Advent of Cyber 2025

Daily festive challenges and 30% off annual subscriptions

28days
:
10hr
:
25min
:
38sec
Subscribe now
Back to all modules

Linux Security Monitoring

Linux Security Monitoring icon

Learn how Linux logging works and how you can use it to detect common Linux attacks - all through real-world examples and challenging, hands-on threat detection labs.

This module explores the Linux attacks and defenses directly on the host, without SIEM abstractions. Through hands-on labs, you’ll uncover malware uploads, reverse shells, cryptomining activity and then trace every step back through system and process logs. This hands-on experience will sharpen your Linux skills and prepare you for real-world SOC work.

Linux Security Monitoring icon
image

0%

Linux Logging for SOC

Explore key Linux log sources and learn how to use them in your SOC triage.

image

0%

Linux Threat Detection 1

Explore how attackers break into Linux systems and how you can detect this in logs.

image

0%

Linux Threat Detection 2

Explore the first actions of attackers after breaching a Linux server and learn how to detect them.

image

0%

Linux Threat Detection 3

Cover the last stages of attacks on Linux and learn how they look in system logs.

image

0%

BlackCat

SOC Simulator Scenario

BlackCat claims to have breached your company and posted proof on their leak site. As the SOC analys...

Next steps

Next steps: Malware Concepts for SOC

Malware Concepts for SOC

In this module, you’ll learn to identify common malware types, understand their purpose, analyse files and understand why living off the land attacks are becoming more common.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Module tree diagram

We use cookies to ensure you get the best user experience. For more information contact us.

Read more