Defensive Discovery Lab

GreyZone Terminal

A browser-based defensive reconnaissance lab. Twenty-one ordered exercises cover WHOIS, DNS, ICMP, route discovery, web surface review, and privilege boundary testing. Inline knowledge checks verify comprehension; simulated SIEM alerts reinforce what monitoring sees.

Certificate of completion. Complete every exercise to generate a signed PDF credential with your name, final score, and a unique verification ID.

Launch Terminal 21 exercises · 210 base points · 4 SOC alerts · inline quizzes

Exercise sequence

The lab progresses from low-risk discovery into web surface review, host context, and alert-awareness drills. Each command is followed by a brief knowledge check that awards bonus points for a correct answer.

Domain ownershipWHOIS registrant and registrar review

Domain resolutionnslookup with netblock cross-check

DNS inspectiondig output, status, flags, and TTL

Reachabilityping for RTT, jitter, and hop count

Network pathtraceroute hop-by-hop analysis

Web surfacecurl review for information disclosure

HTTP header auditcurl -I against OWASP baseline

robots.txt reviewdisallowed paths and crawler directives

Local filesystemls in the working directory

Working directorypwd and path validation

Pause checkpointfortune for a brief reset

User identitywhoami for privilege context

System timedate for log-correlation accuracy

Methodology reviewhelp to check the runbook

Privilege boundarysudo → SOC alert (T1548)

Reconnaissance scannmap → SOC alert (T1046)

Remote accessssh → SOC alert (T1021.004)

Legacy protocoltelnet → SOC alert (T1021)

Reflectionfortune for an operational reminder

Milestone closeecho to mark completion

Final reviewhelp and certificate unlock

Credential on completion

After all 21 exercises, the terminal prompts for your name and generates a signed, downloadable PDF certificate stamped with the GreyNOC holographic seal.

Recipient name and date of completion
Final score, including knowledge-check bonuses
Summary of SOC alerts observed during the run
Unique verification ID and tamper-evident seal

Interactive terminal

Type the command shown for each exercise, then answer the inline knowledge check. Use ↑ ↓ for command history, Tab for completion, and clear to wipe the screen.

Score 0

Bonus +0

Alerts 0

Step 1/21

trainee@greynoc-lab:~$

↑↓ history · Tab complete · Enter run