Advent of Cyber 2025

Daily festive challenges and 30% off annual subscriptions

28days
:
17hr
:
05min
:
41sec
Subscribe now
Back to all modules

Windows Security Monitoring

Windows Security Monitoring icon

Learn how Windows logging works and how you can use it to detect common Windows attacks - all through real-world examples and challenging, hands-on threat detection labs.

This module explores the Windows attacks and defenses directly on the host, without SIEM abstractions. You will use Event Viewer, the command line, and file system navigation to detect real malware samples and learn the corresponding MITRE techniques. This hands-on experience will sharpen your Windows skills and prepare you for real-world SOC work.

Windows Security Monitoring icon
image

0%

Windows Logging for SOC

Start your Windows monitoring journey by learning how to use system logs to detect threats.

image

0%

Windows Threat Detection 1

Explore common Initial Access methods on Windows and learn how to detect them.

image

0%

Windows Threat Detection 2

Discover how to detect and analyze the first steps of threat actors after breaching Windows.

image

0%

Windows Threat Detection 3

Learn how threat actors manage to maintain access to the breached Windows hosts.

Next steps

Next steps: Linux Security Monitoring

Linux Security Monitoring

Learn how Linux logging works and how you can use it to detect common Linux attacks - all through real-world examples and challenging, hands-on threat detection labs.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Module tree diagram

We use cookies to ensure you get the best user experience. For more information contact us.

Read more