FULL Course Outline
What our students are saying!
"This has been one of the best investments I've made since switching careers two years ago."
This has been one of the best investments I've made since switching careers two years ago. My name is Jonathan, and I’m a former civil engineer who followed my passion into cybersecurity. Feeling lost at first, I took things step by step, starting with my Security+ certification. I’d been following your content for a while, so when your course came out, I knew it was the right investment.
The advanced labs, especially those without guidance, pushed me to truly learn and apply my skills—making a real difference in my job. Now, I have something valuable to showcase on my CV when applying for roles, and it’s clear that this course has elevated my perspective and skills. If you're on the fence, I highly recommend this course. It’s truly been one of the most impactful investments in my career transition.
"Enrolling in this course is one of the best decisions I’ve made in my career."
Enrolling in this course is one of the best decisions I’ve made in my career. My name is Abdulazeez Mohammed from Nigeria, and I've been a SOC analyst for a year and six months. My short-term goal is to become a SOC engineer, and this course has been incredible in helping me reach that. After adding two of the projects that you created (SOC Automation Project & Active Directory Project) onto my resume, I landed two interviews, and companies were impressed with my work.
I've learned to scope my investigations better, ask the right questions, and think from a client’s perspective. My favorite part is reporting—understanding how to present findings effectively. Every module brings me closer to my dream, and I can confidently say that this course offers the skills you need, from foundational to advanced levels. If you’re aiming for a career in defense, SOC analysis, or digital forensics, go for it—you won’t regret it.
"This is not a scam."
My name is Mohammed Harper, an American who grew up in Nigeria, and I’ve been exploring cybersecurity since 2017 with the goal of becoming a consultant. I discovered your work last year when I started looking into the defensive side of security, and you quickly became my go-to resource. The moment your course launched, I was there at midnight, eager to dive in, and it’s been nothing short of amazing.
I’ve learned invaluable skills, especially in OSINT and email analysis, uncovering layers of cybersecurity I never knew existed. The course taught me how to think like a cybersecurity professional, diving deep into the theory and practical skills that have completely shifted my approach. For anyone on the fence, just buy it. It might seem overwhelming at first, but if you put in the work and follow the guidance, you won’t regret it for a second.
Your dream is to become a SOC analyst.
Or maybe you already are one and want to get better...
You spent a lot of time researching and studying, working really hard to get those certifications everyone recommended, hoping to become a SOC analyst.
But you still feel unsure and stuck when it comes to applying what you learned to real world scenarios. You're not the only one. Many new SOC analysts feel lost in their role because of the lack of application and knowledge.
The MYDFIR SOC Analyst Course comes from 5+ years of experience in security operations. I'll give you practical tips on how to investigate and teach you how to conduct better investigations. This will help you provide more value to both clients and stakeholders.
Included are all the training and resources to make you become a superstar in the SOC. Once you understand how to investigate, what to look for and why, everything will start to make sense.
What is included?
My goal with The MYDFIR SOC Analyst Course is to provide you with as much information as possible to excel and stand out as an analyst within a security operations center (SOC). If you are looking for an affordable hands-on SOC analyst course that will build your skills and confidence, this is it.
_____________
8 chapters with 30+ hands-on labs
that include both written and video walkthroughs that can be completed at your own pace. This is a course where you will be responsible for setting up your OWN lab environment.
_____________
5 exclusive SOC-related projects
that I will not share anywhere else. This is for you to build an amazing portfolio to showcase to recruiters and hiring managers.
_____________
Final capstone
that will push you to the limit. You will be responsible for creating a final investigation report that will test you on everything you have learned from this course. The best part? I will be reviewing your report and providing feedback.
What is covered?
Everything you need to excel and stand out as a SOC analyst.
I’ve had the opportunity to work for multiple managed security service providers (MSSPs) offering SOC as a Service and took a lot of notes on where many new and aspiring SOC analysts fall short.
The MYDFIR SOC Analyst Course provides practical tips and learnings to bridge the gap for SOC analysts and provide what is usually missing: VALUE.
