Linux Security Monitoring

Learn how Linux logging works and how you can use it to detect common Linux attacks - all through real-world examples and challenging, hands-on threat detection labs.

This module explores the Linux attacks and defenses directly on the host, without SIEM abstractions. Through hands-on labs, you’ll uncover malware uploads, reverse shells, cryptomining activity and then trace every step back through system and process logs. This hands-on experience will sharpen your Linux skills and prepare you for real-world SOC work.

Linux Logging for SOC

Explore key Linux log sources and learn how to use them in your SOC triage.

Linux Threat Detection 1

Explore how attackers break into Linux systems and how you can detect this in logs.

Linux Threat Detection 2

Explore the first actions of attackers after breaching a Linux server and learn how to detect them.

Linux Threat Detection 3

Cover the last stages of attacks on Linux and learn how they look in system logs.

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

BlackCat

BlackCat claims to have breached your company and posted proof on their leak site. As the SOC analys...

Next steps

Malware Concepts for SOC

In this module, you’ll learn to identify common malware types, understand their purpose, analyse files and understand why living off the land attacks are becoming more common.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.