Chapter 1: Introduction
Chapter 2: Cybersecurity Refresher
Chapter 2.1: Network Refresher
Chapter 2.2: DNS Refresher
Chapter 2.3: Email Refresher
Chapter 2.4: Active Directory Refresher
Chapter 2.5: Cloud Refresher (Azure)
General Lab Setup
-
VMWare Workstation Pro
-
Import VMs with VMWare Workstation Pro (5:22)
-
VirtualBox (1:23)
-
Windows 10 (4:26)
-
Ubuntu 22.04 Server (2:36)
-
Wireshark (2:17)
-
Zeek & Suricata (13:01)
-
Splunk (3:53)
-
Install Splunk Applications (2:35)
-
Remnux (2:38)
-
FlareVM (5:20)
-
(OPTIONAL): Cloud
-
Extra: VM Networking Options (1:40)
Chapter 3: Understanding the SOC
-
Introduction to a SOC (8:33)
-
Roles & Responsibilities (8:36)
-
Tools & Technologies (23:28)
-
Splunk Overview (8:21)
-
Walkthrough: Splunk - Getting Started (17:55)
-
Common Attacks Observed (12:57)
-
Typical SOC Environment (MSSP) (10:46)
-
Dream SOC Environment (MSSP) (9:45)
-
Walkthrough: Splunk - SSH Dashboard (12:52)
-
Walkthrough: Splunk - Windows Event Dashboard (10:39)
-
Walkthrough: Splunk - Alert Creation (9:53)
-
Walkthrough: Splunk - Report Creation (4:54)
-
Scenario: Splunk - Dashboard
-
(ANSWERS) Scenario: Splunk - Dashboard (3:36)
-
Scenario: Splunk - Alert
-
(ANSWERS) Scenario: Splunk - Alert (2:12)
-
Scenario: Splunk - Report
-
(ANSWERS) Scenario: Splunk - Report (2:29)
Chapter 4: Frameworks
Chapter 5: Open Source Intelligence
Chapter 6: Art of Investigations
Chapter 6.1: Art of Investigations - Emails
-
Phishing: Important Fields & Questions (4:35)
-
Phishing: Investigation Tips (5:15)
-
Lab: First Email Analysis
-
(ANSWERS) Lab: First Email Analysis (16:58)
-
Lab: Second Email Analysis
-
(ANSWERS) Lab: Second Email Analysis (16:30)
-
Extra: Email Analysis Tools (7:35)
-
Extra: Phishing Analysis (17:54)
-
Advanced: Third Email Analysis
-
Conclusion (0:38)
Chapter 6.2: Art of Investigations - Identity
-
Email Compromise: Introduction & Questions (4:40)
-
Email Compromise: Investigation Tips (2:57)
-
Lab: Impossible Travel & Unfamiliar Sign-In
-
(ANSWERS) Lab: Impossible Travel & Unfamiliar Sign-In (25:19)
-
Domain User Accounts: Introduction & Questions (3:41)
-
Domain User Accounts: Logon Types (2:35)
-
Domain User Accounts: Investigation Tips (2:26)
-
Lab: Account Activity
-
(ANSWERS) Lab: Account Activity (12:51)
-
Advanced: Identity - Timeline Analysis
-
Conclusion (0:44)
Chapter 6.3: Art of Investigations - Active Directory
-
Attack: SMB Relay (2:27)
-
Attack: LLMNR-Poisoning (1:32)
-
Attack: Pass-The-XYZ (1:39)
-
Attack: Kerberoasting & AS-REProasting (3:04)
-
Attack: Silver & Golden Tickets (1:13)
-
Attack: DCSync (1:12)
-
Attack: Token Impersonation & GPP Password (1:37)
-
Attack: NTDS.dit Extraction (1:59)
-
Active Directory: Investigation Tips (1:50)
-
Conclusion (1:26)
Chapter 6.4: Art of Investigations - Network
-
Netflow & PCAPs (4:28)
-
TLS: Overview (2:33)
-
JA3 & JA3S: Overview (5:07)
-
General Questions (0:28)
-
TLS: Investigation Tips (1:10)
-
General Investigation Tips (3:47)
-
Lab: MITRE ATT&CK - Discovery
-
