| # | Lab | Category | Difficulty | Tools |
|---|---|---|---|---|
| 1 | PsExec Hunt | Analyze SMB traffic in a PCAP file using Wireshark to identify PsExec lateral movement | eazy | Wireshark , linux |
| 2 | Tomcat Takeover | Analyze PCAP to identify Tomcat compromise: upload/exploit, webshell, C2 and post-exploitation activity | Easy | Wireshark, NetworkMiner |
| 3 | Crack the Hash | Identify and crack captured password hashes using Hashcat; document methods and findings | Easy | Hashcat, CrackStaion |
| 4 | XMLRat | Analyze network traffic to identify malware delivery, deobfuscate scripts | Easy | Wireshark, Virustotal |
| 5 | IcedID Analysis | Static & dynamic analysis of IcedID sample; extract C2 indicators and IOCs | Medium | VirusTotal, strings, YARA, Python, Wireshark |
| 6 | Disk Analysis & Autopsy | Use Autopsy to investigate rtifacts of Disk image | Medium | Autopsy |
| 7 | Web Investigation Lab | Examine the traffic investigate the web server compromise | Easy | Wireshark,Newtwork miner |
| 8 | 3CX_Supply_Chain | Threat intel analysis of the 3CX supply-chain compromise | Easy | VirusTotal |
| 9 | Red Stealer | Analyze suspicious executable to extract IOCs, identify C2 infra, and map MITRE ATT&CK techniques | Easy | VirusTotal, MalwareBazaar, ThreatFox, ANY.RUN, Whois |