Day 6: First hands-on lab
Reading stops here — today you practice. You will work through a beginner-friendly lab, document every command, and produce evidence the way practitioners do during assessments and SOC exercises.
Today's outcome: You complete a guided lab, capture commands and screenshots, and write a short findings summary.
Week progress
Day 6 of 7
- 1
Security mindset & threat basics
- 2
Networking for security
- 3
Linux command line
- 4
Web security introduction
- 5
SOC & log awareness
- 6
First hands-on lab
You are here
- 7
Pick your career direction
Goals
Learning objectives
By the end of today you should be able to:
- Start and complete a guided security lab on the platform
- Record commands, observations, and timestamps in your notebook
- Capture screenshots or log snippets as evidence
- Write a 5-sentence summary: what happened, what you found, what you would recommend
Schedule
Suggested schedule
Adjust timing to your pace — aim for one focused block per day.
- Setup~10 min
Read lab objectives and scenario; open your notes template.
- Lab~50 min
Complete the suspicious SSH login investigation lab step by step.
- Evidence~15 min
Export screenshots and annotate key log lines.
- Report~15 min
Draft a mini incident note: timeline, impact, next steps.
Learn
Mapped learning resources
These links connect this day to tutorials, labs, roadmaps, and reference material on PentesterWorld.
First cybersecurity lab
Investigate suspicious SSH login attempts — beginner-friendly blue-team exercise.
Open resourceHTTP security headers lab
Alternative starter lab if you prefer web security hands-on practice.
Open resourceSOC analyst foundation
Review triage concepts before or after the lab.
Open resourceIncident notes template
Structure your lab write-up like a real SOC ticket.
Open resourceConcepts
Key terms for today
Notebook
Reflection prompts
Copy these into your learning notebook — answers become portfolio material later.
- What was the initial alert or trigger in the lab scenario?
- Which command or log line proved the suspicious activity?
- What would I escalate to a senior analyst?