← All labs

[ SOC ]

Security Operations Center

A working blue team — open every term.

The SOC runs like a real shift. Analyst stations are dual-monitor with the SIEM up on one and the ticketing system on the other. You rotate through triage, escalation, and on-call — and every shift ends with a written hand-off note.

Capacity
12

STATIONS

Equipment
6

LINE ITEMS

Activities
5

EXERCISES

Projects
3

STUDENT WORK

// what_you_do_here

THE WORK.

  • 01Work the SIEM queue — triage, investigate, document
  • 02Run the IR playbook on a contained incident
  • 03Hunt indicators across endpoint + network telemetry
  • 04Hand off your shift with a written report and open tickets
  • 05Tune detection rules to cut noise

// equipment

THE GEAR.

Same stack listed on every job posting in this field.

  • Splunk + Elastic SIEM
  • Velociraptor endpoint telemetry
  • Open-source threat intel feeds
  • Internal ticketing + IR runbooks
  • Dual-monitor analyst stations
  • Wall-mounted ops display
  • Splunk
  • Elastic
  • Velociraptor
  • MITRE ATT&CK
  • Sigma

// from_this_lab

STUDENT WORK
FROM HERE.

↗ All student work
  • SOCIncident Response

    Live SOC Tabletop · Multi-stage Intrusion

    Cohort defended against a multi-stage intrusion in the SOC lab — phishing → credential theft → lateral movement.

    ↗ See the work
  • PCAPWireshark

    PCAP Hunt · Detect a C2 Beacon

    Wireshark deep-dive — identified a beaconing C2 channel hidden in DNS traffic and wrote detection rules.

    ↗ See the work
  • GrafanaObservability

    SOC Dashboard · Grafana + Loki

    Capstone dashboard surfacing auth failures, geo-anomalies, and beaconing across the lab estate.

    ↗ See the work

// who_uses_it

PROGRAMS HERE.

  • [ CYBER ]

    Cybersecurity & Networking

    Defend the systems the world runs on. Hands-on training in network defense, threat detection, and security operations.

    ↗ Explore CYBER

// tour

Come walk this lab.