SOC Lab – What is this Lab about ?

This SOC (Security Operations Center) Lab is designed for hands-on blue team training, helping analysts detect, analyze, and respond to cyber threats in a simulated environment. The lab follows real-w

This guide is inspired by So You Want to Be a SOC Analyst by the Eric Capuano. Huge thanks to him for sharing such valuable insights. 👏

What This Lab Covers?

✅ Setting Up a Secure Monitoring Environment

• Installing Windows 10 VM and Ubuntu Server

• Deploying Sysmon & LimaCharlie EDR for endpoint visibility

• Setting up Sliver C2 to simulate attacker tactics

✅ Detecting and Analyzing Cyber Attacks

• Executing Command & Control (C2) payloads to simulate real-world threats

• Monitoring process activity, network connections, and file system changes

• Creating detection rules to flag suspicious activities

✅ Investigating Credential Dumping

• Simulating LSASS credential dumping (used in attacks like Mimikatz)

• Using LimaCharlie to identify and respond to credential theft attempts

✅ Blocking Ransomware Attacks

• Detecting ransomware behavior (e.g., deleting Volume Shadow Copies)

• Implementing automated responses to block malicious actions

✅ Reducing False Positives

• Fine-tuning detection rules to avoid alert fatigue

• Focusing on legitimate vs. malicious process behavior

✅ Automating Malware Detection with YARA

• Writing YARA rules to detect malware patterns

• Setting up real-time file and process scanning