Hands-On Lab Workshop: Mastering Threat Detection and Incident Response

Join our Virtual Lab Workshop to explore the Mastering Threat Detection & Incident Response Learning Path. Inspired by a real Pass-the-Hash attack simulation, this session follows a red team campaign across the full cyber kill chain—credential theft, lateral movement, and privilege escalation. Gain hands-on experience with tools like Falcon XDR, Falcon ITDR, Security Onion, and SOAR as you learn to detect and respond to early-stage threats, escalate incidents, and defend Active Directory from Kerberoasting. Work through real-world scenarios with guidance from experienced analysts and red teamers. Ideal for Tier 1 SOC analysts aiming to level up to Tier 2/3 roles. Stick around for live Q&A with our experts.

A one-hour virtual workshop. We kindly ask that you have your laptop ready to engage in hands-on lab activities.
Introductory Experience: Gain a high-level understanding of how it works and its benefits through a guided walkthrough

• Genesis of the Lab.
• Challenges and opportunities encountered during the design of the lab.
• Hands-On Lab: Perform real-time queries.
• Interactive Q&A: Engage with the host and other participants through live Q&A sessions.
• Practical Applications: Discover how the technology can significantly benefit your organization

Goals and Objectives

• Simulate real-world attacks using tools like Responder, Mimikatz, and obfuscated PowerShell to understand adversary behavior from an attacker’s perspective
• Detect and investigate threats with Falcon XDR and Security Onion by correlating behavioral, identity, and network telemetry
• Respond to and contain incidents using Falcon SOAR, including host isolation, credential resets, and automated playbooks
• Fine-tune detection rules and document incidents to reduce false positives and enhance SOC response effectiveness