Scribd
Upload
3 views

SOC Analyst Bootcamp Syllabus-1

The SOC Analyst Bootcamp is a 5.5-month program designed to equip participants with essential cybersecurity skills, including identifying and responding to security threats, monitoring network traffic, and following incident handling procedures. The curriculum includes foundational courses, hands-on labs, and live sessions, covering topics such as network security, vulnerability management, and data security technologies. Prerequisites include a basic understanding of operating systems and networks, along with access to a suitable PC.

Uploaded by

john.reeis77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

SOC Analyst Bootcamp Syllabus-1

The SOC Analyst Bootcamp is a 5.5-month program designed to equip participants with essential cybersecurity skills, including identifying and responding to security threats, monitoring network traffic, and following incident handling procedures. The curriculum includes foundational courses, hands-on labs, and live sessions, covering topics such as network security, vulnerability management, and data security technologies. Prerequisites include a basic understanding of operating systems and networks, along with access to a suitable PC.

Uploaded by

john.reeis77
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

SOC Analyst

Bootcamp Syllabus

1
Bootcamp Overview
Objective:

Prepare to meet the demand for cybersecurity professionals who are trained to play a critical
role in protecting an organization’s computer networks and systems. Learn to identify, correct
and respond to security weaknesses and incidents by determining appropriate security
controls to secure a network, system or application and assessing security threats through
vulnerability scanning and threat assessments. You’ll also learn how to monitor network traffic,
analyze alert and log data, and follow incident handling procedures in this diploma.

Prerequisites:
• A basic understanding of using operating systems, networks, and the Internet.
• Be able to download and install software.
• PC with minimum 16GB RAM, 4 Cores and 100GB empty storage.
• Willingness to Learn

Length of Recorded Sessions:


Program: All sessions are
- 5.5 months prerecorded to
- 120+ Hrs access the content
- 75+ Labs at your own pace

Technical Mentor
Support:
Our knowledgeable
Live Sessions:
mentors guide your
Up to 2 sessions per
learning and are
week
focused on
Up to 3 hours per
answering your
session
questions, motivating
you and keeping you
on track

1
Bootcamp Overview
SOC Analyst Tier1 Roadmap

What’s included in this bootcamp?

2
Course 1:
Cybersecurity Foundations
▪ Unlock the foundational knowledge and practical skills to to begin in Cybersecurity field
with Cyber Dojo’s Cybersecurity Foundations course. By understanding how technologies
operate, you'll be equipped to both attack and defend them effectively. The Cybersecurity
Foundations course is designed to be beginner-friendly and engaging, offering a fun and
foundational approach to learning the basics. Begin your cybersecurity journey here and
build a solid foundation for success in the field.

Week 2:
• Recorded Modules to be Finished by Student:
Module 1: Core Networking Concepts
Module 2: Network Services
Module 3: Linux Essentials for Security
Module 4: Windows Systems Basics
Module 5: Cybersecurity Careers

• Live Sessions:
o Session (2) Practice Labs:
▪ Pre Security Learning Path: https://tryhackme.com/r/path/outline/presecurity
o Session (3) Practice Labs:
▪ Active Directory Basics: https://tryhackme.com/r/room/winadbasics
▪ Windows Internals: https://tryhackme.com/r/room/windowsinternals

• Self Study Topics/Labs: (-)

3
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 3:
• Recorded Modules to be Finished by Student:
o Chapter 1: Network Security and Cloud Essentials
Module 1: Introduction to GSEC Preparation Course
Lab 1.1: Virtual Machine Setup
Module 2: Defensible Network Architecture
Module 3: Protocols and Packet Analysis
Lab 1.2: tcpdump

• Live Sessions:
o Session (4) Practice Labs:
▪ Introductory Networking: https://tryhackme.com/r/room/introtonetworking
▪ Network Services: https://tryhackme.com/r/room/networkservices
▪ Tcpdump: The Basics: https://tryhackme.com/r/room/tcpdump

• Self Study Topics/Labs:


o Topics:
▪ What Is a DMZ? https://www.fortinet.com/resources/cyberglossary/whatisdmz
o Lab:
▪ Network Services 2: https://tryhackme.com/r/room/networkservices2