(ANSWERS) Lab: MITRE ATT&CK - Discovery (7:19)
-
Lab: MITRE ATT&CK - Lateral Movement
-
(ANSWERS) Lab: MITRE ATT&CK - Lateral Movement (13:03)
-
Walkthrough: MITRE ATT&CK - Command & Control (10:20)
-
Lab: MITRE ATT&CK - Exfiltration
-
(ANSWERS) Lab: MITRE ATT&CK - Exfiltration (8:23)
-
Lab: Zeek & Suricata
-
(ANSWERS) Lab: Zeek & Suricata (31:34)
-
Extra: Zui (Brim Security) (2:33)
-
Walkthrough: TLS Example (7:48)
-
Lab: Malicious TLS Investigation
-
(ANSWERS) Lab: Malicious TLS Investigation (8:36)
-
Walkthrough: Gootloader infection (14:38)
-
Scenario: TA577 Investigation
-
(ANSWERS) Scenario: TA577 Investigation (12:37)
-
Bonus: Large PCAP Analysis
-
(ANSWERS) Bonus: Large PCAP Analysis
-
Advanced: Network Investigation
-
Conclusion (1:19)
Chapter 6.5: Art of Investigations - Malware
-
Introduction to Malware Analysis & File Headers (3:41)
-
Basic Static Malware Analysis (1:41)
-
File Type: PDFs (6:51)
-
Lab: Static Analysis - PDF
-
(ANSWERS) Lab: Static Analysis - PDF (14:07)
-
File Type: Office Documents (4:38)
-
Lab: Static Analysis - Office Documents
-
(ANSWERS) Lab: Static Analysis - Office Documents (10:28)
-
File Type: JavaScript (3:20)
-
Lab: Static Analysis - JavaScript
-
(ANSWERS) Lab: Static Analysis - JavaScript (10:19)
-
File Type: Portable Executable (EXE & DLL) (9:22)
-
Walkthrough: Static Analysis - DLL (13:55)
-
Bonus: Static Analysis - DLL (JavaScript)
-
(ANSWERS) Bonus: Static Analysis - DLL (JavaScript)
-
File Type: Fileless Malware & Obfuscation (6:08)
-
Walkthrough: Obfuscation Analysis (7:17)
-
Introduction to Yara (5:09)
-
Walkthrough: Yara - Rule Creation (6:02)
-
Walkthrough: Yara - PDF (7:33)
-
Walkthrough: Yara - Office Document (4:59)
-
Walkthrough: Yara - JavaScript (3:49)
-
Walkthrough: Yara - DLL (6:44)
-
Basic Dynamic Malware Analysis (1:50)
-
Dynamic Malware Analysis: Setup (20:10)
-
Dynamic Malware Analysis: Checklist (2:04)
-
Dynamic Malware Analysis: Investigation Tips (3:33)
-
Walkthrough: Dynamic Analysis - DLL (11:11)
-
Walkthrough: Dynamic Analysis - EXE (8:29)
-
Walkthrough: Yara - EXE (4:17)
-
Bonus: Dynamic Analysis - Evil.dll
-
(ANSWERS) Bonus: Dynamic Analysis - Evil.DLL
-
Bonus: Dynamic Analysis - Evil.exe
-
(ANSWERS) Bonus: Dynamic Analysis - Evil.exe
-
Scenario: TA577 Malware Investigation
-
(ANSWERS) Scenario: TA577 Malware Investigation (19:14)
-
Advanced: Yara - TA577
-
Conclusion (2:04)
Chapter 6.6: Art of Investigations - Endpoint
-
Introduction to Windows Event Logs (6:19)
-
Windows Event Logs: Auditing Policies (1:37)
-
Windows Event Logs: Useful Providers (4:32)
-
Processes: Overview (3:33)
-
MITRE ATT&CK: Initial Access (3:19)
-
MITRE ATT&CK: Execution (5:14)
-
Lab: MITRE ATT&CK - Execution
-
(ANSWERS) Lab: MITRE ATT&CK - Execution (11:44)
-
MITRE ATT&CK: Persistence (7:08)
-
Lab: MITRE ATT&CK - Persistence
-
(ANSWERS) Lab: MITRE ATT&CK - Persistence (9:49)
-
MITRE ATT&CK: Privilege Escalation (4:40)
-
Lab: MITRE ATT&CK - Privilege Escalation
-
(ANSWERS) Lab: MITRE ATT&CK - Privilege Escalation (13:49)
-