Fundamentals and Refreshers
We'll start with the fundamentals and refreshers. This will touch on topics that you as an analyst should know.
Security Operations Center
I'm going to share what a SOC is and what are the benefits. We'll touch upon what makes a "dream" SOC.
Frameworks
Frameworks are important to know as they can help guide you. The more frameworks you know, the better you will become.
Indicators of Compromise
Not all IOCs are created equal, some are harder to change for an attacker while others are extremely trivial.
Open Source Intelligence
Data without context is just data. I'll teach you how to utilize OSINT to provide additional context for better investigations.
Art of Investigations
What differentiates yourself from other SOC analysts? The ability to perform investigations. I'm going to teach you how to ask better questions and provide more value to clients and stakeholders.
Job Readiness
Lastly, I will walk you through how to get ready for the job market and provide you resources that will help you stand out.
Learn the skills to become a SOC analyst.
Here is a shocking statistic.
“A UK government report found 22% of cyber-sector companies employ staff who lack the necessary skills needed, and 44% say their job applicants lack the necessary technical skills to do the job.” - DarkReading
It's time to change that.
Practical Application
The MYDFIR SOC Analyst Course includes 30+ hands-on labs that touches on the important categories a SOC analyst is expected to understand.
Identity | Cloud | Network | Malware | Endpoint
What to expect.
Here is a sneak peek
What our students are saying!
"Informative, precise, and meaningful and the way you explain keep me motivated. Thanks Steven."
"Soc course on the extreme level, how I wish this was release like last year, keep up the mighty work. ❤️"
"Wow! I'm learning so much about real-world cases! Thanks, Steven!"
"Thank You Steve. This course is pure gold!"
"I wish I have had this amazing explanations when I was studying for my Sec+"
"Since I am preparing for Security+ along with this course, this refresher helps me to understand more. "
"When I get asked 'what is your experience' in a job interview I will be able to blow the minds of the interviewers with all this knowledge and labs!"
"Super happy to start my journey to a successful career. Been following the youtube channel for a while and i been waiting for this course to come out. Looks great so far. Thank you"
"This is awesome...plenty of learning to do here."
Who this course is for?
Not everyone is going to be a right fit for The MYDFIR SOC Analyst Course.
Prerequisites
A basic understanding of IT, networking & cybersecurity concepts. Familiarity with the Linux command-line, network security monitoring, and Security Information and Event Management (SIEM) is nice to have.
Computer Requirements
CPU: 64-bit architecture Intel or AMD
NOTE: ARM macs (M1, M2, M3) are NOT recommended due to limitations in virtualization. If you have no other options, please use the cloud to get the most out of this course.
OS: Windows
RAM: 16 GB or more
Disk: 250 GB or more
NOTE: if you do not meet these requirements, you can still do the labs, however, you may experience technical difficulties when it comes to the projects. Please consider using the cloud to complete the projects.
Software Requirements
Hypervisor: Any (Although VMWare Workstation Pro is recommended)
NOTE: Any hypervisor should work, but I do provide a custom built Virtual Machine that will only work with VMWare. This custom Virtual Machine is not required but it is nice to have.
Archive: 7-Zip
The course materials are provided through a download link in the applicable course modules. Given that the size of these files can be significant, it is important to allocate sufficient time for the download process. The duration of this process can vary greatly due to internet connections and speeds.
Purchase Once, Lifetime Access
All students will get lifetime access with their one-time payment. Cybersecurity is extremely dynamic, which is why I plan to continuously expand the course with additional content taught by myself and future instructors.
You'll get these updates free of charge.
Updates could include:
- New video lessons
- Updated projects
- New lab scenarios
- Updated references
Meet your instructor.
Hi! My name is Steven aka MyDFIR and I am SO happy you are here.
I am a seasoned cybersecurity professional with over 5 years of experience in the industry, specializing in security operations.
Throughout my career, I had the privilege of working with a diverse range of companies, including top consulting firms and government entities. I've dedicated myself to staying at the forefront of this dynamic and ever-evolving industry.