4
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 4:
• Recorded Modules to be Finished by Student:
o Chapter 1: Network Security and Cloud Essentials
Module 4: Virtualization and Cloud Essentials
Lab 1.3: Wireshark
Module 5: Securing Wireless Networks
Lab 1.4: Aircrack-ng

• Live Sessions:
o Session (5) Practice Labs:
▪ Wireshark 101: https://tryhackme.com/r/room/wireshark
▪ Wifi Hacking 101: https://tryhackme.com/r/room/wifihacking101

• Self Study Topics/Labs:


o Topics:
▪ Levels of WiFi Hacking: https://www.youtube.com/watch?v=dZwbb42pdtg
▪ https://youtu.be/4rnrfbb1-Wg?si=9DqL1zCNfDWjlJg4
▪ https://youtu.be/WfYxrLaqlN8

5
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 5:
• Recorded Modules to be Finished by Student:
o Chapter 2: Defense-in-Depth
Module 6: Defense-in-Depth
Module 7: Identity & Access Management
Module 8: Authentication and Password Security
Lab 2.1: Hashcat

• Live Sessions:
o Session (6) Practice Labs:
▪ John the Ripper: The Basics: https://tryhackme.com/r/room/johntheripperbasics
▪ Identity and Access Management: https://tryhackme.com/r/room/iaaaidm

• Self Study Topics/Labs:


o Topics:
▪ What is IAM? https://www.ibm.com/topics/identity-access-management
▪ Microsoft PIM Full Demo: https://www.youtube.com/watch?v=ayiuYDFBj9g
▪ Intro to SailPoint: https://youtu.be/BSl7Ej2wOh0?si=rvlLpuhlV_BMIIfU
▪ How to use Hashcat: https://youtu.be/R_Nsj6BUr6w

6
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 6:
• Recorded Modules to be Finished by Student:
o Chapter 2: Defense-in-Depth
Module 9: Security Frameworks
Lab 2.2: Cain and Abel
Module 10: Data Loss Prevention
Lab 2.3: AppLocker
Module 11: Mobile Device Security

• Live Sessions:
o Session (7) Topics and Practice Labs:
▪ PCI and ISO Overview
▪ Governance & Regulation:
https://tryhackme.com/r/room/cybergovernanceregulation
▪ MITRE: https://tryhackme.com/r/room/mitre

• Self Study Topics/Labs:


o Topics:
▪ https://www.crowdstrike.com/en-us/cybersecurity-101/data-protection/pci-dss-
requirements/
▪ https://pcicompliancehub.com/pci-compliance-101-key-things-you-know-to-
succeed/
▪ https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
▪ https://advisera.com/27001academy/what-is-iso-27001/

7
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 7:
• Recorded Modules to be Finished by Student:
o Chapter 3: Vulnerability Management and Response
Module 12: Vulnerability Assessments
Module 13: Penetration Testing
Lab 3.1: Nmap
Module 14: Attacks and Malicious Software
Lab 3.2: Malicious Software

• Live Sessions:
o Session (8) Practice Labs:
▪ Nmap: The Basics: https://tryhackme.com/r/room/nmap
▪ Nmap Live Host Discovery: https://tryhackme.com/r/room/nmap01
▪ Nmap Basic Port Scans: https://tryhackme.com/r/room/nmap02
o Session (9) Practice Labs:
▪ Nmap Advanced Port Scans: https://tryhackme.com/r/room/nmap03
▪ Nmap Post Port Scans: https://tryhackme.com/r/room/nmap04
▪ Nessus: https://tryhackme.com/r/room/rpnessusredux
▪ OpenVAS: https://tryhackme.com/r/room/openvas

• Self Study Topics/Labs:


o Topics:
▪ https://www.crowdstrike.com/en-us/cybersecurity-101/exposure-
management/vulnerability-management-lifecycle/
▪ https://www.ibm.com/think/topics/vulnerability-management-lifecycle

