linux system's unauthorized access and ransomware incident by analyzing logs, browser, and email artifacts, decrypting payloads, and identifying persistence.
12 Questions
PhishStrike
Threat Intel
Medium
1hr
Analyze email headers and threat intelligence to identify phishing indicators, malware persistence, and C2 channels, extracting actionable IOCs.
11 Questions
IMDSv1
Cloud Forensics
Medium
1hr
Analyze network traffic and AWS CloudTrail logs using Wireshark and JQ to reconstruct an IMDSv1 SSRF exploitation and subsequent data exfiltration attack.
10 Questions
Trigona Ransomware - Water Ungaw
Endpoint Forensics
Medium
1hr
Learn to investigate ransomware attacks by analyzing logs, registry entries, and artifacts to trace attacker actions, tools used, and identify indicators of compromise.
11 Questions
AgentTesla
Malware Analysis
Medium
1hr
Learn to analyze and dissect Agent Tesla malware by unpacking, identifying embedded scripts, tracing data exfiltration, detecting persistence mechanisms, and understanding anti-VM evasion techniques.
8 Questions
LummaStealer - Angry Likho
Endpoint Forensics
Medium
1hr
Analyze multi-stage malware behavior, decode obfuscated scripts, trace execution flow, and identify evasion, persistence, and exfiltration tactics using forensic tools.
7 Questions
IcedID 2 - GOLD CABIN
Endpoint Forensics
Medium
1hr
Analyze memory artifacts and trace a ransomware attack's origin, execution, and persistence using forensic tools like Volatility 3 and MemProcFS.
6 Questions
ATMii
Malware Analysis
Medium
1hr
Understand and analyze ATM-targeting malware using static analysis tools, identify malicious behaviors, and trace how malware exploits legitimate APIs like XFS to manipulate ATM hardware and perform unauthorized actions.
8 Questions
Malicious PyPi
Endpoint Forensics
Medium
1hr
Perform forensic analysis on a compromised Windows system to identify malware, trace attacker activity, and understand persistence mechanisms.
10 Questions
ConfluenceRCE
Endpoint Forensics
Medium
1hr
Investigate a real-world cyberattack, identify compromise indicators, trace attacker activities, and apply forensic and threat intelligence techniques.
7 Questions
Trickbot - WIZARD SPIDER
Threat Intel
Medium
45min
Develop threat intelligence skills by analyzing malware behavior, identifying attack techniques, and uncovering command-and-control infrastructure.
6 Questions
MalaCrypt
Malware Analysis
Medium
1hr
Develop skills in basic and advanced malware analysis, including static, dynamic, and code analysis, to identify, understand, and investigate malicious binaries.
13 Questions
LockBit
Endpoint Forensics
Medium
1hr 30min
Reconstruct a multi-system LockBit ransomware attack chain by correlating Windows event logs, registry artifacts, and PowerShell activity to identify TTPs.
16 Questions
RCEMiner
Network Forensics
Medium
1hr
Correlate network traffic, RCE exploits, and C2 communications using Wireshark to reconstruct a multi-stage web server compromise, cryptomining, and lateral movement.
9 Questions
EcomBreach
Endpoint Forensics
Medium
1hr
Develop skills in forensic analysis, attack chain reconstruction, and threat detection following a web server compromise using Linux forensic techniques.
9 Questions
MSI
Malware Analysis
Medium
1hr
Analyze a malicious MSI installer by deconstructing its components, extracting embedded scripts, identifying C2 communication, and attributing the malware family.
6 Questions
Yara Wizards
Detection Engineering
Medium
1hr
Analyze malware behavior and develop YARA rules for proactive detection by identifying packing methods, entropy levels, and execution patterns.
7 Questions
Kerberoasted
Threat Hunting
Medium
1hr
Detect, analyze, and respond to Kerberoasting attacks by investigating Kerberos logs, identifying compromised accounts, and uncovering attacker persistence methods.
9 Questions
Yara101
Detection Engineering
Medium
1hr
Analyze malware samples, extract IOCs, and create effective YARA rules to detect and classify threats using static analysis techniques.
8 Questions
RARCVE
Malware Analysis
Medium
1hr
Analyze, decrypt, and trace a multi-stage malware infection, uncovering obfuscation techniques, payload delivery methods, and network communication indicators.
7 Questions
BlueSky Ransomware
Network Forensics
Medium
1hr
Reconstruct a BlueSky ransomware attack by analyzing network traffic, decoding PowerShell scripts, and examining persistence mechanisms to identify attacker tactics and IOCs.
16 Questions
TeleStealer
Malware Analysis
Medium
1hr
Analyze packed malware behavior, detect persistence mechanisms, and investigate data exfiltration through dynamic analysis, traffic interception, and reverse engineering techniques.
6 Questions
T1197
Threat Hunting
Medium
1hr
Analyze Windows event logs in Splunk to identify T1197 BITS abuse, LOLBAS usage, attacker IP, and persistence mechanisms.
6 Questions
APT35
Malware Analysis
Medium
1hr 30min
Perform forensic analysis on Android devices to identify, analyze, and mitigate threats from malicious applications and cyber espionage groups like Magic Hound.
