Course Overview
This course aims to equip students with all of the fundamental security operations knowledge and practical skills needed in order to achieve and excel in a T1 or T2 SOC Analyst position. By covering topics such as phishing analysis, incident response procedures, threat detection techniques, log analysis, SIEM management, and security tool utilization, students will gain the essential competencies required to effectively monitor, analyze, and respond to security incidents within a SOC environment.
Students will be able to actively engage with the course material through bite-sized video demonstrations, written materials and references, quizzes to assess comprehension, and practical exercises that simulate real-world scenarios.
By the end of the course, participants will be proficient in using various common security tools, analyzing security events and artifacts, handling alert tickets, triaging, and responding effectively to incidents within a SOC. Additionally, the course aims to foster critical thinking skills and encourage both proactive and reactive methodologies, which are pivotal for skilled analysts.
Key Topics Covered:
- Security Operations Fundamentals
- Phishing Analysis
- Network Security Monitoring
- Network Traffic Analysis
- Endpoint Security Monitoring
- Endpoint Detection and Response
- Log Analysis and Management
- Security Information and Event Management (SIEM)
- Threat Intelligence
- Digital Forensics
- Incident Response
System Requirements
To get the most out of this course and follow along with the labs, there will be times where two virtual machines (VMs) need to be run simultaneously. If resources are limited, you can run one VM at a time and follow along with the course. Below are the recommended (ideal) specifications. Feel free to adjust based on your own system's limitations, but these specs will ensure a smoother experience with the course labs.
Processor: 64-bit Intel i5 or i7, 2.0 GHz or higher.
RAM: At least 8 GB (ideally 8-12+ GB) to efficiently run multiple VMs.
Disk Space: 80-100 GB of free storage. SSDs are recommended for better performance.
Prerequisites
Networking Fundamentals:
- Basic understanding of TCP/IP and OSI models.
- Knowledge of network concepts such as subnets, internal vs. external IP addresses, network address translation, and routing.
- Familiarity with common protocols (e.g., SSH, FTP, HTTP, HTTPS).
The foundations and network sections of the course will provide a refresher on these concepts and more, but it would be ideal to have these foundations coming into the course.
Operating System Fundamentals:
- Basic familiarity with Windows and Linux components.
- Working with the command-line and knowledge of basic commands and navigation (e.g., cd, ls, cat).
- Troubleshooting skills
Basic Information Security Concepts:
- Understanding of foundational security concepts such as the CIA triad, security controls, encryption, and hashing.
- Basic security appliances and controls (e.g., firewalls, proxies, VPNs, EDR)
The foundations section of the course will provide a comprehensive information security refresher.
SOC 101 Course Objectives
- Understand the foundational principles and practices of security operations.
- Learn techniques for analyzing and identifying phishing attacks.
- Develop skills in monitoring network traffic for security threats and anomalies.
- Develop skills in monitoring and analyzing security events on individual hosts.
- Learn how to effectively use a SIEM for security event correlation, analysis, and incident management.
- Learn how to leverage threat intelligence to enhance security operations and incident response.
- Develop an understanding of digital forensics processes, common tools, and methodologies.
- Understand the procedures, and best practices for incident response in a SOC environment.
Who Should Take SOC 101?
This course will be aimed at individuals who are looking to pursue a career in cybersecurity (beginners with basic or little cybersecurity knowledge or experience), specifically focusing on defensive security operations within a Security Operations Center (SOC) environment.
This course aims to be extremely marketable, offering an all-encompassing curriculum and digestible content to help students secure and thrive in their first security role or advance to a T2 analyst position. The practical exercises included within the course provide students with tangible skills and experience to discuss during interviews, even if they have no direct experience in a professional SOC role.
