Autoplay
Autocomplete
Dark Mode
Speed
Previous Lesson
Complete and Continue
Security Operations (SOC) 201
Course Introduction
Course Introduction (5:13)
About the Instructor (2:30)
The Modern Adversary (10:17)
The SOC 201 Methodology (4:23)
Course Support (3:05)
✏️ Quiz - Course Introduction
Lab Setup
Lab Setup (3:31)
Installing a Hypervisor (7:26)
Installing Ubuntu (13:20)
Configuring Ubuntu (8:17)
Installing Windows (11:15)
Configuring Windows (7:52)
Installing Splunk (16:16)
Configuring the Lab Network (10:10)
Introduction to Incident Response
Introduction to Incident Response (5:59)
The Incident Response Process (14:04)
Incident Response: Preparation (14:44)
Incident Response: Identification (5:39)
Incident Response: Containment (10:45)
Incident Response: Eradication (6:05)
Incident Response: Recovery (7:43)
Incident Response: Lessons Learned (5:15)
The OODA Loop (18:32)
Incident Response vs. Threat Hunting (11:39)
✏️ Quiz - Introduction to Incident Response
Introduction to Threat Hunting
Introduction to Threat Hunting (8:58)
The Argument for Threat Hunting (13:14)
Threat Hunting Teams (16:55)
Threat Hunting Data Sources (19:30)
The Hunting Maturity Model (HMM) (20:00)
Cyber Threat Intelligence (6:22)
The Cyber Kill Chain (16:52)
The MITRE ATT&CK Framework (15:05)
Exploring MITRE ATT&CK (12:37)
Structured Threat Hunting (16:01)
Unstructured Threat Hunting (9:21)
MITRE ATT&CK Navigator (21:48)
MITRE ATT&CK Navigator: Gap Analysis and Threat Hunting (19:02)
Data Transformation
Data Transformation (5:36)
Data Transformation: Searching (14:16)
Searching in the Command-Line (19:19)
Searching in PowerShell (27:29)
Searching in Splunk (21:54)
Data Transformation: Aggregations (9:24)
Aggregations in the Command-Line (25:36)
Aggregations in PowerShell (10:24)
Aggregations in Splunk (34:43)
Data Transformation: Statistics (9:38)
Statistics in the Command-Line (22:04)
Statistics in PowerShell (13:24)
Statistics in Splunk (15:23)
Data Transformation: Visualizations (5:00)
Visualizations in Splunk (25:31)
✏️ Quiz - Introduction to Threat Hunting
Understanding Anomalies
Understanding Anomalies (20:33)
Categorizing Anomalies (1:11)
Masquerading (10:39)
Ambiguous Identifiers (11:13)
Frequency & Volume Anomalies (16:14)
Temporal Anomalies (14:53)
Location & Environment Anomalies (14:25)
Structure & Format Anomalies (16:16)
Obfuscated PowerShell Analysis (6:34)
Entropy Analysis (4:56)
Alternate Data Stream (ADS) Analysis (19:26)
Absence & Suppression Anomalies (7:57)
✏️ Quiz - Understanding Anomalies
Dissecting Threat Reports
Dissecting Threat Reports (18:54)
Breaking Down Attack Steps (5:05)
Mapping Steps to Artifacts (4:40)
Mapping Artifacts to Evidence Sources (7:51)
Visualizing with MITRE ATT&CK Navigator (4:34)
Intrusion Analysis Resources (5:56)
Threat Hunting Lab
Tracing an Attack Chain (27:04)
Hunting Execution Artifacts (9:46)
Hunting PowerShell Execution (36:09)
Hunting Cmd Execution (20:20)
Hunting Process Trees (9:26)
Hunting Persistence Artifacts (7:33)
Hunting Persistence: Registry Run Keys (17:20)
Hunting Persistence: Lookup Tables (27:30)
Hunting Defense Evasion Artifacts (16:39)
Hunting Command and Control (C2) Artifacts (7:40)
Hunting C2: Ingress Tool Transfer (LOLBAS) (7:35)
Hunting C2: Ingress Tool Transfer (File System Events) (12:57)
Hunting C2: Ingress Tool Transfer (Network Connection Events) (4:21)
Hunting Lateral Movement Artifacts (8:27)
Hunting Lateral Movement: PsExec (Service Creation) (9:38)
Hunting Lateral Movement: PsExec (Reversing Regex) (14:25)
Hunting Lateral Movement: PsExec (Named Pipes) (4:12)
Module Recap (5:46)
Collection at Scale
Introduction to Collection (3:24)
Introduction to WMI (11:11)
Collection with WMIC (18:56)
WMIC Collection and Filter Examples (5:51)
Remote Collection with WMIC (5:38)
Scripting WMI Collection (10:31)
WMI Automated Collection Frameworks (6:57)
PowerShell 101
Introduction to PowerShell (4:58)
PowerShell 101 (1:55)
PowerShell 101: Cmdlets (6:09)
PowerShell 101: Aliases (6:45)
PowerShell 101: Objects and the Pipeline (9:08)
PowerShell 101: Selecting, Sorting, and Formatting (17:35)
PowerShell 101: Providers (14:56)
PowerShell 101: Variables and Data Types (19:49)
PowerShell 101: Control Flow (22:35)
Working with WMI and CIM (8:46)
✏️ Quiz - PowerShell 101
PowerShell for Incident Response
Live Incident Response Using PowerShell (22:15)
PowerShell Incident Response Cheat Sheet
PowerShell Remoting (7:27)
PS Remoting: One-to-One Remoting (11:32)
PS Remoting: One-to-Many Remoting (16:56)
PS Remoting: Script Execution at Scale (6:38)
PowerShell Authentication (9:39)
Malicious PowerShell Usage (9:26)
Introduction to the Kansa IR Framework (10:38)
Kansa: Modules (17:54)
Kansa: Remote Collection (Part 1) (13:21)
Kansa: Remote Collection (Part 2) (13:48)
Kansa: Collection Analysis (26:15)
Collection and Analysis Challenge (8:14)
Collection Analysis Challenge Walkthrough (106:41)
Conclusion
Course Wrap Up (3:59)
Introduction to WMI
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock