Whoami
  • Welcome
  • Home Lab: C2 Detection, Ransomware Defense & YARA Automation
    • SOC Lab – What is this Lab about ?
    • Part 1 - Setting Up the Environment
    • Part 2 - Detecting C2 Activity
    • Part 3 - Credential Dumping & Threat Detection
    • Part 4 - Blocking Ransomware
    • Part 5 - Reducing False Positives
    • Part 6 - Automated YARA Scanning
  • Automation Lab - Home Project
    • Sysmon Installation
    • Wazuh & TheHive: Installation, Configuration, and Optimization
    • Tracking Mimikatz Activity with Wazuh & Sysmon Logs
    • End-to-End Alert Automation: Wazuh → Shuffle → TheHive
  • Active Directory Attack Lab: Recon-to-Root
    • Reconnaissance Phase
      • 1. Full TCP Port Scan on Target Host
      • 2. Service and Version Detection
      • 3. Null Session SMB Enumeration
      • 4. LDAP Anonymous Bind Check
      • 5. Kerberos Username Enumeration
      • 6. Password Brute Force via SMB Login
    • Exploitation Phase
      • 7. Dump Domain Information via LDAP
      • 8. Perform Remote AD Recon with BloodHound
      • 9. Set Up Neo4j and Launch BloodHound GUI
      • 10. Abuse ForceChangePassword Right via RPC
      • 11. Validate New Credentials via WinRM
      • 12. Enumerate Local Privileges and AutoLogon
      • 13. Reuse Administrator Credentials
      • 14. Capture the User Flag
  • QRadar101 Lab Challenge
    • Scenario and Instructions
    • The Walkthrough
Powered by GitBook
On this page
  1. Home Lab: C2 Detection, Ransomware Defense & YARA Automation

SOC Lab – What is this Lab about ?

This SOC (Security Operations Center) Lab is designed for hands-on blue team training, helping analysts detect, analyze, and respond to cyber threats in a simulated environment. The lab follows real-w

PreviousHome Lab: C2 Detection, Ransomware Defense & YARA AutomationNextPart 1 - Setting Up the Environment

Last updated 3 months ago

This guide is inspired by by the Eric Capuano. Huge thanks to him for sharing such valuable insights. 👏

What This Lab Covers?

✅ Setting Up a Secure Monitoring Environment

  • Installing Windows 10 VM and Ubuntu Server

  • Deploying Sysmon & LimaCharlie EDR for endpoint visibility

  • Setting up Sliver C2 to simulate attacker tactics

✅ Detecting and Analyzing Cyber Attacks

  • Executing Command & Control (C2) payloads to simulate real-world threats

  • Monitoring process activity, network connections, and file system changes

  • Creating detection rules to flag suspicious activities

✅ Investigating Credential Dumping

  • Simulating LSASS credential dumping (used in attacks like Mimikatz)

  • Using LimaCharlie to identify and respond to credential theft attempts

✅ Blocking Ransomware Attacks

  • Detecting ransomware behavior (e.g., deleting Volume Shadow Copies)

  • Implementing automated responses to block malicious actions

✅ Reducing False Positives

  • Fine-tuning detection rules to avoid alert fatigue

  • Focusing on legitimate vs. malicious process behavior

✅ Automating Malware Detection with YARA

  • Writing YARA rules to detect malware patterns

  • Setting up real-time file and process scanning

So You Want to Be a SOC Analyst