In November 2023, I started the #100DaysofLC series. I was mirroring the #100DaysofSigma and #100DaysofYARA series, intending to write a new detection daily. The true goal is to learn better and master the syntax of a particular detection language. Given my affinity for LimaCharlie, this was set out to be an “easy” journey. Of course, things are often much easier said than done.
I experienced some technical difficulties initially, mainly in the form of VPN and VM instability, making it challenging to test rules on the fly or validate what I thought should be a solid true positive. To make a long story short, it was around the same time that my home lab decided to scream out that it desperately needed some fine-tuning before I was going to do anything as drastic as simulate suspicious activity for detection rule verification.
I’ve found the longer you let tech problems exist, the worse they become. Thus, I took the Christmas “break” to retool much of my home lab. This had many inherent benefits; however, the most important for this series are apparent. It will provide a better experience for my LimaCharlie testing purposes and allow me to restart the series confidently. And explore some new detection opportunities :)
I’m happy to announce that I’ve restarted the #100DaysofLC series. I’d love to have you join me:
