// Hands-on SOC & Blue Team Labs
Practical, downloadable cybersecurity labs designed for SOC analysts, incident responders, and blue team defenders. No fluff — just real scenarios.
Jump into our most popular labs. Each includes a full walkthrough, downloadable VM, and real IOC data.
Learn to triage alerts in a simulated SOC environment. Analyze Splunk dashboards, correlate events, and identify true vs false positives.
Detect and respond to an RDP brute force attack using Windows Event Logs and Splunk. Identify attacker patterns and build detection rules.
Analyze obfuscated PowerShell scripts and memory artifacts. Understand living-off-the-land techniques used by threat actors.
Most cybersecurity training is either too theoretical or locked behind expensive subscriptions. shewag-secops gives you real scenarios, downloadable environments, and no-bullshit walkthroughs — all free.
About the Platform →VirtualBox OVA files. Spin up isolated environments on your machine.
Based on actual attack patterns from threat intelligence reports.
All labs are free. No account required. No subscriptions.
Stuck? Each lab includes a detailed step-by-step walkthrough.
A step-by-step guide to building a fully functional SOC lab using free tools and VirtualBox on any machine.
Step-by-step detection methodology for identifying Cobalt Strike C2 traffic patterns using SPL queries.
A practical reference covering the 20 most critical Windows Event IDs for threat detection and incident response.
Pick a lab, download the VM, and start hunting. No account needed.