Security Operations (SOC) 101 Curriculum - 30+ Hours
- The SOC and Its Role (18:40)
- Day in the Life of a SOC Analyst (9:44)
- Information Security Refresher (22:52)
- SOC Models, Roles, and Organizational Structures (11:27)
- Incident and Event Management (7:26)
- SOC Metrics (5:59)
- SOC Tools (16:12)
- Common Threats and Attacks (16:59)
- ✏️ Quiz - Security Operations Fundamentals
- Introduction to Phishing (14:04)
- Email Fundamentals (12:33)
- Phishing Analysis Configuration (6:04)
- Phishing Attack Types (16:19)
- Phishing Attack Techniques (14:58)
- Email Analysis Methodology (5:41)
- Email Header and Sender Analysis (21:24)
- Email Authentication Methods (17:25)
- Email Content Analysis (12:49)
- The Anatomy of a URL (8:28)
- Email URL Analysis (21:51)
- Email Attachment Analysis (14:40)
- Dynamic Attachment Analysis and Sandboxing (21:17)
- Static MalDoc Analysis (6:53)
- Static PDF Analysis (10:46)
- Automated Email Analysis with PhishTool (6:11)
- Reactive Phishing Defense (27:25)
- Proactive Phishing Defense (13:18)
- Documentation and Reporting (11:51)
- 🧪 Phishing Analysis Challenge 1
- 🧪 Phishing Analysis Challenge 2
- 🧪 Phishing Analysis Challenge 3
- Additional Practice (3:55)
- ✏️ Quiz - Phishing Analysis
- Introduction to Network Security (4:06)
- Network Security Theory (29:57)
- Packet Capture and Flow Analysis (11:50)
- Introduction to tcpdump (15:33)
- tcpdump: Capturing Network Traffic (14:17)
- tcpdump: Analyzing Network Traffic (13:45)
- tcpdump: Analyzing Network Traffic (Sample 2) (14:47)
- 🧪 tcpdump Challenge 1
- Introduction to Wireshark (15:51)
- Wireshark: Capture and Display Filters (11:59)
- Wireshark: Statistics (11:57)
- Wireshark: Analyzing Network Traffic (19:27)
- 🧪 Wireshark Challenge 1
- Intrusion Detection and Prevention Systems (7:41)
- Introduction to Snort (17:37)
- Snort: Reading and Writing Rules (24:44)
- Snort: Intrusion Detection and Prevention (20:54)
- 🧪 Snort Challenge 1
- Additional Practice (3:12)
- ✏️ Quiz - Network Security
- Introduction to Endpoint Security (3:07)
- Endpoint Security Controls (13:14)
- Creating Our Malware (13:42)
- Windows Network Analysis (24:11)
- Windows Process Analysis (28:54)
- Windows Core Processes (Part 1) (14:52)
- Windows Core Processes (Part 2) (17:15)
- The Windows Registry (13:51)
- Windows Autoruns (Part 1) (13:09)
- Windows Autoruns (Part 2) (16:03)
- Windows Service Analysis (13:49)
- Windows Scheduled Tasks (11:08)
- 🧪 Windows Endpoint Analysis Challenge 1
- Windows Event Logs (25:20)
- 🧪 Windows Events Challenge 1
- Introduction to Sysmon (10:22)
- Sysmon Events (29:16)
- Linux Network Analysis (16:49)
- Linux Process Analysis (25:37)
- Linux Cron Jobs (12:56)
- 🧪 Linux Endpoint Analysis Challenge 1
- Introduction to LimaCharlie (6:53)
- LimaCharlie: Endpoint Detection and Response (20:21)
- LimaCharlie: Deploying Endpoint Agents (17:04)
- ✏️ Quiz - Endpoint Security
- Introduction to SIEM and Log Management (7:06)
- SIEM Architecture (22:26)
- SIEM Deployment Models (9:56)
- Log Types (11:12)
- Log Formats (5:13)
- Common Attack Signatures: User Behavior (9:30)
- Common Attack Signatures: SQL Injection (6:32)
- Common Attack Signatures: Cross-Site Scripting (3:08)
- Common Attack Signatures: Command Injection (4:27)
- Common Attack Signatures: Path Traversal and Local File Inclusion (4:01)
- Command Line Log Analysis (24:45)
- Pattern Matching (8:31)
- Structured Log Analysis (7:57)
- 🧪 Log Analysis Challenge 1
- Introduction to Splunk (9:13)
