by M.G. Vance
CyberLex Blue Team Academy is the cinematic, scenario-based podcast that teaches real-world defensive skills for Security+, ISC2 CC, CySA+, and CCSP. Learn to analyze threats, investigate incidents, and build the defensive intuition needed for modern cybersecurity roles. Your journey to becoming a defender starts here.
Language
🇺🇲
Publishing Since
12/1/2025
Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.
January 2, 2026
<p><strong>EPISODE 10 — THE SCHEDULED TASK THAT RECREATED ITSELF</strong> </p><p>Security+ Domain 4 concepts • CySA+ threat analytics • SOC persistence detection</p><p>Persistence is the attacker’s greatest weapon. And one of the stealthiest forms of persistence is a scheduled task that… won’t stay deleted.</p><p>Defenders remove it. Minutes later, it reappears. Delete again. It returns again.</p><p>This isn’t a misconfiguration. It’s a self-healing persistence loop — designed to survive every defensive attempt.</p><p>In this cinematic scenario, you’ll see how attackers build auto-rebuilding tasks, how fileless payloads hide in memory, and how SOC analysts investigate the subtle indicators surrounding persistence mechanisms.</p><p><strong>What you’ll learn:</strong></p><p>• How attackers create scheduled tasks that auto-rebuild </p><p>• How fileless scripts persist invisibly in memory </p><p>• Why scheduled tasks are powerful detection points </p><p>• How C2 frameworks use heartbeat-style DNS traffic </p><p>• How to safely contain persistence mechanisms </p><p>• How task creation logs reveal credential misuse </p><p>• How real-world SOC teams escalate persistence findings</p><p><strong>Security Operations Skills Covered:</strong></p><p>✔ Automation & orchestration visibility </p><p>✔ Fileless execution & in-memory persistence </p><p>✔ Task scheduler abuse </p><p>✔ DNS-based command-and-control patterns </p><p>✔ Behavioral EDR/XDR investigation </p><p>✔ Incident response workflow for persistence </p><p>✔ Threat hunting signals</p><p><br>This scenario reinforces key concepts from:</p><p><strong>Security+ (SY0-701)</strong> — Automation, persistence mechanisms, task scheduler abuse, detection & response </p><p><strong>CySA+ (CS0-003)</strong> — Behavioral analytics, fileless attack patterns, DNS-based C2, credential misuse</p><p>Designed for exam learners <strong>and</strong> real SOC analysts.</p><p><strong>Ideal for:</strong></p><p>— Security+ learners </p><p>— CySA+ learners </p><p>— SOC Tier 1 analysts </p><p>— Threat hunters </p><p>— Blue team defenders </p><p>— Anyone learning how persistence works in the real world</p><p>Cinematic. Practical. Exam-relevant. This is how defenders recognize threats that refuse to disappear.</p><p>New episodes weekly.</p><p>Explore the works of <strong>M.G. Vance</strong> on Amazon — including <strong>Security+, CySA+</strong>, CISA, CISM, CRISC, and The Breach Nobody Saw Coming titles.</p><p><strong>Amazon Author Page:</strong> <a href="https://www.amazon.com/stores/author/B0FX7TZSV4/" target="_blank" rel="noopener noreferer"><u>https://www.amazon.com/stores/author/B0FX7TZSV4/</u></a></p><p><strong>CyberLex Learning — Forge the Defender.</strong><br></p>
December 26, 2025
<p><strong>EPISODE 9 — THE DNS QUERY THAT DIDN’T MATCH ANY PATTERN</strong> Security+ Domain 4 concepts • CySA+ network analytics • SOC DNS anomaly detection</p><p>DNS is one of the most misunderstood — and most exploited — protocols in cybersecurity. Attackers use it for stealthy command-and-control, tunneling, and low-and-slow exfiltration because most environments treat DNS as “just infrastructure,” not a high-signal detection source.</p><p>In this cinematic scenario, you’ll learn how a single strange DNS query becomes the clue that exposes a hidden attacker channel.</p><p><strong>What you’ll learn:</strong></p><p>• How DNS tunneling and C2 communication work </p><p>• Why random or structured-looking domains signal early compromise </p><p>• How SOC analysts correlate DNS telemetry with endpoint behavior </p><p>• How attackers use domain generation algorithms (DGAs) </p><p>• How unknown domains differ from known-malicious ones </p><p>• How to isolate endpoints beaconing through DNS </p><p>• How passive DNS and DPI support threat hunting</p><p><br></p><p><strong>Security Operations Skills Covered:</strong></p><p>✔ Network monitoring </p><p>✔ SIEM correlation </p><p>✔ DNS analysis </p><p>✔ Anomaly detection </p><p>✔ C2 discovery </p><p>✔ Incident response actions </p><p>✔ Threat hunting fundamentals</p><p>This scenario reinforces key concepts from:</p><p><strong>Security+ (SY0-701)</strong> — Network monitoring, DNS analysis, anomaly detection </p><p><strong>CySA+ (CS0-003)</strong> — DNS-based threat detection, DGA identification, C2 behavior analytics</p><p>Designed for exam learners <strong>and</strong> working defenders.