- This event has passed.
SOC Analyst Prep Workshop
January 5 @ 8:30 am - January 6 @ 5:00 pm
SOC (Security Operations Center) Analysts specialize in identifying and utilizing defensive skills and techniques. With today’s complex technical attacks, SOC Analysts are highly sought after in the Cybersecurity field to mitigate and remedy the damages done by these exploits with the proficient use of tools.This course will feature tools and techniques that defend against the offensive approaches that are taught in our Pentester Prep course.
Both of these courses can be taken with us to better understand the latter of each other. Just like the Pentester Prep course, this is an opportunity suitable for everybody in the Cybersecurity community, whether you are a seasoned professional or a rookie with novice experience.
Our primary instructor, Tyrone E. Wilson, will be going back to his roots to teach this workshop, as the defensive side is where it all began for him. He has collected notes over his years of experience and now would like to give back to the community by sharing his knowledge to successfully demonstrate the use of these tools and defensive techniques.
The ENTIRE CLASS works as a team SOC Analysts/Incident Responders that address several scenarios. Before we begin, we drive home the fact that teamwork and constant communication is a must in order to be successful. The class must enumerate the current network environment to identify all of the hosts, ports, services, and vulnerabilities. As we progress through these tasks they make the perfect segway into talks about common threats, attacks, and vulnerability testing. As time progresses students will also identify SIEM tools such as Security Onion and Splunk. This is where the Threat Hunting begins.
Now that we have a small grasp of threats and access to tools, we introduce an active attacker into the mix. Students are notified that an active attacker has also been enumerating the network and has now compromised a machine … or two. Given what they know, it is up to the team to identify indicators of compromise and show proof of exploitation. If they don’t act fast more and more machines will be compromised (insert evil laugh)! As a group we discuss next steps like; do we disconnect from the network, do we blow our cover and kick the attacker of the machine, do we just monitor and track malicious activity, or … do we perform Offensive Cyber Operations (OCO) and attack back! This class is a blast as it incorporates so many aspects of being a SOC Analyst, to include incident handling and response. I encourage everyone to give it a shot because there is always something to learn!
Each student receives an account on the current Active Directory Domain, all vulnerability scanning tools, as well as all SIEM tools!