To further enhance my expertise, I have pursued and obtained multiple SANS GIAC certifications, which have equipped me with an in-depth understanding of various cybersecurity domains.
Want to see how I teach?
Watch my FREE SOC Mini-Course
Frequently Asked Questions
Who is this course for?
Students & professionals who are looking to transition into cybersecurity, specifically within the security operations domain as a SOC analyst. Those already in the SOC will also benefit from this training by learning how to provide value to clients and stakeholders.
How does this differ from other SOC analyst courses?
This course was built by an analyst for analysts and I've seen first hand where many SOC analysts fall short when it comes to investigations. This course does not teach you how to master a tool, instead it teaches you how to investigate using the tools, how to ask better questions and provides you with practical tips.
Who are you? Why Should I listen to you?
Hi, I'm Steven aka MyDFIR. I have over 5+ years of experience within the security operations domain and I worked with a diverse range of companies, including top consulting firms and government entities. I have witnessed both junior and senior SOC analysts get extremely lost when performing investigations and I was like that myself when I started. I had no one to teach me or no one had the time to teach because they were constantly battling alerts. Most of what I learned in school did not apply in a real-world SOC environment. I was never taught how to investigate or what to look for, instead I was taught the CIA triad and hoped for the best. Thus, I spent countless hours to improve my craft and get better at what I do. I've walked the walk, been in the trenches and now I want to share with you everything I know so you can level up and be better prepared to tackle any SOC environment.
How long will it take to complete the course?
Short answer: N/A - there are too many variables. This course contains a ton of content and it shouldn't be rushed. There are over 30 labs that will challenge your investigation skills using certain tools and 5 SOC-related projects that are time-consuming to complete. This isn't a course that you binge for a weekend and call it. It's a blueprint on how to investigate and what to look for. This will take time to learn.
I'm totally new to this. Can this help me?
If you're completely new with no experience, this is not the right course for you, at least not yet. This course is designed for students and professionals who have basic knowledge in IT, network & cybersecurity. Without the basics, the contents in this course will not make sense and it will do you a disservice. I would rather you invest your money into something more tailored towards basic fundamentals. If you're interested in cybersecurity but not sure where to start, I have a cybersecurity roadmap on my YouTube channel @MyDFIR that you can watch.
What's your refund policy?
I'm not offering refunds on The MYDFIR SOC Analyst Course. This course will provide students with lifetime access and will be continuously updated with new information. This course is not for people who are on the fence. It is for those who are absolutely certain they are interested in security operations. This course is not for those who "don't have time" or might have buyer's remorse. If you're just curious, I would instead encourage you to watch my videos on YouTube. If you're not in the financial position to afford this course, please don't go out of your way to purchase it.
I created this course for those who are familiar with how I teach and are willing to put in the work necessary to see results. If this sounds like you and you are in the financial position to afford the course, there is zero chance you'll be disappointed.
Does this come with email or phone support?
No, there will not be email or phone support. For all support related to the course, there will be an exclusive course community where you can ask questions. Any questions asked outside of the course community relating to the course will not be answered. Please ask all of your questions via the exclusive course community.
What if I don't have the recommended computer requirements?
The recommended requirements are to have a Windows operating system with at least 16 GB of RAM and 250 GB of disk space. If you do not have this, you can still do the labs, however, you will likely be faced with technical difficulties when performing the projects. I would recommend you use the cloud to complete the projects.
I have an ARM Mac, can I still take this course?
If you have a M# mac, you can still take the course and perform SOME of the labs. However, you will not get as much out of the course with an ARM mac. Thus, I recommend you utilize the cloud.
Does this course provide a certificate?
YES! After completing and passing the final capstone, you will be awarded with a certificate of completion.
Is there a payment plan?
As of right now (June 10th 2024) there is NO payment plan. However, this is something I will think about including in the future.
Why I'm not offering refunds on The MYDFIR SOC Analyst Course
This course will provide students with lifetime access and will be continuously updated with new information. It is an investment for the both of us where you are spending money to become a better SOC analyst and I am spending time to make sure that happens by creating the best course I can.
