000-BHIS-Lab-Directory
These labs were initially completed the first time I took John Strand's "SOC Core Skills" course in March of 2024, and were touched-up and uploaded over the course of 2024. In June of 2025, I discovered that the VM and labs were updated. So just bear in mind that any published labs from before June 2025 will contain old information until I revisit them.
Generally speaking, these labs also need some formatting cleanup etc., and I'll get to that as I update each one.
| BHIS Lab Write-Ups | Lab Page | Last Updated |
|---|---|---|
| 00-BHIS-SOCC-lab-Config | John Strand Training Lab – Download Instructions | 2024, Aug 25 |
| 01-BHIS-SOCC-lab-LinuxHostConfig | John Strand Training Lab – Download Instructions | 2024, Aug 25 |
| BHIS-SOCC-lab-DeepBlueCLI | DeepBlueCLI | 2024, Aug 25 |
| BHIS-SOCC-lab-FirewallLog | Firewall Log Review | 2024, Aug 25 |
| BHIS-SOCC-lab-LinuxCLI | LinuxCLI | 2024, Aug 25 |
| BHIS-SOCC-lab-MemoryAnalyses | MemoryAnalysis(Volatility) | 2024, Aug 25 |
| BHIS-SOCC-lab-Sysmon | Sysmon | 2024, Aug 25 |
| BHIS-SOCC-lab-tcpdump | TCPDump | 2024, Aug 25 |
| BHIS-SOCC-lab-WindowsCLI | WindowsCLI | 2024, Aug 25 |
IntroLabs/IntroClassFiles/navigation.md at master · strandjs/IntroLabs · GitHub
Intro to SOC
- Linux CLI
- Memory Analysis (Volatility)
- TCPDump
- Web Log Review
- WindowsCLI
- Wireshark
- RITA And AC Hunter
- Nessus
- Web Testing
- DeepBlueCLI
- Domain Log Review
- Velociraptor
- Firewall Log Review
- AC Hunter CE
- Hunting DCSync, Sharepoint and Kerberoasting
Intro to Security
- Applocker
- Atomic RedTeam and Bluespawn
- DeepBlueCLI
- Nessus
- Host Firewalls and Nmap
- Password Cracking
- Password Spraying
- Responder
- RITA and AC Hunter
- Sysmon
- Web Testing
- Azure IR
- AC Hunter CE
- PingCastle
- Wireless
Cyber Deception/Active Defense