# Home Lab: C2 Detection, Ransomware Defense & YARA Automation

- [SOC Lab – What is this Lab about ? ](https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/soc-lab-what-is-this-lab-about.md): This SOC (Security Operations Center) Lab is designed for hands-on blue team training, helping analysts detect, analyze, and respond to cyber threats in a simulated environment. The lab follows real-w
- [Part 1 - Setting Up the Environment](https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-1-setting-up-the-environment.md): Designed for SOC analysts, it simulates real-world cybersecurity scenarios using LimaCharlie, Sysmon, C2 Framework(sliver-server),
- [Part 2 - Detecting C2 Activity](https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-2-detecting-c2-activity.md): A hands-on SOC lab for detecting and analyzing C2 activity using Sliver and LimaCharlie, covering payload execution, process monitoring, and network forensics
- [Part 3 - Credential Dumping & Threat Detection](https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-3-credential-dumping-and-threat-detection.md): Simulating adversary tactics in a SOC lab by using Sliver C2 to dump LSASS credentials, analyzing telemetry in LimaCharlie, and creating detection rules to identify credential theft attempts.
- [Part 4 - Blocking Ransomware](https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-4-blocking-ransomware.md): Blocking ransomware by detecting and stopping harmful commands in LimaCharlie. This guide shows how to prevent attackers from deleting backups.
- [Part 5 - Reducing False Positives](https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-5-reducing-false-positives.md): This section is an additional part that explains the false positive detection of the svchost rule test. It helps refine the rule to reduce unnecessary alerts.
- [Part 6 - Automated YARA Scanning](https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-6-automated-yara-scanning.md): Learn how to automate YARA scanning with LimaCharlie for real-time malware detection. This guide covers setting up YARA rules, configuring automated scans, and detecting Sliver C2 implants in files an


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://osamaa.gitbook.io/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.