SOC-200: Security Operations and Defensive Analysis

Course Information

Course Name

SOC-200: Security Operations and Defensive Analysis

Exam code

OSDA

Duration

5 Days

Certification

OffSec Certified OffSec Defense Analyst (OSDA)

Overview

The Security Operations and Defensive Analysis (SOC-200) course delves into the foundations of defending networks and systems against cyber threats. Learners gain practical experience within a hands-on, self-paced environment designed to teach the fundamental concepts of SOC operations.
Individuals completing the online training course and passing its rigorous exam, earn the OffSec Defense Analyst (OSDA) certification. This SOC Analyst certification demonstrates your ability to detect, analyze, and assess a potential security incident through live exercises. The OSDA stands out in the cybersecurity field, reflecting a commitment to hands-on defensive skills sought after by employers.

Audience Profile

The SOC-200 certification course is ideal for security professionals seeking to enhance their defensive analysis and response skills and earn the OSDA. It’s designed for individuals who have a solid foundation in networking and basic familiarity with Linux and Windows systems.

Prerequisites

While there are no formal prerequisites, it’s strongly recommended that you have:

• A solid foundation in TCP/IP networking

• Familiarity with Linux and Windows operating systems

• Basic understanding of cybersecurity concepts

At Course Completion

Upon completing SOC-200 and successfully passing the OSDA exam, you’ll have mastered core defensive methodologies, including:

• Security monitoring and log analysis

• Incident detection and threat identification

• Triaging and escalating events

• Incident response process and procedures

• Network and host-based forensics (basics)

Course Outline

Module 1: Attack Methodology Introduction

Build a foundation for understanding attacker behaviors and how to anticipate their moves in penetration testing engagements

Module 2: Windows Endpoint Introduction

Discover common vulnerabilities in Windows endpoints and the attack vectors adversaries use to target them

Module 3: Windows Server-Side Attacks

Learn methods commonly used to exploit critical services and vulnerabilities on compromised Windows servers

Module 4: Windows Client-Side Attacks

Analyze browser-based attacks, vulnerabilities in software, and social engineering techniques attackers use to compromise user-facing sides of Windows systems

Module 5: Windows Privilege Escalation

Exploit misconfigurations, software flaws, and zero-day vulnerabilities to increase your level of network control

Module 6: Windows Persistence

Explore file system persistence, registry modifications, scheduled tasks, and other methods to retain the upper hand on attackers trying to stay hidden on compromised Windows systems

Module 7: Linux Endpoint Introduction

Get familiar with common attack vectors used to target Linux endpoints, their security mechanisms, and potential vulnerabilities

Module 8: Linux Server-Side Attacks

Understand how adversaries compromise Linux servers through privilege escalation methods, service exploits, and configuration weaknesses

Module 9: Network Detections

Refine your evasion strategies by using firewalls, intrusion detection systems, and other tools to identify malicious activities

Module 10: Antivirus Alerts and Evasion

Use advanced methods for evading antivirus solutions and minimize your digital footprint with techniques like payload obfuscation and exploit customization

Module 11: Network Evasion and Tunneling

Avoid being detected by defensive technologies while making lateral network moves using covert communication methods and tunneling techniques

Module 12: Active Directory Enumeration

Uncover potential attack paths with methods and tools that gather information about Active Directory’s structure, users, groups, and permissions

Module 13: Windows Lateral Movement

Leverage compromised credentials, remote execution, and network pivoting to expand control in Windows environments post-exploit

Module 14: Active Directory Persistence

Explore hidden accounts, service manipulation, and other methods of blending into network fabrics using the same techniques as attackers

Module 15: SIEM Part One

Building an ELK SIEM: Get hands-on with setting up a SIEM solution using the ELK stack (Elasticsearch, Logstash, and Kibana). Learn how to install, configure, and integrate these components to start collecting and analyzing security logs

Module 16: SIEM Part Two

Operationalizing Your SIEM: Discover how to effectively manage and use your ELK SIEM deployment. Learn to collect logs from various sources, normalize data, create insightful dashboards, and set up alerts to proactively detect a security incident

All OffSec certification courses are conducted by certified trainers from Iverson.

Digital Methods acts as the official training partner and assists with program consultation, registration, coordination, scheduling, and administrative arrangements to ensure a seamless and professionally managed training experience.