It was a quiet Friday night when the alerts hit—rogue Kerberos tickets spiking from a Pass-the-Hash attack. With 14 years in the SOC trenches, I, Shoaib Mohammed Shahapuri, saw my Tier 1 analyst, Morgan, catch the first anomaly, but it was Riley, our red teamer, who nearly owned the domain—stopped just in time. That close call inspired this Intermediate Threat Detection & Incident Response Learning Path—a 13-hour journey designed to elevate your career from Tier 1 to Tier 2/3. You'll master early-stage detection with Falcon XDR and Security Onion to catch initial access like hash captures; escalate alerts with Morgan and Alex using SOAR; track APT29-style campaigns with Alex and Taylor through Falcon Intelligence; defend Active Directory from Kerberoasting with Falcon ITDR; and fine-tune noisy detections from fileless malware using XDR and network-based tools. Each hands-on lab simulates Riley's full attack chain—credential theft, privilege escalation, lateral movement—so you can build the skills that lead to promotions and high-paying roles. Ready to outsmart Riley and level up your SOC career? Let's dive in.