8
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 8:
• Recorded Modules to be Finished by Student:
o Chapter 3: Vulnerability Management and Response
Module 15: Web Application Security
Lab 3.3: Command Injection
Module 16: Security Operations and Log Management
Module 17: Digital Forensics and Incident Response
Lab 3.4: hping3

• Live Sessions:
o Session (10) Practice Labs:
▪ Web Application Basics: https://tryhackme.com/r/room/webapplicationbasics
▪ BurpSuite Intro: https://tryhackme.com/r/module/learn-burp-suite
▪ Login Bypass: https://portswigger.net/web-security/sql-injection/lab-login-bypass
o Session (11) Practice Labs:
▪ Reflected XSS https://portswigger.net/web-security/cross-site-
scripting/reflected/lab-html-context-nothing-encoded
▪ Stored XSS https://portswigger.net/web-security/cross-site-scripting/stored/lab-
html-context-nothing-encoded
▪ Basic SSRF https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-
localhost
▪ OS Command Injection: https://portswigger.net/web-security/os-command-
injection/lab-simple
▪ LFI: https://portswigger.net/web-security/file-path-traversal/lab-simple

• Self Study Topics/Labs:


o Labs:
▪ OWASP Top 10 - 2021: https://tryhackme.com/r/room/owasptop102021

10

9
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 9:
• Recorded Modules to be Finished by Student:
o Chapter 4: Data Security Technologies
Module 18: Cryptography
Lab 4.1: Image Steganography
Module 19: Cryptography Algorithms and Deployment
Module 20: Applying Cryptography
Lab 4.2: GNU Privacy Guard (GPG)

• Live Sessions:
o Session (12) Practice Labs:
▪ Cryptography for Dummies:
https://tryhackme.com/r/room/cryptographyfordummies
▪ Cryptography Basics: https://tryhackme.com/r/room/cryptographybasics
▪ Public Key Cryptography Basics: https://tryhackme.com/r/room/publickeycrypto

• Self Study Topics/Labs:


o Topics:
▪ What is PKI: https://www.youtube.com/watch?v=0ctat6RBrFo
▪ https://www.okta.com/identity-101/public-key-infrastructure/

11

10
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 10:
• Recorded Modules to be Finished by Student:
o Chapter 4: Data Security Technologies
Module 21: Network Security Devices
Lab 4.3: Snort
Module 22: Endpoint Security
Lab 4.4: Hashing

• Live Sessions:
o Session (13) Practice Labs:
▪ Hashing Basics: https://tryhackme.com/jr/hashingbasics
▪ Snort: https://tryhackme.com/r/room/snort
o Session (14) Practice Labs:
▪ Snort Challenge - The Basics: https://tryhackme.com/r/room/snortchallenges1
▪ Snort Challenge - Live Attacks: https://tryhackme.com/r/room/snortchallenges2

• Self Study Topics/Labs:


o Topics:
▪ Research about this security solutions:
• Intrusion Detection System (IDS)
• Intrusion Prevention System (IPS)
• Firewall

12

11
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 11:
• Recorded Modules to be Finished by Student:
o Chapter 5: Windows and Azure Security
Module 23: Windows Security Infrastructure
Lab 5.1: Process Hacker
Module 24: Windows as a Service
Module 25: Windows Access Controls
Lab 5.2: NTFS Permissions Reporter

• Live Sessions:
o Session (15) Practice Labs:
▪ Core Windows Processes: https://tryhackme.com/r/room/btwindowsinternals

• Self Study Topics/Labs:


o Topics:
▪ Research about this security solutions:
• Endpoint Detection and Response (EDR)
• Antivirus Software (AV)
• Sandbox Solutions

13

12
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 12:
• Recorded Modules to be Finished by Student:
o Chapter 5: Windows and Azure Security
Module 26: Enforcing Security Policy
Lab 5.3: SECEDIT.EXE
Module 27: Microsoft Cloud Computing
Module 28: Automation, Logging, and Auditing
Lab 5.4: PowerShell Scripting

• Live Sessions:
o Session (16) Practice Labs:
▪ Microsoft Windows Hardening:
https://tryhackme.com/r/room/microsoftwindowshardening
▪ Active Directory Hardening:
https://tryhackme.com/r/room/activedirectoryhardening

• Self Study Topics/Labs:


o Topics:
▪ Research about this security solutions:
• Data Loss Prevention (DLP)
• Asset Management Solutions

14

13
Course 2:
GSEC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber threats
with Cyber Dojo’s GSEC Preparation (SEC401) course. This course delves into the
fundamental principles of computer and information security, empowering participants with
the language and underlying mechanisms necessary to safeguard systems and organizations
effectively.