This course is not for people who are on the fence. It is for those who are absolutely certain they are interested in security operations. This course is not for those who "don't have time" or might have buyer's remorse. If you're just curious, I would instead encourage you to watch my videos on YouTube. If you're not in the financial position to afford this course, please don't go out of your way to purchase it.
I created this course for those who are familiar with how I teach and are willing to put in the work necessary to see results. If this sounds like you and you are in the financial position to afford the course, there is zero chance you'll be disappointed.
Full Course Curriculum
- VMWare Workstation Pro
- Import VMs with VMWare Workstation Pro (5:22)
- VirtualBox (1:23)
- Windows 10 (4:26)
- Ubuntu 22.04 Server (2:36)
- Wireshark (2:17)
- Zeek & Suricata (13:01)
- Splunk (3:53)
- Install Splunk Applications (2:35)
- Remnux (2:38)
- FlareVM (5:20)
- (OPTIONAL): Cloud
- Extra: VM Networking Options (1:40)
- Introduction to a SOC (8:33)
- Roles & Responsibilities (8:36)
- Tools & Technologies (23:28)
- Splunk Overview (8:21)
- Walkthrough: Splunk - Getting Started (17:55)
- Common Attacks Observed (12:57)
- Typical SOC Environment (MSSP) (10:46)
- Dream SOC Environment (MSSP) (9:45)
- Walkthrough: Splunk - SSH Dashboard (12:52)
- Walkthrough: Splunk - Windows Event Dashboard (10:39)
- Walkthrough: Splunk - Alert Creation (9:53)
- Walkthrough: Splunk - Report Creation (4:54)
- Scenario: Splunk - Dashboard
- (ANSWERS) Scenario: Splunk - Dashboard (3:36)
- Scenario: Splunk - Alert
- (ANSWERS) Scenario: Splunk - Alert (2:12)
- Scenario: Splunk - Report
- (ANSWERS) Scenario: Splunk - Report (2:29)
- Phishing: Important Fields & Questions (4:35)
- Phishing: Investigation Tips (5:15)
- Lab: First Email Analysis
- (ANSWERS) Lab: First Email Analysis (16:58)
- Lab: Second Email Analysis
- (ANSWERS) Lab: Second Email Analysis (16:30)
- Extra: Email Analysis Tools (7:35)
- Extra: Phishing Analysis (17:54)
- Advanced: Third Email Analysis
- Conclusion (0:38)
- Email Compromise: Introduction & Questions (4:40)
- Email Compromise: Investigation Tips (2:57)
- Lab: Impossible Travel & Unfamiliar Sign-In
- (ANSWERS) Lab: Impossible Travel & Unfamiliar Sign-In (25:19)
- Domain User Accounts: Introduction & Questions (3:41)
- Domain User Accounts: Logon Types (2:35)
- Domain User Accounts: Investigation Tips (2:26)
- Lab: Account Activity
- (ANSWERS) Lab: Account Activity (12:51)
- Advanced: Identity - Timeline Analysis
- Conclusion (0:44)
- Attack: SMB Relay (2:27)
- Attack: LLMNR-Poisoning (1:32)
- Attack: Pass-The-XYZ (1:39)
- Attack: Kerberoasting & AS-REProasting (3:04)
- Attack: Silver & Golden Tickets (1:13)
- Attack: DCSync (1:12)
- Attack: Token Impersonation & GPP Password (1:37)
- Attack: NTDS.dit Extraction (1:59)
- Active Directory: Investigation Tips (1:50)
- Conclusion (1:26)
- Netflow & PCAPs (4:28)
- TLS: Overview (2:33)
- JA3 & JA3S: Overview (5:07)
