Autoplay
Autocomplete
Previous Lesson
Complete and Continue
MyDFIR SOC Analyst Course
Chapter 1: Introduction
View Student Agreement
Welcome (2:17)
What This Course Is About (5:09)
Current Problems (4:38)
Practice Makes Perfect (3:08)
Resources
Certificate of Completion
Chapter 2: Cybersecurity Refresher
CIA & AAA & VTR (11:36)
Events & Classifications (3:31)
Threat Actors (2:42)
Common Threats (5:04)
Cybersecurity Domains (4:37)
IOC & IOA & TTPs (2:20)
Conclusion (0:41)
Chapter 2.1: Network Refresher
MAC & IP Addresses (3:27)
Subnets (5:48)
Private & Public Networks (3:57)
Ports & Protocols (7:36)
Architecture & Terminology (3:55)
Conclusion (0:50)
Chapter 2.2: DNS Refresher
Introduction to DNS (4:24)
DNS Records (4:35)
Conclusion (1:01)
Chapter 2.3: Email Refresher
Introduction to Email (4:25)
Mail Transaction & Header Logs (3:29)
Authentication Results (4:38)
Conclusion (1:00)
Chapter 2.4: Active Directory Refresher
Introduction to AD & Kerberos (7:04)
Active Directory Domain Services (3:11)
Conclusion (1:20)
Chapter 2.5: Cloud Refresher (Azure)
Introduction to Cloud (6:41)
Introduction to Microsoft Azure (7:46)
Conclusion (0:47)
General Lab Setup
VMWare Workstation Pro
Import VMs with VMWare Workstation Pro (5:22)
VirtualBox (1:23)
Windows 10 (4:26)
Ubuntu 22.04 Server (2:36)
Wireshark (2:17)
Zeek & Suricata (13:01)
Splunk (3:53)
Install Splunk Applications (2:35)
Remnux (2:38)
FlareVM (5:20)
(OPTIONAL): Cloud
Extra: VM Networking Options (1:40)
Chapter 3: Understanding the SOC
Introduction to a SOC (8:33)
Roles & Responsibilities (8:36)
Tools & Technologies (23:28)
Splunk Overview (8:21)
Walkthrough: Splunk - Getting Started (17:55)
Common Attacks Observed (12:57)
Typical SOC Environment (MSSP) (10:46)
Dream SOC Environment (MSSP) (9:45)
Walkthrough: Splunk - SSH Dashboard (12:52)
Walkthrough: Splunk - Windows Event Dashboard (10:39)
Walkthrough: Splunk - Alert Creation (9:53)
Walkthrough: Splunk - Report Creation (4:54)
Scenario: Splunk - Dashboard
(ANSWERS) Scenario: Splunk - Dashboard (3:36)
Scenario: Splunk - Alert
(ANSWERS) Scenario: Splunk - Alert (2:12)
Scenario: Splunk - Report
(ANSWERS) Scenario: Splunk - Report (2:29)
Chapter 4: Frameworks
Incident Response Frameworks (7:51)
Lockheed Martin Cyber Kill Chain (5:31)
MITRE ATT&CK (12:58)
Exercise: MITRE ATT&CK
(ANSWERS) Exercise: MITRE ATT&CK (2:01)
Pyramid of Pain (8:39)
Chapter 5: Open Source Intelligence
Introduction to OSINT (4:08)
IP & Domain & File Reputation (2:08)
Threat Intelligence & Scanners (1:20)
Exercise: OSINT
(ANSWERS) Exercise: OSINT (9:35)
OPSEC Considerations (1:51)
Conclusion (1:28)
NEW: Exercise #2
(ANSWERS) Exercise #2
Chapter 6: Art of Investigations
What Makes a Great Investigation (4:10)
Triage (5:46)
Analysis (7:59)
Asking Better Questions (10:43)
Data Sources (6:48)
Timelines (6:30)
Investigation Report (4:19)
Case Notes (3:37)
Structured Process (2:45)
Advanced: Splunk - Brute Force Activity
Conclusion (2:01)
Chapter 6.1: Art of Investigations - Emails
Phishing: Important Fields & Questions (4:35)
Phishing: Investigation Tips (5:15)
Lab: First Email Analysis
(ANSWERS) Lab: First Email Analysis (16:58)
Lab: Second Email Analysis
(ANSWERS) Lab: Second Email Analysis (16:30)
Extra: Email Analysis Tools (7:35)
Extra: Phishing Analysis (17:54)
Advanced: Third Email Analysis
Conclusion (0:38)
Chapter 6.2: Art of Investigations - Identity
Email Compromise: Introduction & Questions (4:40)
Email Compromise: Investigation Tips (2:57)
Lab: Impossible Travel & Unfamiliar Sign-In
(ANSWERS) Lab: Impossible Travel & Unfamiliar Sign-In (25:19)
