Lab Safety
Practice only in environments you own or are explicitly authorized to test. Use intentionally vulnerable targets, training platforms, and local virtual machines. The goal is skill building, not disruption.
Lab Tracks
Labs and Exercises
These exercises are designed to be repeatable. Each one produces an artifact you can keep, such as a short write up, a set of screenshots, a detection rule, or a small diagram of a network design.
PCAP and Traffic Analysis
Start with packet captures that contain clear protocol behavior, then move toward mixed traffic and anomalies. Aim to answer three questions: what happened, how you know, and what you would do next.
Visibility With Zeek and Logs
Zeek teaches you to think in events, context, and evidence. Practice extracting timelines, mapping hosts to services, and spotting suspicious patterns like beaconing or unusual DNS behavior.
IDS and Detection Engineering
Use Suricata or similar sensors to understand how signatures work, where they fail, and how false positives happen. The goal is detection you can defend with data.
Network Hardening and Segmentation
Design a small network, segment it, and define what is allowed. Then map which logs and controls validate that your design is working. This exercise builds architecture intuition and operational discipline.
Incident Response Fundamentals
Practice triage: collecting relevant logs, preserving evidence, and writing a clear incident timeline. Even at beginner level, clarity and method matter more than speed.