Week 13:
• Recorded Modules to be Finished by Student:
o Chapter 6: Linux, AWS, and Mac Security
Module 29: Linux Fundamentals
Module 30: Linux Security Enhancements and Infrastructure
Module 31: Containerized Security
Module 32: AWS Fundamentals
Module 33: AWS Security Controls
Module 34: AWS Hardening
Module 35: macOS Security

• Live Sessions:
o Session (17) Practice Labs:
▪ Linux System Hardening: https://tryhackme.com/r/room/linuxsystemhardening
▪ Network Device Hardening:
https://tryhackme.com/r/room/networkdevicehardening
o Session (18) Topics:
▪ Setting Goals for the Next Course
▪ Introducing the project and Course Closure

• Self Study Topics/Labs:


o Topics:
▪ Research about this security solutions:
• Web Application Firewall (WAF)
• Load Balancer
• Proxy Server
• Email Security Solutions

15

14
Project (1):
Planning for Security Controls
In this project, you will assess the organization's
compliance with the NIST-800-53 framework, propose
enhancements to security controls, and develop a VPN
Project: deployment plan to support remote work. You'll also
create a two-factor authentication deployment strategy
Planning for to address security challenges. Effective documentation
Security Controls and communication with non-technical leadership will
be essential to align your recommendations with
business goals and enhance CyberCo's overall security
posture.

Phase I: Security Environment Analysis


• NIST Standards Assessment: Review CyberCo's security controls using an
abbreviated NIST-800-53 workbook. Assign scores, provide feedback, and
suggest improvements for the infrastructure manager.
• Control Recommendations: Propose physical, administrative, and logical
controls to address identified gaps. Create and customize security policies to
strengthen CyberCo's security posture.

Phase II: Security Design and Deployment


• Scenario 1: VPN Deployment
o Analyze the pandemic's impact on operations and propose a VPN solution
for secure remote access.
o Inventory hardware/software requirements, identify integration points (e.g.,
LDAP), and create a deployment plan with network diagrams.
• Scenario 2: Duo 2FA Implementation
o Respond to a phishing-induced breach by planning a deployment of Duo's
2FA solution.
o Document hardware/software requirements, integration points, and new
logical controls. Update network diagrams to reflect enhanced security
measures.
Incident Response Planning
• Draft major incident reports for executive leadership and external stakeholders,
detailing breach findings, containment measures, and lessons learned.

16

15
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 15:
• Recorded Modules to be Finished by Student:
o Chapter 1: Blue Team Tools and Operations
o Bonus Labs:
▪ Intro to Cyber Threat Intel: https://tryhackme.com/r/room/cyberthreatintel
▪ Threat Intelligence Tools: https://tryhackme.com/r/room/threatinteltools
▪ Yara: https://tryhackme.com/r/room/yara
▪ OpenCTI: https://tryhackme.com/r/room/opencti
▪ MISP: https://tryhackme.com/r/room/misp

• Live Sessions:
o Session (19) Practice Labs:
▪ Oski - https://cyberdefenders.org/blueteam-ctf-challenges/oski/
▪ Yellow RAT - https://cyberdefenders.org/blueteam-ctf-challenges/yellow-rat/
▪ Lespion - https://cyberdefenders.org/blueteam-ctf-challenges/lespion/

• Self Study Topics/Labs:


o Labs:
▪ SOC Fundamentals: https://app.letsdefend.io/training/lessons/soc-
fundamentals
▪ Friday Overtime: https://tryhackme.com/r/room/fridayovertime
▪ Trooper: https://tryhackme.com/r/room/trooper

