Friendly Link:

Task 1: Introduction

With the rise of AI, cloud computing, and the Internet of Things, Linux systems are getting even more popular than before. However, most Linux breaches still start with common, well-known Initial Access techniques. In this room, you will explore how to detect these techniques using the log sources you learned in the Linux Logging for SOC room.

Learning Objectives

• Understand the role and risk of SSH in Linux environments
• Learn how Internet-exposed services can lead to breaches
• Utilize process tree analysis to identify the origin of the attack
• Practice detecting Initial Access techniques in realistic labs

Prerequisites

• Complete the Linux Logging for SOC room
• Understand the concept of MITRE tactics and techniques
• Know how to navigate Linux without using a GUI
• Be ready for a deep dive into Linux threat detection

Lab Access

Before moving forward, start the lab by clicking the Start Machine button below. The machine will start in split view and will take about two minutes to load. In case the machine is not visible…