In this lab, we will build an automated malware detection and response workflow using Wazuh FIM, VirusTotal integration, and Active Response. When a malware sample is downloaded into a monitored di...

In this blog, we will simulate a brute-force attack in an Active Directory lab using Kali Linux, detect the activity in Splunk using Windows Security logs, create detection queries for failed and s...

This lab focuses on moving from manual log analysis to automated detection. Instead of reviewing every log after an attack, the idea is to simulating attacks and observe what indicators appear duri...

In this blog, you’ll learn how to set up a Wazuh server on Ubuntu and install the Wazuh agent on Windows. We’ll then configure Sysmon log forwarding, enable visibility into all Sysmon events, and f...

Scenario TKM is a tech startup with a few employees, including a junior security engineer, Joe. He ensures the company’s security remains intact. On the 29th of March, 2025, Joe observed some suspi...

Scenario: The SOC has detected suspicious activity indicative of an advanced persistent threat (APT) group known as Volt Typhoon, notorious for targeting high-value organizations. Assume the role o...

RoomLink The Scenario Some employees from your company reported that they can’t log into Outlook. The Exchange system admin also reported that he can’t log in to the Exchange Admin Center. After i...

Scenario Our SIEM alerted us to a suspicious logon event which needs to be looked at immediately . The alert details were that the IP Address and the Source Workstation name were a mismatch .You ar...

In this lab, we analyze a PCAP to uncover an LLMNR/NBT-NS poisoning attack. Step by step, we identify the rogue machine, trace the victim’s mistake, and observe how credentials were captured and co...