17

16
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 15 (Cont’d):
• Recorded Modules to be Finished by Student:
o Chapter 1: Blue Team Tools and Operations
o Bonus Labs:
▪ Junior Security Analyst Intro: https://tryhackme.com/r/room/jrsecanalystintrouxo
▪ TheHive Project: https://tryhackme.com/r/room/thehiveproject

• Live Sessions:
o Session (20) Practice Labs:
▪ Red Stealer - https://cyberdefenders.org/blueteam-ctf-challenges/red-stealer/
▪ 3CX Supply Chain - https://cyberdefenders.org/blueteam-ctf-challenges/3cx-
supply-chain/
▪ GrabThePhisher - https://cyberdefenders.org/blueteam-ctf-
challenges/grabthephisher/
▪ IcedID - https://cyberdefenders.org/blueteam-ctf-challenges/icedid/

• Self Study Topics/Labs:


o Labs:
▪ OpenCTI 101 - https://cyberdefenders.org/blueteam-ctf-challenges/opencti-101/
▪ Tusk Infostealer - https://cyberdefenders.org/blueteam-ctf-challenges/tusk-
infostealer/

18

17
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 16:
• Recorded Modules to be Finished by Student:
o Chapter 2: Understanding Your Network
o Bonus Labs:
▪ Traffic Analysis Essentials:
https://tryhackme.com/r/room/trafficanalysisessentials
▪ NetworkMiner: https://tryhackme.com/r/room/networkminer
▪ Zeek: https://tryhackme.com/r/room/zeekbro
▪ Zeek Exercises: https://tryhackme.com/r/room/zeekbroexercises

• Live Sessions:
o Session (21) Practice Labs:
▪ Tomcat Takeover - https://cyberdefenders.org/blueteam-ctf-challenges/webstrike/
▪ PoisonedCredentials - https://cyberdefenders.org/blueteam-ctf-
challenges/poisonedcredentials/
▪ PsExec Hunt - https://cyberdefenders.org/blueteam-ctf-challenges/psexec-hunt/
▪ DanaBot - https://cyberdefenders.org/blueteam-ctf-challenges/danabot/
▪ PacketDetective - https://cyberdefenders.org/blueteam-ctf-
challenges/packetdetective/

• Self Study Topics/Labs:


o Labs:
▪ TShark: The Basics: https://tryhackme.com/r/room/tsharkthebasics
▪ TShark: CLI Wireshark Features:
https://tryhackme.com/r/room/tsharkcliwiresharkfeatures
▪ WebStrike: https://cyberdefenders.org/blueteam-ctf-challenges/webstrike/
▪ OpenWire: https://cyberdefenders.org/blueteam-ctf-challenges/openwire/

19

18
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 16 (Cont’d):
• Recorded Modules to be Finished by Student:
o Chapter 2: Understanding Your Network
o Bonus Labs:
▪ Wireshark: The Basics: https://tryhackme.com/r/room/wiresharkthebasics
▪ Wireshark: Packet Operations:
https://tryhackme.com/r/room/wiresharkpacketoperations
▪ Wireshark: Traffic Analysis:
https://tryhackme.com/r/room/wiresharktrafficanalysis
▪ Brim: https://tryhackme.com/r/room/brim

• Live Sessions:
o Session (22) Practice Labs:
▪ JetBrains - https://cyberdefenders.org/blueteam-ctf-challenges/jetbrains/
▪ RetailBreach - https://cyberdefenders.org/blueteam-ctf-challenges/retailbreach/
▪ Tomcat Takeover - https://cyberdefenders.org/blueteam-ctf-challenges/tomcat-
takeover/
▪ XXE Infiltration - https://cyberdefenders.org/blueteam-ctf-challenges/xxe-
infiltration/
▪ Web Investigation - https://cyberdefenders.org/blueteam-ctf-challenges/web-
investigation/

• Self Study Topics/Labs:


o Labs:
▪ TShark Challenge I: Teamwork:
https://tryhackme.com/r/room/tsharkchallengesone
▪ TShark Challenge II: Directory:
https://tryhackme.com/r/room/tsharkchallengestwo

