This will be the changelog for any additions or edits to the course, it will be displayed newest update first.

December 30th 2024

• Splunk support added

  • Added instructions on manual lab creation with Splunk

  • Added Splunk version of Ludus deploy

  • All lessons now available with Splunk queries

• Added note to "DPAPI at the Host and Network Layer" section, recent Chrome/Edge browser changes have rendered some of the executions in this section non functional.

December 25th 2024

• Updated Azure Session Hijack via HAR file section with instructions on enabling HAR file generation with sensitive data

December 8th 2024

• New BadZure module with Python installation

December 2nd 2024

• Updated Ludus range configuration to account for Ludus API Changes

• Made the Sumo Logic token a variable within range.yml for the Ludus range

• Special thank you to dotKnewt for the above changes!

July 10th 2024

• Ludus build of the lab available

July 6th 2024

• Added an updated Kubernetes Monitoring section with new instructions

  • Legacy Kubernetes Monitoring instructions left up for reference

• Added troubleshooting steps to Malcolm appliance provisioning

• Updated Linux queries to be collector name agonistic

  • There is currently a bug in Podia that is preventing me from updating the queries in the Credential Access on Linux Hosts - Through a C2 Framework section

  • If your queries are not working for this section, ensure they start with sourceCategory="linuxlaurel"

• Added some verbiage to sections for Ludus-specific lab deploys in preparation for the Ludus deployment of the Constructing Defense lab

May 24th 2024

[New Lesson]: Purple Teaming Memory Forensics With MemProcFS

April 14th 2024

[New Lesson]: DPAPI at the Host and Network Layer

[New Lesson]: Azure/Entra Session Hijack via HAR file

March 15th 2024

[New Lesson]: Web Sockets & .NET Assemblies

March 14th 2024

• Added section for the new Malcom version (v24.03.0)

  • If you are starting the course fresh, make sure to use this section and not the old Malcolm version.

February 25th 2024

• [New Lesson]: Kubernetes Threat Detection - Poisoned Pod

• [New Lesson]: Kerberos Attacks & Defenses - Pass the Ticket

• [New Lesson]: Kerberos Attacks & Defenses - Golden Ticket

February 4th 2024

• [New Lesson]: Azure/Entra Session Hijacking via Browser Cookie Theft

January 20th 2024

• [New Lesson]: Endpoint Analysis with Hayabusa and LangChain

January 13th 2024

• Course is now life time access instead of 365 days

• Added option to deploy the lab via Terraform to AWS instead of hosting it on a local hypervisor

  • Please note this option currently limits packet capture capabilities, I'm currently working on a solution for this.