← Back

The lab

A record of the hands-on labs I've worked through: forensic investigations, detection and monitoring, and network defense. It's laid out the way I'd read it on the job, newest at the top, severity on the left. Click a line to open it.

Hands-on labs

Completed lab work from my coursework and independent study. Open any entry to read the setup, what I did, and what I found. Framed as hands-on lab experience, not production tooling.

LAB FEED · SELF-DIRECTED WORK ACTIVE · UPDATED REGULARLY
SevStatus WorkStack

Try it yourself

Three short exercises set at Flexin Watches, a made-up watch company. Work an alert queue, read a packet capture, and hunt the red flags in a phishing email. No sign-up, nothing to install. Just click in.

1 · SIEM triage

You’re the Tier-1 analyst on shift. Each alert needs a call: escalate, investigate, or close. Some look scarier than they are, and one quiet one isn’t quiet at all.

FLEXIN WATCHES SOC · ALERT QUEUE TRIAGED 0 / 5

2 · Packet capture

A slice of traffic from a Flexin workstation during a suspected data theft. Read it the way you would in Wireshark: click a packet to open its detail and see what made it evidence.

flexin-workstation-capture.pcapng 6 packets shown
filter tcp.stream eq 4 || ftp-data || tcp.flags.reset == 1
No.Time SourceDestination ProtoInfo

3 · Spot the phish

This email landed in a Flexin employee’s inbox. Click every part you think is a red flag. The panel keeps score, and each flag explains itself once you find it.

Red flags found
0 / 6
click the suspicious parts
Look at the sender, the links, the tone, and anything it’s rushing you to do.
All flags found

That’s the full set. Real phishing rarely trips all of these at once, but any one of them is enough to slow down and verify before clicking.