Domain User Accounts: Introduction & Questions (3:41)
Domain User Accounts: Logon Types (2:35)
Domain User Accounts: Investigation Tips (2:26)
Lab: Account Activity
(ANSWERS) Lab: Account Activity (12:51)
Advanced: Identity - Timeline Analysis
Conclusion (0:44)
Chapter 6.3: Art of Investigations - Active Directory
Attack: SMB Relay (2:27)
Attack: LLMNR-Poisoning (1:32)
Attack: Pass-The-XYZ (1:39)
Attack: Kerberoasting & AS-REProasting (3:04)
Attack: Silver & Golden Tickets (1:13)
Attack: DCSync (1:12)
Attack: Token Impersonation & GPP Password (1:37)
Attack: NTDS.dit Extraction (1:59)
Active Directory: Investigation Tips (1:50)
Conclusion (1:26)
Chapter 6.4: Art of Investigations - Network
Netflow & PCAPs (4:28)
TLS: Overview (2:33)
JA3 & JA3S: Overview (5:07)
General Questions (0:28)
TLS: Investigation Tips (1:10)
General Investigation Tips (3:47)
Lab: MITRE ATT&CK - Discovery
(ANSWERS) Lab: MITRE ATT&CK - Discovery (7:19)
Lab: MITRE ATT&CK - Lateral Movement
(ANSWERS) Lab: MITRE ATT&CK - Lateral Movement (13:03)
Walkthrough: MITRE ATT&CK - Command & Control (10:20)
Lab: MITRE ATT&CK - Exfiltration
(ANSWERS) Lab: MITRE ATT&CK - Exfiltration (8:23)
Lab: Zeek & Suricata
(ANSWERS) Lab: Zeek & Suricata (31:34)
Extra: Zui (Brim Security) (2:33)
Walkthrough: TLS Example (7:48)
Lab: Malicious TLS Investigation
(ANSWERS) Lab: Malicious TLS Investigation (8:36)
Walkthrough: Gootloader infection (14:38)
Scenario: TA577 Investigation
(ANSWERS) Scenario: TA577 Investigation (12:37)
Bonus: Large PCAP Analysis
(ANSWERS) Bonus: Large PCAP Analysis
Advanced: Network Investigation
Conclusion (1:19)
Chapter 6.5: Art of Investigations - Malware
Introduction to Malware Analysis & File Headers (3:41)
Basic Static Malware Analysis (1:41)
File Type: PDFs (6:51)
Lab: Static Analysis - PDF
(ANSWERS) Lab: Static Analysis - PDF (14:07)
File Type: Office Documents (4:38)
Lab: Static Analysis - Office Documents
(ANSWERS) Lab: Static Analysis - Office Documents (10:28)
File Type: JavaScript (3:20)
Lab: Static Analysis - JavaScript
(ANSWERS) Lab: Static Analysis - JavaScript (10:19)
File Type: Portable Executable (EXE & DLL) (9:22)
Walkthrough: Static Analysis - DLL (13:55)
Bonus: Static Analysis - DLL (JavaScript)
(ANSWERS) Bonus: Static Analysis - DLL (JavaScript)
File Type: Fileless Malware & Obfuscation (6:08)
Walkthrough: Obfuscation Analysis (7:17)
Introduction to Yara (5:09)
Walkthrough: Yara - Rule Creation (6:02)
Walkthrough: Yara - PDF (7:33)
Walkthrough: Yara - Office Document (4:59)
Walkthrough: Yara - JavaScript (3:49)
Walkthrough: Yara - DLL (6:44)
Basic Dynamic Malware Analysis (1:50)
Dynamic Malware Analysis: Setup (20:10)
Dynamic Malware Analysis: Checklist (2:04)
Dynamic Malware Analysis: Investigation Tips (3:33)
Walkthrough: Dynamic Analysis - DLL (11:11)
Walkthrough: Dynamic Analysis - EXE (8:29)
Walkthrough: Yara - EXE (4:17)
Bonus: Dynamic Analysis - Evil.dll
(ANSWERS) Bonus: Dynamic Analysis - Evil.DLL
Bonus: Dynamic Analysis - Evil.exe
(ANSWERS) Bonus: Dynamic Analysis - Evil.exe
Scenario: TA577 Malware Investigation
(ANSWERS) Scenario: TA577 Malware Investigation (19:14)
Advanced: Yara - TA577
Conclusion (2:04)
Chapter 6.6: Art of Investigations - Endpoint
Introduction to Windows Event Logs (6:19)
Windows Event Logs: Auditing Policies (1:37)
Windows Event Logs: Useful Providers (4:32)
Processes: Overview (3:33)
MITRE ATT&CK: Initial Access (3:19)
MITRE ATT&CK: Execution (5:14)
Lab: MITRE ATT&CK - Execution
(ANSWERS) Lab: MITRE ATT&CK - Execution (11:44)
MITRE ATT&CK: Persistence (7:08)
Lab: MITRE ATT&CK - Persistence
(ANSWERS) Lab: MITRE ATT&CK - Persistence (9:49)
