Software development
Artificial Intelligence
Cloud
View all courses
Learn
Connect
Blog
Resource hub
Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Security
Google Cloud Platform icon
Labs

Hunting for Internal Reconnaissance

In this lab, you’ll practice detecting internal reconnaissance and network scanning on a Linux endpoint. You will begin by investigating suspicious user and system activity, including user enumeration, privilege escalation attempts, and suspicious processes. Then, you’ll extend your analysis to detect network scanning and lateral movement by examining open ports, network connections, and logs. When you’re finished, you’ll have hands-on experience identifying reconnaissance activities, detecting malicious network behavior, and reporting your findings to enhance system security.

Get started Contact sales
Google Cloud Platform icon
Lab platform
Lab Info
Rating
(13)
Level
Beginner
Last updated
Aug 04, 2025
Duration
45m

Contact sales

By clicking submit, you agree to our Privacy Policy and Terms of Use.
Table of Contents

  1. Challenge

    Getting Started in the Lab Environment

    Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!

  2. Challenge

    Investigating Suspicious User and System Activity

    To start the lab, you will explore how to detect signs of internal reconnaissance by examining suspicious user and system activity on a Linux endpoint. You will identify potential attempts to gather information about users, escalate privileges, or access sensitive files. Additionally, you will search logs for suspicious processes, login attempts, and hidden files that could indicate an attacker’s presence.

  3. Challenge

    Detecting Network Scanning and Lateral Movement

    Building on the previous challenge, you will detect signs of network scanning and lateral movement from a Linux endpoint. In this challenge, you will investigate network activity to detect scanning behavior, unauthorized connections, and attempts to explore the internal network. You will also check firewall logs, network interfaces, and temporary files for suspicious tools and connections that indicate an ongoing attack.

  4. Challenge

    The Last Challenge

    Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.

About the author
Sean Wilkins - Labs - Sean
Sean Wilkins

Sean Wilkins is an accomplished networking consultant and writer for infoDispersion (www.infodispersion.com) who has been in the IT field for over 20 years working with several large enterprises.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight

View individual plans View team plans