- General Questions (0:28)
- TLS: Investigation Tips (1:10)
- General Investigation Tips (3:47)
- Lab: MITRE ATT&CK - Discovery
- (ANSWERS) Lab: MITRE ATT&CK - Discovery (7:19)
- Lab: MITRE ATT&CK - Lateral Movement
- (ANSWERS) Lab: MITRE ATT&CK - Lateral Movement (13:03)
- Walkthrough: MITRE ATT&CK - Command & Control (10:20)
- Lab: MITRE ATT&CK - Exfiltration
- (ANSWERS) Lab: MITRE ATT&CK - Exfiltration (8:23)
- Lab: Zeek & Suricata
- (ANSWERS) Lab: Zeek & Suricata (31:34)
- Extra: Zui (Brim Security) (2:33)
- Walkthrough: TLS Example (7:48)
- Lab: Malicious TLS Investigation
- (ANSWERS) Lab: Malicious TLS Investigation (8:36)
- Walkthrough: Gootloader infection (14:38)
- Scenario: TA577 Investigation
- (ANSWERS) Scenario: TA577 Investigation (12:37)
- Bonus: Large PCAP Analysis
- (ANSWERS) Bonus: Large PCAP Analysis
- Advanced: Network Investigation
- Conclusion (1:19)
- Introduction to Malware Analysis & File Headers (3:41)
- Basic Static Malware Analysis (1:41)
- File Type: PDFs (6:51)
- Lab: Static Analysis - PDF
- (ANSWERS) Lab: Static Analysis - PDF (14:07)
- File Type: Office Documents (4:38)
- Lab: Static Analysis - Office Documents
- (ANSWERS) Lab: Static Analysis - Office Documents (10:28)
- File Type: JavaScript (3:20)
- Lab: Static Analysis - JavaScript
- (ANSWERS) Lab: Static Analysis - JavaScript (10:19)
- File Type: Portable Executable (EXE & DLL) (9:22)
- Walkthrough: Static Analysis - DLL (13:55)
- Bonus: Static Analysis - DLL (JavaScript)
- (ANSWERS) Bonus: Static Analysis - DLL (JavaScript)
- File Type: Fileless Malware & Obfuscation (6:08)
- Walkthrough: Obfuscation Analysis (7:17)
- Introduction to Yara (5:09)
- Walkthrough: Yara - Rule Creation (6:02)
- Walkthrough: Yara - PDF (7:33)
- Walkthrough: Yara - Office Document (4:59)
- Walkthrough: Yara - JavaScript (3:49)
- Walkthrough: Yara - DLL (6:44)
- Basic Dynamic Malware Analysis (1:50)
- Dynamic Malware Analysis: Setup (20:10)
- Dynamic Malware Analysis: Checklist (2:04)
- Dynamic Malware Analysis: Investigation Tips (3:33)
- Walkthrough: Dynamic Analysis - DLL (11:11)
- Walkthrough: Dynamic Analysis - EXE (8:29)
- Walkthrough: Yara - EXE (4:17)
- Bonus: Dynamic Analysis - Evil.dll
- (ANSWERS) Bonus: Dynamic Analysis - Evil.DLL
- Bonus: Dynamic Analysis - Evil.exe
- (ANSWERS) Bonus: Dynamic Analysis - Evil.exe
- Scenario: TA577 Malware Investigation
- (ANSWERS) Scenario: TA577 Malware Investigation (19:14)
- Advanced: Yara - TA577
- Conclusion (2:04)
- Introduction to Windows Event Logs (6:19)
- Windows Event Logs: Auditing Policies (1:37)
- Windows Event Logs: Useful Providers (4:32)
- Processes: Overview (3:33)
- MITRE ATT&CK: Initial Access (3:19)
- MITRE ATT&CK: Execution (5:14)
- Lab: MITRE ATT&CK - Execution
- (ANSWERS) Lab: MITRE ATT&CK - Execution (11:44)
- MITRE ATT&CK: Persistence (7:08)
- Lab: MITRE ATT&CK - Persistence
- (ANSWERS) Lab: MITRE ATT&CK - Persistence (9:49)
- MITRE ATT&CK: Privilege Escalation (4:40)
- Lab: MITRE ATT&CK - Privilege Escalation
