Cyber RangeATCCrowdStrikeCybersecurity Risk & StrategySecurity
Learning path

Mastering Threat Detection and Incident Response

Skill Level
Intermediate
Duration 13 hours 50 minutes
Updated Jun 2, 2025

About this learning path

It was a quiet Friday night when the alerts hit—rogue Kerberos tickets spiking from a Pass-the-Hash attack. With 14 years in the SOC trenches, I, Shoaib Mohammed Shahapuri, saw my Tier 1 analyst, Morgan, catch the first anomaly, but it was Riley, our red teamer, who nearly owned the domain—stopped just in time. That close call inspired this Intermediate Threat Detection & Incident Response Learning Path—a 13-hour journey designed to elevate your career from Tier 1 to Tier 2/3. You'll master early-stage detection with Falcon XDR and Security Onion to catch initial access like hash captures; escalate alerts with Morgan and Alex using SOAR; track APT29-style campaigns with Alex and Taylor through Falcon Intelligence; defend Active Directory from Kerberoasting with Falcon ITDR; and fine-tune noisy detections from fileless malware using XDR and network-based tools. Each hands-on lab simulates Riley's full attack chain—credential theft, privilege escalation, lateral movement—so you can build the skills that lead to promotions and high-paying roles. Ready to outsmart Riley and level up your SOC career? Let's dive in.

Your instructors

Shoaib Mohammed ShahapuriWorld Wide TechnologyPrincipal Solutions Arch, Tech
Kendall AhernWorld Wide TechnologyIntern-IN7003

Prerequisites

  1. ✅ We recommend completing our Foundation Learning Path on Threat Detection and Incident Response Essentials for a strong starting point
  2. ✅ General awareness of MITRE ATT&CK, including basic attack tactics and techniques
  3. ✅ Basic knowledge of working with Windows and Linux systems, including simple navigation

What you'll learn

  1. 🧨 Simulate real-world attacks using tools like Responder, Mimikatz, and obfuscated PowerShell to understand adversary behavior from the inside out
  2. 🧠 Detect and investigate threats using Falcon XDR and Security Onion by correlating behavioral, identity, and network telemetry
  3. ⚙️ Respond and contain incidents with Falcon SOAR through host isolation, credential resets, and automated playbooks
  4. 📉 Fine-tune detection rules and document incidents to reduce false positives and improve SOC response effectiveness

Technologies

ATC+
  1. 1. 🧠 Advanced Threat Detection with XDR and SOC Triage
    1. Enroll in this learning path to view locked contentDetecting Early Stage Threats with XDR and SOC Triage
      Video
      Locked
    2. Enroll in this learning path to view locked contentInvestigating Early-Stage Endpoint Threats with XDR
      Article
      Locked
    3. Enroll in this learning path to view locked contentInvestigating Malicious PowerShell Execution with CrowdStrike Falcon
      Lab
      Locked
  2. 2. 🤝 SOC Escalation and Automated Response
    1. Enroll in this learning path to view locked contentEscalating Threats and Automating Response with SOAR
      Video
      Locked
    2. Enroll in this learning path to view locked contentAutomating Incident Response with SOAR – From Alert to Action
      Article
      Locked
    3. Enroll in this learning path to view locked contentBuilding an Effective SOC Escalation and Automated Response Playbook
      Lab
      Locked
  3. 3. 🕵️ Tracking the Adversary with Threat Intel
    1. Enroll in this learning path to view locked contentUsing Threat Intelligence to Uncover Advanced Threats
      Video
      Locked
    2. Enroll in this learning path to view locked contentThreat Intel in Action
      Article
      Locked
    3. Enroll in this learning path to view locked contentTracking the Adversary with Threat Intel
      Lab
      Locked
  4. 4. 🧬 Exposing Identity Attacks with ITDR
    1. Enroll in this learning path to view locked contentIntroduction to Identity Threats in SOC
      Video
      Locked
    2. Enroll in this learning path to view locked contentExposing the Identity Threats Lurking in Active Directory
      Article
      Locked
    3. Enroll in this learning path to view locked contentDetecting Identity Attacks with CrowdStrike ITDR
      Lab
      Locked
  5. 5. 🔧 Silencing the Noise through Detection Tuning
    1. Enroll in this learning path to view locked contentFine-Tuning Detection and Response in the SOC
      Video
      Locked
    2. Enroll in this learning path to view locked contentTuning Out the Noise: Mastering Detection and Response Efficiency
      Article
      Locked
    3. Enroll in this learning path to view locked contentSilencing the Noise Through Detection Tuning
      Lab
      Locked
  6. 6. Conclusion
    1. Enroll in this learning path to view locked contentThreat Mastery Quiz
      Quiz
      Locked
    2. Enroll in this learning path to view locked contentLearning Path Complete
      Achievement Badge
      Locked