WEEK 7

Incident Response -- Capstone Labs

Put it all together

Labs

0 / 8

Complete

0%

Incident Response Capstone Labs

Snort Rules

Write IDS rules to detect specific attacks. Practice signature-based detection patterns.

45 min Eye House

PCAP Forensics

Analyze capture files for evidence of compromise. Extract IOCs and reconstruct attack sequences.

60 min Eye House

Threat Actor Profiling

Identify TTPs (Tactics, Techniques, Procedures) from attack indicators using MITRE ATT&CK.

40 min Eye House

Incident Handling

Full IR lifecycle simulation: preparation, detection, containment, eradication, and recovery.

90 min Eye House

Log Correlation

Cross-reference multiple log sources to build attack timelines and identify patterns.

50 min Eye House

Memory Forensics

Analyze memory dumps for malware artifacts, hidden processes, and injected code.

60 min Eye House

Network Forensics

Reconstruct attacker movements from network data. Track lateral movement and exfiltration.

55 min Eye House

Chain of Custody

Evidence handling and documentation procedures for legal admissibility.

30 min Eye House

Week 7 Evaluation

Complete all capstone labs, then take the Week 7 assessment to test your incident response mastery.

Begin Evaluation
Week 6 | CyberOps Home | Week 8: Final