The Lab

Watch the SOaC Distributed Intelligence Architecture in action. Run simulations, explore scenario packages, and deploy them in your own environment.

Intelligence Flow

The BodyTelemetryIdleThe BrainReasoningIdleThe PurposeLogicIdleNervous SystemEnforcementIdle
The Body
The Brain
The Purpose
The Nervous System
soac-lab-terminal — simulation

SOaC Lab Terminal v1.0

Click "Run Simulation" to begin the demonstration

lab_safety_policy: SIMULATE mode | No production systems affected

Scenario Gallery

Each scenario maps to an open-source SOaC package. Clone the artifacts, run them in your lab, or discuss with the community.

Identity-led Intrusion Defense

T1557.001T1078.004T1539

Detect and contain AitM phishing, session hijacking, and identity-based attacks across Okta, Entra ID, and Azure AD.

CISODetection EngSOC / IR
packages/001_identity_intrusion_defense
DeployDiscuss

Ransomware Containment & Response

T1486T1059T1068T1490

Automated host isolation, process killing, forensic snapshot capture, and SOC notification for ransomware events.

SOC / IRDetection EngPlatform / Cloud
packages/002_ransomware_containment
DeployDiscuss

Supply Chain & npm Compromise

T1195.002T1059.007T1027

Detect and respond to malicious npm packages, dependency confusion, and software supply chain attacks like Shai-Hulud.

Detection EngPlatform / Cloud
packages/003_supply_chain_defense
DeployDiscuss

BYOVD & Kernel Exploit Defense

T1068T1014T1547.006

Detect Bring Your Own Vulnerable Driver attacks and kernel-level exploitation used by advanced ransomware operators.

Detection EngSOC / IRPlatform / Cloud
packages/004_byovd_defense
DeployDiscuss

SEO Poisoning & Gootloader Defense

T1189T1059.007T1071.001

Detect and contain SEO poisoning campaigns and Gootloader malware delivery via compromised websites.

Detection EngSOC / IR
packages/005_seo_poisoning_defense
DeployDiscuss