3 labs

Intro Defensive Investigation

Hands-on guided training track with isolated lab sessions and progress tracking.

Windows Logon Anomaly Triage

Use host and auth logs to identify suspicious authentication behavior.

40 min
Open lab

PowerShell Execution Review

Investigate command history and encoded PowerShell usage.

40 min
Open lab

Webshell Hunting Intro

Review web logs and files to determine whether a webshell was deployed.

40 min
Open lab