10 Questions
KrakenKeylogger
Endpoint Forensics
Medium
1hr
Analyze Windows 10 notification artifacts, installed applications, LNK files, and Applications logs to uncover malicious activity and enhance forensic investigation capabilities.
7 Questions
T1547
Malware Analysis
Medium
1hr
Investigate fileless malware by analyzing registry artifacts, decrypting in-memory payloads, and identifying malware families using forensic tools and reverse engineering techniques.
8 Questions
FalconEye
Threat Hunting
Medium
1hr
Learn to use Splunk for detecting, analyzing, and investigating cybersecurity threats through log analysis, threat hunting, privilege escalation, lateral movement, and advanced attack techniques.
13 Questions
AzurePot
Endpoint Forensics
Medium
1hr
Understand real-world Linux compromise via CVE-2021-41773 by analyzing disk, memory, and system artifacts to identify attacker techniques, persistence methods, and IOCs.
16 Questions
Sysinternals
Endpoint Forensics
Medium
1hr
Conduct endpoint forensic analysis to detect, analyze, and understand malware infections using disk images, registry artifacts, and threat intelligence.
8 Questions
Eli
Endpoint Forensics
Medium
1hr
Learn to perform Chromebook forensic analysis using tools like DB Browser and Notepad++, focusing on user artifacts, browser data, downloads, and Google Takeout for digital investigations.
15 Questions
MrGamer
Endpoint Forensics
Medium
1hr 30min
Develop investigative skills by reconstructing user behavior, tracing digital footprints, and answering contextual questions based on evidence from a compromised system.
16 Questions
Seized
Endpoint Forensics
Medium
1hr
Using Volatility to investigate a Linux compromise, uncovering attacker techniques like persistence, rootkits, and network backdoors, while reinforcing skills in threat hunting and incident response.
9 Questions
MrRobot
Endpoint Forensics
Medium
Reconstruct a multi-stage attack chain using Volatility Framework to analyze memory dumps, identifying malware, persistence, credential theft, lateral movement, and C2 communications across compromised systems.
24 Questions
ElasticCase
Threat Hunting
Medium
Investigate a simulated multi-stage attack to identify compromise and attacker activity using Elastic SIEM.
24 Questions
HawkEye
Network Forensics
Medium
Reconstruct a HawkEye Keylogger data exfiltration incident by analyzing network traffic with Wireshark and CyberChef, identifying IoCs and stolen credentials.
24 Questions
GetPDF
Malware Analysis
Medium
Reconstruct a multi-stage PDF malware attack by analyzing network traffic, dissecting PDF objects, deobfuscating JavaScript, and emulating shellcode to identify payloads and exploited CVEs.
11 Questions
DetectLog4j
Endpoint Forensics
Medium
Synthesize forensic artifacts across registry, logs, and binaries to reconstruct a Log4Shell exploitation attack chain, identifying C2, persistence, and ransomware behavior.
13 Questions
WebLogic
Endpoint Forensics
Medium
Reconstruct a WebLogic server attack timeline by analyzing memory dumps with Volatility and MemProcFS to identify initial access, persistence, C2, and data exfiltration IOCs.
8 Questions
Trident
Network Forensics
Medium
Synthesize network, document, and malware forensics findings to reconstruct a multi-stage phishing attack, identifying exploit chains and C2 communication.
9 Questions
l337 S4uc3
Endpoint Forensics
Medium
Analyze network traffic and memory dumps using Wireshark, Zui, and Volatility to investigate a targeted attack, identify Zeus malware, and reconstruct attacker actions.
21 Questions
Exfiltrated
Endpoint Forensics
Medium
2hrs
Reconstruct a Linux intrusion by analyzing forensic images, system logs, and custom scripts to identify brute-force, privilege escalation, persistence, and exfiltrated data.
9 Questions
Obfuscated
Malware Analysis
Medium
1hr 30min
Deobfuscate multi-stage VBA and JavaScript malware from a Word document, extracting IOCs and reconstructing execution flow with Oledump, CyberChef, and WSH.
18 Questions
Hacked
Endpoint Forensics
Medium
Reconstruct initial access, system modifications, and persistence on a compromised Linux server by analyzing disk images and cracking passwords.
19 Questions
PacketMaze
Network Forensics
Medium
45min
Analyze network traffic using Wireshark to identify suspicious activity, extract IOCs, and uncover authentication details, file transfers, and server information across multiple protocols.
11 Questions
AfricanFalls
Endpoint Forensics
Medium
Reconstruct a suspect's digital activities and intent by analyzing browser history, system artifacts, deleted files, and credentials from a disk image using various forensic tools.
11 Questions
DumpMe
Endpoint Forensics
Medium
Analyze memory dumps using Volatility 2 to identify Meterpreter malware and extract Indicators of Compromise.
16 Questions
HireMe
Endpoint Forensics
Medium
45min
Analyze a disk image to investigate multiple forensic cases by examining registry, event logs, and email artifacts using specified forensic tools.
