π‘οΈ SOC Level 1 Capstone Challenges
π What are SOC Level 1 Capstone Challenges?
The SOC Level 1 Capstone Challenges are advanced, hands-on scenarios that replicate real-world Security Operations Center (SOC) environments.
Each challenge focuses on key aspects of threat detection, incident response, malware analysis, and log correlation β putting all the skills I gained throughout my SOC Level 1 learning path into practice.
π Modules Completed
- Tempest
- Boogeyman 1
- Boogeyman 2
- Boogeyman 3
- Upload and Conquer
- Hidden Hooks
- BlackCat
π― Skills Gained
- Conducting multi-stage SOC investigations from detection to remediation
- Identifying and validating indicators of compromise (IOCs)
- Performing malware analysis and detecting persistence mechanisms
- Investigating ransomware and data exfiltration attempts
- Correlating SIEM alerts with endpoint and network logs
- Documenting and reporting incident findings in a structured format
π Case Studies
1. Boogeyman Series (1β3): Incident Correlation & Threat Detection
In this three-part challenge, I investigated a series of escalating threats inside a simulated enterprise environment.
I started by analyzing suspicious logs in the SIEM, uncovering a phishing campaign that led to privilege escalation and lateral movement.
Through careful event correlation, I identified persistence mechanisms and traced the attackerβs full kill chain β from initial access to data exfiltration.
Read Full Case Study β
2. Tempest Challenge: Full-Scope Threat Investigation
This capstone challenge required performing a complete SOC investigation from alert triage to remediation.
I analyzed endpoint activity, reviewed malicious PowerShell execution, and correlated SIEM events to identify command-and-control communication.
By following structured IR steps, I isolated the compromised endpoint, extracted IOCs, and recommended mitigation controls.
This exercise reinforced my understanding of real-world SOC workflows and incident prioritization.
Read Full Case Study β
β Lessons Learned
- SOC investigations rely on precision, patience, and pattern recognition.
- Effective threat response requires understanding both tactics (TTPs) and context behind alerts.
- Documentation and clear communication are just as vital as technical skills.
- Capstone exercises revealed how different attack stages connect across network and endpoint layers.
π Navigation
- Back to Portfolio Home