- (ANSWERS) Lab: MITRE ATT&CK - Privilege Escalation (13:49)
- MITRE ATT&CK: Defense Evasion (5:40)
- Lab: MITRE ATT&CK - Defense Evasion
- (ANSWERS) Lab: MITRE ATT&CK - Defense Evasion (10:19)
- MITRE ATT&CK: Credential Access (7:37)
- Lab: MITRE ATT&CK - Credential Access
- (ANSWERS) Lab: MITRE ATT&CK - Credential Access (12:12)
- Lab: Credential Access - Brute Force
- (ANSWERS) Lab: Credential Access - Brute Force (12:17)
- MITRE ATT&CK: Discovery (5:14)
- Lab: MITRE ATT&CK - Discovery
- (ANSWERS) Lab: MITRE ATT&CK - Discovery (9:36)
- MITRE ATT&CK: Lateral Movement (5:59)
- Lab: MITRE ATT&CK - Lateral Movement
- (ANSWERS) Lab: MITRE ATT&CK - Lateral Movement (13:16)
- MITRE ATT&CK: Collection (6:14)
- Lab: MITRE ATT&CK - Collection
- (ANSWERS) Lab: MITRE ATT&CK - Collection (9:22)
- MITRE ATT&CK: Command & Control (6:28)
- Lab: MITRE ATT&CK - Command & Control
- (ANSWERS) Lab: MITRE ATT&CK - Command & Control (12:07)
- MITRE ATT&CK: Exfiltration (4:53)
- Lab: MITRE ATT&CK - Exfiltration
- (ANSWERS) Lab: MITRE ATT&CK - Exfiltration (15:24)
- MITRE ATT&CK: Impact (5:14)
- Lab: MITRE ATT&CK - Impact
- (ANSWERS) Lab: MITRE ATT&CK - Impact (9:18)
- Scenario: Threat Detected - Should We Be Worried?
- (ANSWERS) Scenario: Threat Detected - Should We Be Worried? (32:15)
- Advanced: Endpoint - Timeline Analysis
- Conclusion (2:37)
- Introduction to Threat Hunting (4:14)
- Threat Hunting: Reports & Indicators (3:10)
- MITRE ATT&CK Navigator: Overview (1:14)
- Walkthrough: CTI Report (14:58)
- Introduction to Sigma (6:05)
- Walkthrough: Sigma - Execution (10:23)
- Walkthrough: Sigma - Persistence (6:20)
- Walkthrough: Sigma - Privilege Escalation (6:59)
- Walkthrough: Sigma - Defense Evasion (3:15)
- Walkthrough: Sigma - Credential Access (5:30)
- Walkthrough: Sigma - Discovery (5:41)
- Walkthrough: Sigma - Lateral Movement (4:01)
- Walkthrough: Sigma - Collection (4:11)
- Walkthrough: Sigma - Command & Control (7:35)
- Advanced: Sigma - Exfiltration
- Threat Hunting: Hypothesis (6:37)
- Threat Hunting: Data-Driven (3:56)
- Threat Hunting: Techniques (8:40)
- Threat Hunting: Legitimate Processes (1:59)
- Threat Hunting: Data-Driven - Endpoint (5:47)
- Threat Hunting: Data-Driven - Network (5:17)
- Threat Hunting: Data-Driven - Identity (4:19)
- Threat Hunting: Data-Driven - Email (4:42)
- Threat Hunting: Data-Driven - Cloud (3:06)
- Bonus: Sigma - Splunk Dashboards
- Walkthrough: Splunk - MITRE ATT&CK Dashboard (6:33)
- Conclusion (1:17)
- Blogging (4:27)
- Extra: GitHub - Create Portfolio (14:49)
- Extra: Blogging - Resources (1:35)
- Resume (5:57)
- Extra: Resume - Walkthrough (5:08)
- Extra: Resume Review
- Cover Letter (3:03)
- LinkedIn Profile & Job Boards (6:08)
- SOC Role Commonalities (2:12)
- Extra: SOC Role Walkthrough (10:13)
- Interview Preparation (4:13)
- Extra: Interview Preparation Walkthrough (11:00)
- Different Networking Opportunities (4:35)
- Conclusion (1:15)
Have Questions?
Get in touch here, I truly want what is best for you.