MITRE ATT&CK: Defense Evasion (5:40)
-
Lab: MITRE ATT&CK - Defense Evasion
-
(ANSWERS) Lab: MITRE ATT&CK - Defense Evasion (10:19)
-
MITRE ATT&CK: Credential Access (7:37)
-
Lab: MITRE ATT&CK - Credential Access
-
(ANSWERS) Lab: MITRE ATT&CK - Credential Access (12:12)
-
Lab: Credential Access - Brute Force
-
(ANSWERS) Lab: Credential Access - Brute Force (12:17)
-
MITRE ATT&CK: Discovery (5:14)
-
Lab: MITRE ATT&CK - Discovery
-
(ANSWERS) Lab: MITRE ATT&CK - Discovery (9:36)
-
MITRE ATT&CK: Lateral Movement (5:59)
-
Lab: MITRE ATT&CK - Lateral Movement
-
(ANSWERS) Lab: MITRE ATT&CK - Lateral Movement (13:16)
-
MITRE ATT&CK: Collection (6:14)
-
Lab: MITRE ATT&CK - Collection
-
(ANSWERS) Lab: MITRE ATT&CK - Collection (9:22)
-
MITRE ATT&CK: Command & Control (6:28)
-
Lab: MITRE ATT&CK - Command & Control
-
(ANSWERS) Lab: MITRE ATT&CK - Command & Control (12:07)
-
MITRE ATT&CK: Exfiltration (4:53)
-
Lab: MITRE ATT&CK - Exfiltration
-
(ANSWERS) Lab: MITRE ATT&CK - Exfiltration (15:24)
-
MITRE ATT&CK: Impact (5:14)
-
Lab: MITRE ATT&CK - Impact
-
(ANSWERS) Lab: MITRE ATT&CK - Impact (9:18)
-
Scenario: Threat Detected - Should We Be Worried?
-
(ANSWERS) Scenario: Threat Detected - Should We Be Worried? (32:15)
-
Advanced: Endpoint - Timeline Analysis
-
Conclusion (2:37)
Chapter 6.7: Art of Investigations - Threat Hunting
-
Introduction to Threat Hunting (4:14)
-
Threat Hunting: Reports & Indicators (3:10)
-
MITRE ATT&CK Navigator: Overview (1:14)
-
Walkthrough: CTI Report (14:58)
-
Introduction to Sigma (6:05)
-
Walkthrough: Sigma - Execution (10:23)
-
Walkthrough: Sigma - Persistence (6:20)
-
Walkthrough: Sigma - Privilege Escalation (6:59)
-
Walkthrough: Sigma - Defense Evasion (3:15)
-
Walkthrough: Sigma - Credential Access (5:30)
-
Walkthrough: Sigma - Discovery (5:41)
-
Walkthrough: Sigma - Lateral Movement (4:01)
-
Walkthrough: Sigma - Collection (4:11)
-
Walkthrough: Sigma - Command & Control (7:35)
-
Advanced: Sigma - Exfiltration
-
Threat Hunting: Hypothesis (6:37)
-
Threat Hunting: Data-Driven (3:56)
-
Threat Hunting: Techniques (8:40)
-
Threat Hunting: Legitimate Processes (1:59)
-
Threat Hunting: Data-Driven - Endpoint (5:47)
-
Threat Hunting: Data-Driven - Network (5:17)
-
Threat Hunting: Data-Driven - Identity (4:19)
-
Threat Hunting: Data-Driven - Email (4:42)
-
Threat Hunting: Data-Driven - Cloud (3:06)
-
Bonus: Sigma - Splunk Dashboards
-
Walkthrough: Splunk - MITRE ATT&CK Dashboard (6:33)
-
Conclusion (1:17)
Chapter 7: Job Readiness
-
Blogging (4:27)
-
Extra: GitHub - Create Portfolio (14:49)
-
Extra: Blogging - Resources (1:35)
-
Resume (5:57)
-
Extra: Resume - Walkthrough (5:08)
-
Extra: Resume Review
-
Cover Letter (3:03)
-
LinkedIn Profile & Job Boards (6:08)
-
SOC Role Commonalities (2:12)
-
Extra: SOC Role Walkthrough (10:13)
-
Interview Preparation (4:13)
-
Extra: Interview Preparation Walkthrough (11:00)
-
Different Networking Opportunities (4:35)
-
Conclusion (1:15)
Chapter 8: What's Next
Feedback
Final Capstone
Exclusive SOC Projects
