Labs & Scenario Challenges

Hands-on investigation challenges

Each month we release a new scenario challenge — a sample dataset, an investigation brief, and one week to work through it. Solutions are published with full KQL walkthroughs, investigation timelines, and analyst notes.

How it works

1. Download the dataset — realistic log data from a simulated M365 environment
2. Read the brief — what happened, what you know, what you need to find
3. Investigate — use KQL, Sentinel, and Defender XDR to trace the attack chain
4. Compare — solution published one week later with full walkthrough

Coming soon

Labs launch alongside the first paid modules. Subscribe to get notified when the first challenge drops.

Subscribe for launch notification →