Overview
Wazuh - OS Credential Dumping Analysis is an endpoint detection lab focused on suspicious access to sensitive Linux account data.
The scenario is about credential access from a SOC perspective. The analyst needs to understand which file was touched, which account or process was involved, whether the access matches normal administration, and how the event fits into the broader timeline.
This lab is useful for practicing Linux endpoint triage, sensitive file monitoring, and investigation of credential access behavior.
Related Labs
Related trainings
