← All student work
[ SECURITY LABS ]
Live SOC Tabletop · Multi-stage Intrusion
Cohort defended against a multi-stage intrusion in the SOC lab — phishing → credential theft → lateral movement.
- SOC
- Incident Response
// the_work
A 4-hour tabletop where blue-team students worked alerts as they fired, opened tickets, and walked the chain of custody for evidence. Wrote the post-incident report against NIST 800-61.
// artifacts
FROM THE
PROJECT FILES.
[ 14:08:21 ] alert.id=A-2391 severity=HIGH src.user=jdoe@cite.local src.ip=10.42.7.18 indicator=lsass.dump.candidate detection=defender_ASR action=quarantined next=isolate_host └─ assigned to analyst.shift.B
phish → cred → lateral → priv-esc → exfil ▲ ▲ ▲ ▲ ▲ | | | | └ blocked at egress | | | └ host isolated by ASR | | └ detected via auth anomaly | └ user trained · MFA fatigue └ inbox sandbox match
// more_in_security
More Security Labs.
PCAP Hunt · Detect a C2 Beacon
Wireshark deep-dive — identified a beaconing C2 channel hidden in DNS traffic and wrote detection rules.
↗ See the work
// your_work