# Home Lab: C2 Detection, Ransomware Defense & YARA Automation

- [SOC Lab – What is this Lab about ? ](/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/soc-lab-what-is-this-lab-about.md): This SOC (Security Operations Center) Lab is designed for hands-on blue team training, helping analysts detect, analyze, and respond to cyber threats in a simulated environment. The lab follows real-w
- [Part 1 - Setting Up the Environment](/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-1-setting-up-the-environment.md): Designed for SOC analysts, it simulates real-world cybersecurity scenarios using LimaCharlie, Sysmon, C2 Framework(sliver-server),
- [Part 2 - Detecting C2 Activity](/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-2-detecting-c2-activity.md): A hands-on SOC lab for detecting and analyzing C2 activity using Sliver and LimaCharlie, covering payload execution, process monitoring, and network forensics
- [Part 3 - Credential Dumping & Threat Detection](/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-3-credential-dumping-and-threat-detection.md): Simulating adversary tactics in a SOC lab by using Sliver C2 to dump LSASS credentials, analyzing telemetry in LimaCharlie, and creating detection rules to identify credential theft attempts.
- [Part 4 - Blocking Ransomware](/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-4-blocking-ransomware.md): Blocking ransomware by detecting and stopping harmful commands in LimaCharlie. This guide shows how to prevent attackers from deleting backups.
- [Part 5 - Reducing False Positives](/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-5-reducing-false-positives.md): This section is an additional part that explains the false positive detection of the svchost rule test. It helps refine the rule to reduce unnecessary alerts.
- [Part 6 - Automated YARA Scanning](/osama_homepage/cybersecurity-soc-analyst-labs/home-lab-c2-detection-ransomware-defense-and-yara-automation/part-6-automated-yara-scanning.md): Learn how to automate YARA scanning with LimaCharlie for real-time malware detection. This guide covers setting up YARA rules, configuring automated scans, and detecting Sliver C2 implants in files an