It was a quiet Friday night when the alerts hit—rogue Kerberos tickets spiking from a Pass-the-Hash attack. With 14 years in the SOC trenches, I, Shoaib Mohammed Shahapuri, saw my Tier 1 analyst, Morgan, catch the first anomaly, but it was Riley, our red teamer, who nearly owned the domain—stopped just in time. That close call inspired this Intermediate Threat Detection & Incident Response Learning Path—a 13-hour journey designed to elevate your career from Tier 1 to Tier 2/3. You'll master early-stage detection with Falcon XDR and Security Onion to catch initial access like hash captures; escalate alerts with Morgan and Alex using SOAR; track APT29-style campaigns with Alex and Taylor through Falcon Intelligence; defend Active Directory from Kerberoasting with Falcon ITDR; and fine-tune noisy detections from fileless malware using XDR and network-based tools. Each hands-on lab simulates Riley's full attack chain—credential theft, privilege escalation, lateral movement—so you can build the skills that lead to promotions and high-paying roles. Ready to outsmart Riley and level up your SOC career? Let's dive in.

Learn about CrowdStrike Falcon Insight, CrowdStrike's Endpoint Detection and Response (EDR) technology. Falcon Insight ensures customers have comprehensive, real-time visibility into everything that is happening on their endpoints as well as helps you respond to and remediate threats effectively, getting you back to business quickly. In this Learning Path, you will explore the architecture on which CrowdStrike Falcon Insights runs, as well as the deployment of CrowdStrike Falcon agents and configuration of policies. You will also learn about the detection and response capabilities that are provided by CrowdStrike Falcon Insight.