- Splunk: Initial Walkthrough (7:36)
- Splunk: Importing and Exploring Events (24:03)
- Splunk: Search Processing Language (SPL) (19:20)
- Splunk: Search Commands (16:15)
- Splunk: Reports and Alerts (10:16)
- Splunk: Creating Dashboards (13:33)
- 🧪 [Live] Splunk: Website Defacement Investigation (61:04)
- 🧪 Splunk: Ransomware Challenge
- Splunk: Deploying a Forwarder and Generating Real-Time Alerts (15:01)
- Section Cleanup
- ✏️ Quiz - SIEM
- Introduction to Threat Intelligence (5:10)
- Types of Threat Intelligence (8:14)
- The Threat Intelligence Cycle (11:02)
- The Diamond Model of Intrusion Analysis (16:05)
- The Cyber Kill Chain (16:09)
- The Pyramid of Pain (18:14)
- MITRE ATT&CK (25:05)
- 🧪 MITRE ATT&CK Challenge 1
- Introduction to YARA (12:48)
- YARA: Reading and Writing Rules (Part 1) (19:37)
- YARA: Reading and Writing Rules (Part 2) (14:37)
- 🧪 YARA Challenge 1
- Introduction to MISP (Malware Information Sharing Platform) (19:44)
- MISP: Event Management (18:59)
- MISP: Ingesting Threat Intelligence Feeds (14:48)
- ✏️ Quiz - Threat Intelligence
- Introduction to Digital Forensics (7:11)
- The Digital Forensics Investigation Process (20:22)
- Order of Volatility (19:11)
- Chain of Custody (9:40)
- Introduction to FTK Imager (20:04)
- FTK Imager: Forensic Image Acquisition (14:26)
- FTK Imager: Memory Acquisition (12:41)
- Common Windows Forensic Artifacts (18:50)
- Windows Forensic Artifacts: User and System (19:37)
- Windows Forensic Artifacts: Files (16:12)
- Windows Forensic Artifacts: Program Execution (13:28)
- LNK Files, Prefetch Files, and Jump Lists (25:56)
- Windows Forensic Artifact Triage (23:18)
- ✏️ Quiz - Digital Forensics
About the Instructor: Andrew Prince
Andrew is a seasoned and passionate security professional who brings a wealth of experience in areas such as security operations, incident response, threat hunting, vulnerability management, and cloud infrastructure security.
With a professional background in development and system administration, Andrew offers a well-rounded perspective on his security strategy. Andrew also navigates both offensive and defensive operations to provide a holistic approach to keeping people, processes, and technology secure. He is also active in developing various Capture the Flag challenges, creating security training, and sharing knowledge through content creation.
Social Media Links:
https://www.linkedin.com/in/andrewjoeprince/
This course is included in our All-Access Membership starting at $29.99/month
Get full access to the Security Operations (SOC) 101 course and our full course catalog when you enroll in our All-Access Pass Membership.
Courses Included with the All-Access Membership
Frequently Asked Questions
Can I get a refund if I'm unhappy with my purchase?
Yes. All purchases come with a 3-day money-back guarantee.
Will I receive a certificate of completion when I finish a course?
Yes. All courses come with a certificate of completion.
Do the courses count as Continuing Education Units (CEUs)?
Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.
What is the All-Access Pass?
As of July 1st, 2023 TCM Academy transitioned to a monthly subscription model, where you now receive full access to all of the courses on our platform for as long as your subscription remains active.
What if you already own courses on TCM Academy?
If you already own a course on our platform, you will continue to own that course forever. Previously owned courses will not be affected by this change.