Last updated: 2025, May 14
Total pages: 6 www.soc-labs.top Homepage

• /1 pages
• Threat Detection Engineer - SOCLabs_Blue Team Cybersecurity & Multi-Platform SIEM Detection Rule Writing Training
• • en/5 pages
  • DetectionHub - Multi-Environment Security Detection Challenges
  • Threat Detection Engineer - SOCLabs_Blue Team Cybersecurity & SIEM Detection Training
  • Threat Detection Engineer - SOCLabs_Blue Team Cybersecurity & SIEM Detection Training
  • Threat Detection Engineer - SOCLabs_Blue Team Cybersecurity & SIEM Detection Training
  • Hall of Fame
• • zh/5 pages
  • DetectionHub - 多场景安全检测挑战库 | Windows/Linux/AWS威胁检测与规则编写训练
  • Threat Detection Engineer - SOCLabs_Blue Team Cybersecurity & SIEM Detection Training
  • Threat Detection Engineer - SOCLabs_Blue Team Cybersecurity & SIEM Detection Training
  • Threat Detection Engineer - SOCLabs_Blue Team Cybersecurity & SIEM Detection Training
  • 排行榜
• • en/detections/100 pages
  • Attempting to Disable AppArmor Service
  • Attempting to Disable the Syslog Service
  • Reverse Shell Connection Detection
  • Linux Cron Operations
  • Potential Linux credential file access
  • Potential Linux Backdoor User Account Creation
  • Data Transfer Size Limits
  • AWK System Function for Executing Shell Commands
  • Find Command Shell Code Execution Exploitation
  • Using DD to Overwrite Files in Linux
  • Using chattr to Remove Immutable File Attributes
  • Creating Hidden Files in Linux
  • Linux Find Command Special Permission File Reconnaissance
  • SSH Port Forwarding
  • Clearing Linux iptables Firewall Rules
  • Linux sudo Root Privilege Bypass Vulnerability Detection
  • Linux Shell History Clearing Detection
  • Linux Password Policy File Reconnaissance
  • Linux File Timestamp Modification
  • Python Command Execution Call Chain
  • AWS Delete DNS query logs
  • AWS EC2 Windows Instance Password Data Retrieval
  • EC2 Credential Exfiltration – EC2 Account Credentials Used by Another AWS Account
  • Retrieving a High Number of AWS Secrets Manager Secrets
  • Retrieve And Decrypt SSM Parameters
  • AWS Deletes a trail
  • Disabling Management Event Logging via Event Selector
  • CloudTrail Logs Impairment Through S3 Lifecycle Rule
  • Stop CloudTrail Trail
  • AWS Remove VPC Flow Logs
  • Download EC2 Instance User Data
  • Enumerate SES Information Activities
  • Bulk Remote Sessions Across Multiple Instances via SSM StartSession
  • AWS Security Group Public Exposure of SSH Port 22
  • Data Theft via Shared AMI
  • Data Theft via Shared S3 Buckets
  • AWS IAM User Logged into Console Without MFA
  • Detecting Suspicious ipconfig Execution
  • Identifying Renamed PSExec Lateral Movement Behavior
  • LOLBas - Bitsadmin Abuse for Command Execution
  • LOLBas - Command Execution via Atbroker
  • Detecting FileFix Social Engineering Attacks
  • Windows Account Brute-Force Attack Attempts
  • LOLBas-Forfiles Tool Abuse for Arbitrary Command Execution
  • LOLBas - Command Execution via ftp.exe
  • Successful Credential Acquisition via Password Spraying Attacks
  • PowerShell Execution of Base64-Encoded Commands and Parameter Variants
  • Browser Credential Theft
  • Add Hidden Attribute to Files
  • Persistence via the Windows Registry
  • Credential Dumping via the Registry
  • Double Extension Spoofing
  • LSA protection mechanism disable detection
  • Process Injection - DLL Dynamic Link Library
• • zh/detections/100 pages
  • 尝试禁用 AppArmor服务
  • 尝试停止 Syslog 服务
  • 反弹shell连接行为检测
  • 可能的访问 Linux 凭证文件操作
  • 潜在的 Linux 后门用户帐户创建
  • 针对大文件进行切分操作行为
  • AWK System函数执行Shell命令
  • Find命令执行Shell代码利用
  • Linux 使用 DD 覆盖文件
  • 利用chattr 删除不可变文件属性
  • Linux 创建隐藏文件
  • Linux Find命令特殊权限文件侦察
  • SSH 端口转发
  • Linux iptables防火墙规则清空
  • Linux sudo root权限绕过漏洞检测
  • Linux Shell历史记录清除检测
  • Linux密码策略文件侦查行为
  • Linux文件时间属性修改
  • Python命令执行调用链
  • AWS 删除DNS查询日志
  • AWS EC2 Windows实例密码数据检索
  • EC2凭据泄露-EC2账户凭据被另外AWS账户使用
  • 检索大量 AWS Secrets Manager 机密
  • 检索并解密SSM参数
  • AWS CloudTrail 删除操作日志
  • 通过事件选择器关闭管理事件日志记录
  • 利用S3生命周期规则清除 CloudTrail 日志
  • 停止 CloudTrail 日志记录
  • 删除 VPC Flow 日志
  • 下载 EC2 实例用户数据
  • 枚举SES信息行为
  • 多实例SSM StartSession批量远程会话操作
  • AWS安全组对公网开放SSH 22端口
  • 通过共享AMI窃取数据
  • 通过共享S3存储桶窃取数据
  • AWS IAM 用户未使用 MFA 登录控制台
  • 检测可疑的 ipconfig 执行
  • 识别重命名的PSExec横向移动行为
  • LOLBas-Bitsadmin滥用进行命令执行
  • LOLBas-Atbroker 进行命令执行
  • 检测 FileFix 社会工程学攻击
  • Windows 账户暴力破解尝试
  • LOLBas-Forfiles 工具滥用进行任意命令执行
  • LOLBas-利用ftp.exe进行命令执行
  • 密码喷洒攻击成功获取有效凭据
  • PowerShell执行Base64编码命令及参数变体
  • 浏览器凭证窃取
  • 添加文件隐藏属性
  • 利用注册表进行持久化权限维持
  • 通过注册表进行关键凭据转储
  • 双重扩展名欺骗
  • LSA保护机制禁用检测
  • 进程注入-DLL 动态链接库