soc30 / lms
connected
back to day 7
WEEK_1 · DAY_07 · LAB

Lab 7 — Map a Real Breach

Threat frameworks that drive every modern detection program

LAB PROGRESS0/4 steps · 0%

Lab Objectives

  • Use the Lockheed Cyber Kill Chain to describe a breach
  • Navigate the MITRE ATT&CK matrix (tactics, techniques, sub-techniques)
  • Map a real breach to ATT&CK
  • Understand the Diamond Model and Pyramid of Pain

Lab Instructions

  1. 1
    Pick a public breach (Target 2013, SolarWinds, Colonial Pipeline).
  2. 2
    Walk it through the Kill Chain — list one event per stage.
  3. 3
    Map each event to an ATT&CK technique ID.
  4. 4
    Identify which stages your imaginary SOC would have detected.
← LAB 6
Lab 6 — Hunt Office → PowerShell
LAB 8
Lab 8 — Architect a Splunk Deployment