Hands-on labs focused on investigations, attacker behavior, email compromise, identity abuse, and practical threat hunting workflows.
Browse category →Practical labs that connect attacker behavior to investigation workflows, detection logic, and real-world defensive decision making.
Simulate an AitM phishing scenario and post-compromise mailbox access path in a safe lab. Learn how EWS-style mailbox interaction fits into business email compromise investigations.
Read lab →Follow a realistic mailbox compromise scenario involving inbox rules, suspicious sign-ins, message activity, and user behavior pivots.
Coming soon →Practice practical KQL for sign-ins, suspicious process activity, email abuse, and investigation pivots across Microsoft security data.
Coming soon →Move from alert review into structured hunting by building hypotheses, validating activity, and documenting findings.
Coming soon →Examine parent-child process relationships, command lines, and execution context to identify suspicious behavior beyond single alerts.
Coming soon →Explore phishing, credential abuse, suspicious remote access, and early-stage attacker behavior that can lead to deeper compromise.
Coming soon →Each lab is designed to connect real attacker behavior with practical defensive analysis, repeatable workflows, and clear investigation outcomes.