# SOC Lab – What is this Lab about ? 

> **This guide is inspired by** [**So You Want to Be a SOC Analyst**](https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro) **by the Eric Capuano. Huge thanks to him for sharing such valuable insights. 👏**  

#### **What This Lab Covers?**

✅ **Setting Up a Secure Monitoring Environment**

* Installing **Windows 10 VM** and **Ubuntu Server**
* Deploying **Sysmon & LimaCharlie EDR** for endpoint visibility
* Setting up **Sliver C2** to simulate attacker tactics

✅ **Detecting and Analyzing Cyber Attacks**

* Executing **Command & Control (C2) payloads** to simulate real-world threats
* Monitoring **process activity, network connections, and file system changes**
* Creating **detection rules** to flag suspicious activities

✅ **Investigating Credential Dumping**

* Simulating **LSASS credential dumping** (used in attacks like Mimikatz)
* Using LimaCharlie to **identify and respond to credential theft attempts**

✅ **Blocking Ransomware Attacks**

* Detecting **ransomware behavior** (e.g., deleting Volume Shadow Copies)
* Implementing **automated responses** to block malicious actions

✅ **Reducing False Positives**

* Fine-tuning **detection rules** to avoid alert fatigue
* Focusing on **legitimate vs. malicious process behavior**

✅ **Automating Malware Detection with YARA**

* Writing **YARA rules** to detect malware patterns
* Setting up **real-time file and process scanning**