This SOC (Security Operations Center) Lab is designed for hands-on blue team training, helping analysts detect, analyze, and respond to cyber threats in a simulated environment. The lab follows real-w
Last updated
This guide is inspired by by the Eric Capuano. Huge thanks to him for sharing such valuable insights. 👏
✅ Setting Up a Secure Monitoring Environment
Installing Windows 10 VM and Ubuntu Server
Deploying Sysmon & LimaCharlie EDR for endpoint visibility
Setting up Sliver C2 to simulate attacker tactics
✅ Detecting and Analyzing Cyber Attacks
Executing Command & Control (C2) payloads to simulate real-world threats
Monitoring process activity, network connections, and file system changes
Creating detection rules to flag suspicious activities
✅ Investigating Credential Dumping
Simulating LSASS credential dumping (used in attacks like Mimikatz)
Using LimaCharlie to identify and respond to credential theft attempts
✅ Blocking Ransomware Attacks
Detecting ransomware behavior (e.g., deleting Volume Shadow Copies)
Implementing automated responses to block malicious actions
✅ Reducing False Positives
Fine-tuning detection rules to avoid alert fatigue
Focusing on legitimate vs. malicious process behavior
✅ Automating Malware Detection with YARA
Writing YARA rules to detect malware patterns
Setting up real-time file and process scanning
