SOC Analyst Tier 3
Excel in proactive defense with advanced threat hunting, forensic investigations, and complex incident management. This track equips you for senior analyst roles in high-stakes SOC environments.
T1059-007
Malware Analysis
Hard
Analyze malware file system activity with ProcMon, identify scheduled task persistence using AutoRuns, and configure PowerShell logging for script execution.
6 Questions
PaloAltoRCE - UTA0218
Threat Hunting
Hard
Reconstruct a Palo Alto RCE attack timeline by analyzing firewall logs in ELK, identifying initial access, reverse shell, persistence, and data exfiltration artifacts.
6 Questions
SolarDisruption
Network Forensics
Hard
1hr 30min
Investigate PLC network traffic and system logs to identify insider manipulation attempts and determine the cause of the solar panel disruption at AetherCore Technologies.
12 Questions
XZBackDoor
Endpoint Forensics
Hard
2hrs
Investigate a Linux server compromise by analyzing the XZ backdoor, web shell, log data, and OSINT to uncover attacker TTPs and extract critical IOCs.
10 Questions
SpottedInTheWild
Endpoint Forensics
Hard
Reconstruct an attack timeline by analyzing disk images, event logs, and malicious scripts to identify initial access, persistence, and data exfiltration techniques.
9 Questions
GhostDetect
Malware Analysis
Hard
Investigate a multi-stage phishing attack by analyzing LNK files, de-obfuscating scripts, identifying C2, decrypting payloads, and attributing the TTPs to the UAC-0057 APT group.
9 Questions
Brutal Tank
Threat Hunting
Hard
Reconstruct an ICS attack chain by analyzing network traffic with Arkime and Wireshark to identify PLC compromise, I/O manipulation, and classify techniques using MITRE ATT&CK for ICS.
8 Questions
Zerologon
Endpoint Forensics
Hard
Reconstruct a multi-stage attack by analyzing Windows event logs, USN Journal, and registry artifacts to identify TTPs, C2, and persistence mechanisms.
13 Questions
TheTruth
Endpoint Forensics
Medium
Reconstruct an Android attack timeline using forensic artifacts to identify RatMilad malware, extract its C2, and attribute a fraudulent transaction.
8 Questions
ProPDF
Malware Analysis
Hard
4hr 30min
Reconstruct a malicious PDF attack chain by analyzing embedded JavaScript, extracting the PE payload, identifying Windows API calls, and uncovering the C2 server and downloaded file.
6 Questions
OceanLotus
Malware Analysis
Hard
Analyze a memory dump using forensic techniques to identify artifacts from a spear-phishing attack and trace its origin.
12 Questions
ProxyShell
Network Forensics
Hard
2hr 30min
Analyze network traffic to identify exploitation attempts targeting the ProxyShell vulnerability and extract relevant indicators of compromise.
10 Questions
ProxyLogon - HAFNIUM
Threat Hunting
Hard
Investigate SIEM logs using GrayLog to identify indicators of compromise associated with the ProxyLogon vulnerability (CVE-2021-26855).
10 Questions
Hafnium APT
Threat Hunting
Hard
Correlate Windows Defender, Sysmon, and Security logs in Elastic Stack to reconstruct HafinumAPT's initial access, persistence, and lateral movement TTPs.
27 Questions
NintendoHunt
Endpoint Forensics
Hard
Analyze a Windows memory dump using Volatility to identify malicious processes, extract hidden data, investigate registry artifacts, and uncover user activity and persistence mechanisms.
6 Questions
Patrick
Endpoint Forensics
Hard
Investigate iOS device artifacts using iLEAPP and SQLite Browser to identify anomalous user behavior and potential illicit activity.
15 Questions
TeamSpy
Endpoint Forensics
Hard
Reconstruct the attack timeline by analyzing memory dumps and suspicious document files using Volatility, OfficeMalScanner, and VirusTotal.
16 Questions
PwnedDC - FIN7
Endpoint Forensics
Hard
2hrs
Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.
12 Questions
Ransomed
Malware Analysis
Hard
2hrs
Reconstruct advanced malware execution by performing dynamic analysis and memory forensics to diagnose process hollowing, dynamic API resolution, and string obfuscation.
11 Questions
DeepDive
Endpoint Forensics
Hard
Analyze a memory dump with Volatility to uncover hidden Emotet malware, investigate its code injection, and reconstruct kernel-level evasion tactics like DKOM.
10 Questions
LTE Fallen Wall
Threat Hunting
Hard
Reconstruct a Diameter signaling attack on an LTE core network using Kibana to identify 2FA bypass and unauthorized transactions.
18 Questions
NukeTheBrowser
Network Forensics
Hard
Analyze network traffic, deobfuscate JavaScript, and examine shellcode to reconstruct a drive-by download attack chain, identifying malware, exploits, and attack methodology using Wireshark and forensic tools.
14 Questions
BankingTroubles
Endpoint Forensics
Hard
Evaluate a memory image using Volatility and forensic tools to reconstruct the attack chain initiated by a malicious PDF with JavaScript.
15 Questions
Flareon 4
Malware Analysis
Hard
Integrate diverse reverse engineering tools and techniques to synthesize solutions for advanced, multi-platform malware analysis challenges.
12 Questions
Boss Of The SOC v3
Threat Hunting
Hard
Apply Splunk search queries to extract information and answer questions from provided log data.
58 Questions
Boss Of The SOC v2
Threat Hunting
Hard
Apply Attack-Based Hunting methodology using Splunk to analyze and correlate diverse network and host logs, identifying multiple distinct cyberattack scenarios.
37 Questions