[ SOC ]
Security Operations Center
A working blue team — open every term.
The SOC runs like a real shift. Analyst stations are dual-monitor with the SIEM up on one and the ticketing system on the other. You rotate through triage, escalation, and on-call — and every shift ends with a written hand-off note.
STATIONS
LINE ITEMS
EXERCISES
STUDENT WORK
// what_you_do_here
THE WORK.
- 01Work the SIEM queue — triage, investigate, document
- 02Run the IR playbook on a contained incident
- 03Hunt indicators across endpoint + network telemetry
- 04Hand off your shift with a written report and open tickets
- 05Tune detection rules to cut noise
// equipment
THE GEAR.
Same stack listed on every job posting in this field.
- ●Splunk + Elastic SIEM
- ●Velociraptor endpoint telemetry
- ●Open-source threat intel feeds
- ●Internal ticketing + IR runbooks
- ●Dual-monitor analyst stations
- ●Wall-mounted ops display
- Splunk
- Elastic
- Velociraptor
- MITRE ATT&CK
- Sigma
// from_this_lab
STUDENT WORK
FROM HERE.
- SOCIncident Response
Live SOC Tabletop · Multi-stage Intrusion
Cohort defended against a multi-stage intrusion in the SOC lab — phishing → credential theft → lateral movement.
↗ See the work - PCAPWireshark
PCAP Hunt · Detect a C2 Beacon
Wireshark deep-dive — identified a beaconing C2 channel hidden in DNS traffic and wrote detection rules.
↗ See the work - GrafanaObservability
SOC Dashboard · Grafana + Loki
Capstone dashboard surfacing auth failures, geo-anomalies, and beaconing across the lab estate.
↗ See the work
// who_uses_it
PROGRAMS HERE.
- [ CYBER ]
Cybersecurity & Networking
Defend the systems the world runs on. Hands-on training in network defense, threat detection, and security operations.
↗ Explore CYBER
// tour