20

19
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 17:
• Recorded Modules to be Finished by Student:
o Chapter 3: Understanding Endpoints, Logs, and Files
o Bonus Labs:
▪ Intro to Endpoint Security: https://tryhackme.com/r/room/introtoendpointsecurity
▪ Sysinternals: https://tryhackme.com/r/room/btsysinternalssg
▪ Windows Event Logs: https://tryhackme.com/r/room/windowseventlogs
▪ Volatility: https://tryhackme.com/room/volatility

• Live Sessions:
o Session (23) Practice Labs:
▪ Amadey - https://cyberdefenders.org/blueteam-ctf-challenges/amadey/
▪ The Crime - https://cyberdefenders.org/blueteam-ctf-challenges/the-crime/
▪ Volatility Traces - https://cyberdefenders.org/blueteam-ctf-challenges/volatility-
traces/
▪ Insider - https://cyberdefenders.org/blueteam-ctf-challenges/insider/
▪ Ramnit - https://cyberdefenders.org/blueteam-ctf-challenges/ramnit/

• Self Study Topics/Labs:


o Labs:
▪ Monday Monitor: https://tryhackme.com/r/room/mondaymonitor
▪ Retracted: https://tryhackme.com/r/room/retracted

21

20
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 17 (Cont’d):
• Recorded Modules to be Finished by Student:
o Chapter 3: Understanding Endpoints, Logs, and Files
o Bonus Labs:
▪ Sysmon: https://tryhackme.com/r/room/sysmon
▪ Osquery: The Basics: https://tryhackme.com/r/room/osqueryf8
▪ Wazuh: https://tryhackme.com/r/room/wazuhct

• Live Sessions:
o Session (24) Practice Labs:
▪ RedLine - https://cyberdefenders.org/blueteam-ctf-challenges/redline/
▪ XMRig - https://cyberdefenders.org/blueteam-ctf-challenges/xmrig/
▪ Andromeda Bot - https://cyberdefenders.org/blueteam-ctf-
challenges/andromeda-bot/
▪ Reveal - https://cyberdefenders.org/blueteam-ctf-challenges/reveal/

• Self Study Topics/Labs:


o Labs:
▪ Lumma Stealer: https://cyberdefenders.org/blueteam-ctf-
challenges/lummastealer/
▪ MeteorHit - https://cyberdefenders.org/blueteam-ctf-challenges/meteorhit/

22

21
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 18:
• Recorded Modules to be Finished by Student:
o Chapter 4: Triage and Analysis
o Bonus Labs:
▪ Pyramid Of Pain: https://tryhackme.com/r/room/pyramidofpainax
▪ Cyber Kill Chain: https://tryhackme.com/r/room/cyberkillchainzmt
▪ Unified Kill Chain: https://tryhackme.com/r/room/unifiedkillchain
▪ Diamond Model: https://tryhackme.com/r/room/diamondmodelrmuwwg42
▪ MITRE: https://tryhackme.com/r/room/mitre

• Live Sessions:
o Session (25) Practice Labs:
▪ SOC Analyst Learning Path on LetsDefend (Part1)
▪ Additional Labs from the self study labs

• Self Study Topics/Labs:


o Labs:
▪ Summit: https://tryhackme.com/r/room/summit
▪ Eviction: https://tryhackme.com/r/room/eviction

23

22
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 18 (Cont’d):
• Recorded Modules to be Finished by Student:
o Chapter 4: Triage and Analysis
o SOC Analyst Learning Path on LetsDefend (Part 2)
o Bonus Labs:
▪ Introduction to SIEM: https://tryhackme.com/r/room/introtosiem
▪ Investigating with ELK 101: https://tryhackme.com/r/room/investigatingwithelk101
▪ Splunk: Basics: https://tryhackme.com/r/room/splunk101
▪ Incident handling with Splunk: https://tryhackme.com/r/room/splunk201