MITRE ATT&CK: Privilege Escalation (4:40)
Lab: MITRE ATT&CK - Privilege Escalation
(ANSWERS) Lab: MITRE ATT&CK - Privilege Escalation (13:49)
MITRE ATT&CK: Defense Evasion (5:40)
Lab: MITRE ATT&CK - Defense Evasion
(ANSWERS) Lab: MITRE ATT&CK - Defense Evasion (10:19)
MITRE ATT&CK: Credential Access (7:37)
Lab: MITRE ATT&CK - Credential Access
(ANSWERS) Lab: MITRE ATT&CK - Credential Access (12:12)
Lab: Credential Access - Brute Force
(ANSWERS) Lab: Credential Access - Brute Force (12:17)
MITRE ATT&CK: Discovery (5:14)
Lab: MITRE ATT&CK - Discovery
(ANSWERS) Lab: MITRE ATT&CK - Discovery (9:36)
MITRE ATT&CK: Lateral Movement (5:59)
Lab: MITRE ATT&CK - Lateral Movement
(ANSWERS) Lab: MITRE ATT&CK - Lateral Movement (13:16)
MITRE ATT&CK: Collection (6:14)
Lab: MITRE ATT&CK - Collection
(ANSWERS) Lab: MITRE ATT&CK - Collection (9:22)
MITRE ATT&CK: Command & Control (6:28)
Lab: MITRE ATT&CK - Command & Control
(ANSWERS) Lab: MITRE ATT&CK - Command & Control (12:07)
MITRE ATT&CK: Exfiltration (4:53)
Lab: MITRE ATT&CK - Exfiltration
(ANSWERS) Lab: MITRE ATT&CK - Exfiltration (15:24)
MITRE ATT&CK: Impact (5:14)
Lab: MITRE ATT&CK - Impact
(ANSWERS) Lab: MITRE ATT&CK - Impact (9:18)
Scenario: Threat Detected - Should We Be Worried?
(ANSWERS) Scenario: Threat Detected - Should We Be Worried? (32:15)
Advanced: Endpoint - Timeline Analysis
Conclusion (2:37)
NEW - Bonus: Linux Investigation
(ANSWERS) Bonus: Linux Investigation
Chapter 6.7: Art of Investigations - Threat Hunting
Introduction to Threat Hunting (4:14)
Threat Hunting: Reports & Indicators (3:10)
MITRE ATT&CK Navigator: Overview (1:14)
Walkthrough: CTI Report (14:58)
Introduction to Sigma (6:05)
Walkthrough: Sigma - Execution (10:23)
Walkthrough: Sigma - Persistence (6:20)
Walkthrough: Sigma - Privilege Escalation (6:59)
Walkthrough: Sigma - Defense Evasion (3:15)
Walkthrough: Sigma - Credential Access (5:30)
Walkthrough: Sigma - Discovery (5:41)
Walkthrough: Sigma - Lateral Movement (4:01)
Walkthrough: Sigma - Collection (4:11)
Walkthrough: Sigma - Command & Control (7:35)
Advanced: Sigma - Exfiltration
Threat Hunting: Hypothesis (6:37)
Threat Hunting: Data-Driven (3:56)
Threat Hunting: Techniques (8:40)
Threat Hunting: Legitimate Processes (1:59)
Threat Hunting: Data-Driven - Endpoint (5:47)
Threat Hunting: Data-Driven - Network (5:17)
Threat Hunting: Data-Driven - Identity (4:19)
Threat Hunting: Data-Driven - Email (4:42)
Threat Hunting: Data-Driven - Cloud (3:06)
Bonus: Sigma - Splunk Dashboards
Walkthrough: Splunk - MITRE ATT&CK Dashboard (6:33)
Conclusion (1:17)
Chapter 7: Job Readiness
Blogging (4:27)
Extra: GitHub - Create Portfolio (14:49)
Extra: Blogging - Resources (1:35)
Resume (5:57)
Extra: Resume - Walkthrough (5:08)
Extra: Resume Review
Cover Letter (3:03)
LinkedIn Profile & Job Boards (6:08)
SOC Role Commonalities (2:12)
Extra: SOC Role Walkthrough (10:13)
Interview Preparation (4:13)
Extra: Interview Preparation Walkthrough (11:00)
Different Networking Opportunities (4:35)
Conclusion (1:15)
Chapter 8: What's Next
Continuous Learning (2:29)
Staying Updated (1:56)
Extra: Staying Updated Walkthrough (3:53)
Extra: Labs For SOC Analysts (2:19)
Practical Experience Playlist
Thank You (1:43)
Feedback
Course Feedback Survey
Final Capstone
Scenario
Exclusive SOC Projects
Project #1: CTI Integration (33:24)
Project #2: Network Packet Indexer (26:20)
Project #3: Microsoft Sentinel Playbooks (95:22)
Project #4: Detection Lab (87:53)
Project #5: Splunk SOAR Integration (93:16)
Teach online with
MITRE ATT&CK Navigator: Overview
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock