In Windows Forensics 2, I built on what I learned in the first room by diving deeper into specific artifacts that reveal user and attacker activity. This included investigating browser history, USB device connections, and other traces that remain on a Windows machine even after actions are completed. The room emphasized how much information is […]

In the Windows Forensics 1 room, I explored how to investigate a compromised Windows system by digging into the artifacts it leaves behind. I learned where to look for key pieces of evidence like user activity, system information, and traces of persistence. The room walked me through important areas of the Windows file system and

This room introduced me to the world of Digital Forensics and Incident Response (DFIR). I learned the basics of what DFIR entails, the tools and processes used, and how forensic investigations are different from live monitoring or SIEM analysis. It provided an overview of how analysts collect, preserve, and analyze digital evidence. Going through this

In the Benign room, I investigated log data where the challenge was to determine whether activity was truly malicious or simply normal behavior. The focus was on distinguishing real threats from false positives, something SOC analysts deal with every day. By digging through the data, I practiced separating signal from noise and gained a better

The ItsyBitsy room placed me into a hands-on challenge where I had to use SIEM data to identify the early stages of an attack. I worked through log analysis tasks that required filtering, searching, and connecting the dots between different events to figure out what was happening. This room pushed me to think critically and

In this room, I got hands-on experience using the ELK stack (Elasticsearch, Logstash, and Kibana) for security investigations. I learned how to navigate Kibana, search through log data, and use visualizations to uncover suspicious activity. The exercises showed me how powerful ELK is when it comes to parsing and analyzing huge amounts of log data.

In this final room of the Endpoint Security Monitoring module, I worked through another practical exercise focused on endpoint monitoring and detection. I was challenged to dig into data, recognize suspicious activity, and piece together what the attacker had done. This room reinforced everything I learned in the Endpoint Security Monitoring path. It showed me

This room provided a scenario-based challenge where I applied the monitoring skills I had been building. I had to investigate logs and endpoint data to uncover what had happened during a simulated attack. It was a valuable test of my ability to use different tools and interpret data in context. This exercise made me feel

This room introduced me to Wazuh, an open-source security monitoring platform that combines endpoint detection, log analysis, and SIEM features. I explored how it can be deployed and used to monitor systems for threats and anomalies. By working with Wazuh, I learned how it integrates endpoint monitoring with centralized alerting, making it a powerful tool

In this room, I applied what I had learned about Splunk to real-world incident handling scenarios. I analyzed log data to uncover evidence of attacks, such as brute-force attempts and malware activity, and worked through how to respond to those findings. It was a great step up from the basics, showing how Splunk is used