• Live Sessions:
o Session (26) Practice Labs:
▪ NerisBot - https://cyberdefenders.org/blueteam-ctf-challenges/nerisbot/
▪ BOTSv1 (CyberDefenders): https://cyberdefenders.org/blueteam-ctf-
challenges/boss-of-the-soc-v1/

• Self Study Topics/Labs:


o Labs:
▪ BOTSv2 (TryHackMe): https://tryhackme.com/r/room/splunk2gcd5
▪ BOTSv2 (CyberDefenders): https://cyberdefenders.org/blueteam-ctf-
challenges/boss-of-the-soc-v2/
▪ Investigating with Splunk: https://tryhackme.com/r/room/investigatingwithsplunk

24

23
Course 3:
GSOC Preparation
▪ Unlock the foundational knowledge and practical skills to defend against cyber
threats with Cyber Dojo’s GSOC Preparation (SEC450) course. This course equips learners
with foundational skills and knowledge necessary to operate effectively in a Security
Operations Center (SOC). Participants will gain insights into SOC functions, tools, and
processes, enabling them to detect, analyze, and respond to cyber threats.

Week 19:
• Recorded Modules to be Finished by Student:
o Chapter 5: Continuous Improvement, Analytics, and Automation
o SOC Analyst Learning Path on LetsDefend (Parts 3,4,5)

• Live Sessions:
o Session (27) Practice Labs:
▪ BOTSv2 (TryHackMe): https://tryhackme.com/r/room/splunk2gcd5
▪ Revil - https://cyberdefenders.org/blueteam-ctf-challenges/revil/
▪ Additional Labs from the self study labs
o Session (28) Practice Labs:
▪ BOTSv2 (CyberDefenders): https://cyberdefenders.org/blueteam-ctf-
challenges/boss-of-the-soc-v2/
▪ AWSRaid - https://cyberdefenders.org/blueteam-ctf-challenges/awsraid/
▪ AzureHunt - https://cyberdefenders.org/blueteam-ctf-challenges/azurehunt/
▪ Additional Labs from the self study labs

• Self Study Topics/Labs:


o Further Labs (P.S: will be also recorded):
▪ BOTSv3 (TryHackMe): https://tryhackme.com/r/room/splunk3zs
▪ BOTSv3 (CyberDefenders): https://cyberdefenders.org/blueteam-ctf-
challenges/boss-of-the-soc-v3/
▪ Benign: https://tryhackme.com/r/room/benign
▪ Complete sections from (https://tryhackme.com/r/path/outline/soclevel1):
• Section 6: Digital Forensics and Incident Response
• Section 7: Phishing
• Section 8: SOC Level 1 Capstone Challenges

25

24
Project (2):
Day in the Life of a SOC Analyst
The goal is to assume the role of a Tier 1 SOC Analyst at a
financial firm requiring continuous security monitoring.
Analysts handle five critical alerts, including suspicious
Project: behavior on a web server, unauthorized access and file
exfiltration, possible malware on a Windows host, and
Day in the Life of a phishing email campaigns. You will analyze these alerts
SOC Analyst using security incident handling procedures to assess
their validity and determine escalation. The project
concludes with a Tabletop Exercise (TTX) to refine the
team's incident response strategies.

Part 1: Incident Investigation and Reporting

• Objective: Analyze five alerts using Security Onion and create


incident tickets for true positive findings.
• Steps:
1. Investigate alerts flagged by Security Onion:
▪ Alert 1: Suspicious behavior on the corporate web server.
▪ Alert 2: Unauthorized access and file exfiltration.
▪ Alert 3: Possible malware on Windows host.
▪ Alert 4: Possible malware detected.
▪ Alert 5: Phishing email campaign.
2. Use the Incident Response Playbooks developed by DojoCo
3. Create incident tickets using the Incident Ticket Template
for confirmed threats.