</p><p><br></p><p><strong>Ideal for:</strong></p><p>— Security+ learners </p><p>— CySA+ candidates </p><p>— SOC Tier 1 analysts </p><p>— Threat hunters </p><p>— Anyone learning practical detection techniques</p><p><br></p><p>This episode blends exam clarity with real-world intuition — teaching DNS detection the way defenders actually experience it.</p><p><br></p><p>New episodes weekly.</p><p><br></p><p>Explore the works of <strong>M.G. Vance</strong> on Amazon — including <strong>Security+, CySA+</strong>, CISA, CISM, CRISC, and The Breach Nobody Saw Coming titles.</p><p><strong>Amazon Author Page:</strong> <a href="https://www.amazon.com/stores/author/B0FX7TZSV4/" target="_blank" rel="noopener noreferer"><u>https://www.amazon.com/stores/author/B0FX7TZSV4/</u></a></p><p><br></p><p><strong>CyberLex Learning — Forge the Defender.</strong></p><p><br></p>
December 19, 2025
<p><strong>EPISODE 8 — THE PROCESS THAT HID IN MEMORY</strong> Security+ Domain 4 concepts • CySA+ behavioral analytics • SOC fileless attack detection</p><p>Modern attackers don’t always drop files. Sometimes the entire attack happens in memory — invisible to antivirus, bypassing traditional scans, and relying on stealth to stay ahead of the SOC.</p><p>In this cinematic scenario, you’ll see how defenders detect fileless techniques through subtle signals: unusual PowerShell behavior, reflective loading, credential access attempts, and processes that should never run the way they’re running.</p><p><strong>What you’ll learn:</strong></p><p>• How fileless attacks operate without touching disk • Why memory-only processes are early indicators of compromise • How EDR/XDR telemetry exposes reflective loading & AMSI bypass attempts • How attackers attempt credential access through LSASS • What suspicious PowerShell behavior looks like • How to isolate, contain, and escalate memory-resident threats</p><p><strong>Security Operations Skills Covered:</strong></p><p>✔ EDR/XDR telemetry interpretation </p><p>✔ Memory analysis fundamentals </p><p>✔ Fileless malware techniques </p><p>✔ Behavioral & heuristic detection </p><p>✔ Credential theft monitoring </p><p>✔ Threat hunting signals </p><p>✔ Incident response workflow for in-memory attacks</p><p>This scenario reinforces key concepts from:</p><p><strong>Security+ (SY0-701)</strong> — EDR/XDR, behavioral detection, malware identification, IR workflows </p><p><strong>CySA+ (CS0-003)</strong> — Memory-based attacks, credential access attempts, advanced detection analytics</p><p>Designed to support both <strong>exam learners</strong> and <strong>working SOC analysts</strong>.</p><p><br><strong>Ideal for:</strong></p><p>— Security+ learners — CySA+ learners — SOC Tier 1 analysts — Blue team defenders — Incident responders — Anyone learning how modern attackers avoid traditional AV</p><p>Short. Cinematic. Practical. A real-world look into attacks designed to stay invisible.</p><p>New episodes weekly.</p><p><br>Explore the works of <strong>M.G. Vance</strong> on Amazon — including <strong>Security+</strong>, <strong>CySA+</strong>, CISA, CISM, CRISC, and The Breach Nobody Saw Coming titles.</p><p><strong>Amazon Author Page:</strong> <a href="https://www.amazon.com/stores/author/B0FX7TZSV4/" target="_blank" rel="noopener noreferer"><u>https://www.amazon.com/stores/author/B0FX7TZSV4/</u></a></p><p><strong>CyberLex Learning — Forge the Defender.</strong></p>
Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.
CyberLex Blue Team Academy is the cinematic, scenario-based podcast that teaches real-world defensive skills for Security+, ISC2 CC, CySA+, and CCSP.
Learn to analyze threats, investigate incidents, and build the defensive intuition needed for modern cybersecurity roles.
Your journey to becoming a defender starts here.
This podcast updates daily.
This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
No, this podcast does not typically feature guests.
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.