17 Questions
Phishy
Endpoint Forensics
Medium
Reconstruct an end-to-end phishing attack chain by analyzing disk image, registry, application, and browser artifacts using various forensic tools.
11 Questions
Injector
Endpoint Forensics
Medium
Determine the web server compromise method and attacker actions by analyzing disk images, memory dumps, and registry artifacts using Autopsy, Volatility, and Registry Explorer.
18 Questions
Emprisa Maldoc
Malware Analysis
Medium
Reconstruct fragmented shellcode from a malicious RTF document and emulate its execution using `rtfdump.py` and `scdbg` to identify CVE-2017-11882 payload delivery.
13 Questions
XLM Macros
Malware Analysis
Medium
Analyze Excel 4.0 macros using XLMDeobfuscator and OLEDUMP to identify anti-analysis techniques and subsequent stage download attempts.
14 Questions
Qradar101
Threat Hunting
Medium
Analyze diverse log sources in QRadar SIEM to identify compromised systems, detect malicious tools, and reconstruct the sequence of attack events.
24 Questions
Acoustic
Network Forensics
Medium
Analyze SIP and RTP protocols using Wireshark and BrimSecurity to identify malicious VoIP communication patterns and artifacts.
14 Questions
HoneyBOT
Network Forensics
Medium
Reconstruct a network intrusion by analyzing PCAP traffic with Wireshark, identifying a CVE-2003-0533 exploit, extracting malware, and performing shellcode analysis with scdbg to uncover attacker techniques and IOCs.
14 Questions
Hammered
Endpoint Forensics
Medium
45min
Analyze various Linux system logs using grep, awk, and sed to identify attacker TTPs, persistence, and reconstruct the attack timeline.
12 Questions
GitTheGate
Threat Hunting
Medium
Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.
28 Questions
Intel101
Threat Intel
Medium
30min
Apply open-source intelligence (OSINT) techniques using Whois, Wayback Machine, and Google Lens to investigate digital footprints and extract specific information.
5 Questions
Jailbroken
Endpoint Forensics
Medium
Analyze a jailbroken iOS device's system files, SQLite databases, and application data using forensic tools to reconstruct user activity and identify installed applications.
17 Questions
RE101
Malware Analysis
Medium
Analyze diverse file types including binaries, obfuscated scripts, and corrupted archives using tools like Cutter, hex editors, and debuggers to extract hidden flags and reverse custom encryption.
6 Questions
WireDive
Network Forensics
Medium
1hr 30min
Analyze diverse network traffic using Wireshark to decrypt HTTPS, identify protocol misconfigurations, and extract critical network and system forensic artifacts.
35 Questions
Spotlight
Endpoint Forensics
Medium
Investigate macOS disk images using Autopsy, mac_apt, and SQLite to identify and extract hidden data potentially concealed with steganography.
15 Questions
CorporateSecrets
Endpoint Forensics
Medium
Evaluate a Windows disk image by correlating registry, event log, browser, and MFT artifacts to reconstruct evidence of corporate secret exfiltration.
35 Questions
Hunter
Endpoint Forensics
Medium
Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.
30 Questions
Szechuan Sauce
Endpoint Forensics
Medium
Reconstruct a data exfiltration incident by correlating memory, disk, network, and log artifacts using a suite of forensic tools.
19 Questions
EscapeRoom
Network Forensics
Medium
Reconstruct a multi-stage attack by analyzing network traffic, cracking credentials, and reverse engineering malware using Wireshark, John the Ripper, and IDA Pro to identify persistence and C2 commands.
17 Questions
Malware Traffic Analysis 6
Network Forensics
Medium
Investigate email, document, and network traffic using VirusTotal, oledump, and Wireshark to identify ransomware delivery mechanisms and C2 communications.
14 Questions
Malware Traffic Analysis 5
Network Forensics
Medium
Investigate network traffic using Wireshark, NetworkMiner, and Suricata to identify the specific malicious email responsible for system compromise.
15 Questions
Malware Traffic Analysis 4
Network Forensics
Medium
Reconstruct a malware infection timeline by analyzing network traffic, identifying exploit kit activity, and extracting indicators of compromise using Wireshark and NetworkMiner.
10 Questions
Malware Traffic Analysis 3
Network Forensics
Medium
Synthesize network, binary, and threat intelligence artifacts to reconstruct an exploit kit attack chain, identifying components, deobfuscating payloads, and analyzing binary protections.
12 Questions
Malware Traffic Analysis 2
Network Forensics
Medium
1hr 30min
Reconstruct an exploit kit attack chain from network traffic, identifying the infected host, extracting malware, and determining the exploited CVE using Wireshark and forensic tools.
10 Questions
Malware Traffic Analysis 1
Network Forensics
Medium
Analyze network traffic using Wireshark to identify an infected host, trace an exploit kit infection chain, and extract malicious URLs and file hashes.
10 Questions
Boss Of The SOC v1
Threat Hunting
Medium
Reconstruct multi-stage attack scenarios by analyzing Splunk logs and integrating OSINT from VirusTotal, ThreatCrowd, and WHOXY to identify TTPs and IOCs.
32 Questions