Part 2: Incident Handling Tabletop Exercises (TTX)

• Objective: Simulate incident response scenarios to refine


processes and decision-making.
• Scenarios:
1. Worm and DDoS Agent Infestation
• Analyze how a worm spreads through an organization
and respond using the Diamond Model.
2. Unauthorized Access to Payroll Records
• Investigate physical workstation access and apply the
Kill Chain Model for evidence gathering and analysis.
26

25
Course 4:
IBM QRadar Foundations
▪ Unlock the foundational knowledge and practical skills to use Qradar SIEM with
Cyber Dojo’s IBM QRadar Foundations course. This course equips learners to navigate the
QRadar SIEM user interface, including the dashboard, and investigate offenses with
confidence. Participants will develop the ability to analyze offenses triggered by events or
flows, leveraging asset profiles, rules, reports, and advanced filters for investigations.

Week 21:
• Recorded Modules to be Finished by Student:
1- Describe how QRadar SIEM collects data to detect suspicious activities
2- Describe the QRadar SIEM component architecture and data flows
3- Navigate the user interface
4- Investigate suspected attacks and policy breaches
5- Search, filter, group, and analyze security data
6- Use network hierarchies
7- Locate custom rules and inspect actions and responses of rules
8- Analyze offenses created by QRadar SIEM
9- Use index management
10- Navigate and customize the QRadar SIEM dashboard
11- Use QRadar SIEM to create customized reports
12- Use charts and filters
13- Use AQL for advanced searches

• Labs to be Solved:
o Qradar101 CTF: https://cyberdefenders.org/blueteam-ctf-challenges/qradar101/

27

26
Last Session:
Final Q&A and Career Advices
• Recap of the Training:
– Overview of key concepts covered in the course.
– Highlighting practical skills and their applications.
• Addressing Participants' Questions:
– Open Q&A session for unresolved or complex topics.
– Discussion of real-world challenges and solutions.
• Career Guidance:
– Tips for entering and excelling in cybersecurity roles.
– Recommended certifications and learning paths
– Building a strong cybersecurity resume and LinkedIn profile.
– Effective networking strategies within the cybersecurity
community.
• Industry Insights:
– Current trends in cybersecurity (e.g., threat hunting, cloud
security).
– Emerging technologies and their impact on security roles.
• Roadmap for Continued Learning:
– Suggested resources (platforms, books, labs, communities).
– Developing a personalized career growth plan.
• Interactive Discussion:
– Sharing success stories and motivational advice.
– Encouraging peer-to-peer networking and collaboration.

28

27
The Diploma Include

STUDY MATERIALS

RESOURCES

• Session recordings
• All PDF materials
• All software needed

PERSONAL CAREER SERVICES

CAREER SUPPORT

• CV and Resume review


• LinkedIn profile optimization
• Job recommendations

TECHNICAL MENTOR SUPPORT

MENTORSHIP SERVICES

• Support for all your technical questions


• Specialized project review
• After bootcamp mentorship

29

28
Meet Your Mentor

Omar Zayed is a Managing Security Consultant at IBM,


specializing in Security Intelligence & Operations Consulting
(SIOC) domains. Leveraging his extensive hands-on expertise,
he excels in SOC investigations, digital forensics and incident
response (DFIR), threat hunting, and malware analysis.
Alongside his technical proficiency, Omar has a solid
consulting background, guiding organizations in designing and
building advanced SOCs, conducting maturity and gap
assessments, and developing SOC strategies and governance
frameworks. His consulting efforts encompass the creation of
robust SOC processes, response playbooks, detection use
cases, and metrics that all aimed at synchronizing people,
processes, and technology for optimal performance.

He also demonstrates expertise in developing and fine-tuning


SIEM alerting capabilities, resolving complex DFIR cases,
executing threat hunting activities, implementing advanced
threat detection systems, and conducting adversary
emulation and purple teaming exercises. His dedication to
continual improvement in detection, response, and
operational efficiency is evident throughout his work.

Additionally, Omar is a dedicated cybersecurity instructor


and mentor. He has designed and delivered training programs
for both newcomers and experienced professionals,
emphasizing practical, real-world applications. His
commitment to teaching and mentoring highlights his passion
for advancing the field of cybersecurity and empowering
individuals and organizations to excel.

https://www.linkedin.com/in/omartarekzayed/

https://www.OmarZayed.com/

30

29
Feedbacks

31

30

You might also like