Defend the Org launches publicly
The platform went live with 5 Skills, 59 Labs, 3 Courses, and 6 Tracks. Browse everything that shipped on day one.
Skills (5)
See all →Detection Engineering
Write and tune detections that catch real-world attacks across SIEM and EDR.
Security Operations
Triage alerts, investigate incidents, and run the SOC playbook end-to-end.
Threat Hunting
Proactively hunt for adversary activity that evaded automated detections.
Incident Response
Drive an incident from detection through containment, eradication, and recovery.
Labs (59)
See all →Detect Lateral Movement via WMI Remote Execution
Identify lateral movement activity where an attacker uses Windows Management Instrumentation (WMI) to execute commands on remote hosts across the network.…
Detect Suspicious Service Account Activity
Identify Windows service accounts performing interactive or remote desktop logons, which violates normal service account behavior and may indicate credential…
Detect Data Exfiltration to External Storage
Identify outbound web traffic to known cloud storage and file-sharing services where the upload volume is anomalously large, suggesting data exfiltration by an…
Detect Outbound Traffic on Non-Standard Ports
Identify outbound network connections on ports not commonly used by legitimate services. Attackers frequently use non-standard ports like 4444, 8888, or random…
Anomalous Outbound Connection Hunt
The network operations team reported that a workstation in the engineering department has been generating an unusual amount of outbound HTTPS traffic during…
Rogue Service Installation Hunt
The endpoint detection team noticed that a workstation in the finance department triggered a low-confidence alert for unusual process activity. Rather than…
Courses (3)
See all →Cybersecurity Fundamentals
Master the core principles of cybersecurity. From the CIA triad to risk management and cryptography, build the foundational knowledge every security…
Networking Fundamentals
Build a solid foundation in networking concepts essential for security professionals. From the OSI model to VPNs, learn how data moves across networks and…
SQL Basics for Security Analysts
Learn the SQL fundamentals you need to investigate security incidents. From your first SELECT to building complete investigation queries — all taught through…
Tracks (6)
See all →Incident Response: Beginner
Learn the fundamentals of incident response — from recognizing an alert to writing a post-mortem. Walk through two guided incidents to practice the full IR…
MITRE ATT&CK: Beginner
Learn the MITRE ATT&CK framework from the ground up. Understand the 14 tactics, learn to read the matrix, and practice mapping real attack scenarios to the…
Threat Hunting: Beginner
Learn the fundamentals of threat hunting — from forming hypotheses to investigating logs and identifying adversary techniques.
Security Operations: Beginner
Learn the fundamentals of security operations — from understanding what a SOC does to triaging your first alerts. Master the core workflow: read the alert,…
Operation Shadow Breach
A targeted attack campaign has hit Meridian Financial. Work with five specialists to triage the alert, build a detection, hunt for lateral movement, map the…
Detection Engineering: Beginner
Master the fundamentals of detection engineering. Learn what detections are, how log data works, how to write your first detection query, and how to assess…