SOC ANALYST - Infosectrain

1y ago
116 Views
33 Downloads
1.45 MB
16 Pages
Last View : 24d ago
Last Download : 4m ago
Upload by : Camden Erdman
Transcription

SOC ANALYSTTRAININGwww.infosectrain.com sales@infosectrain.com

SOC ANALYST - TRAININGYou start hereLEARNING PATHSOC Analyst - Tools GoPhish Volatility Dirbuster Sqlmap Splunk Enterprise Maltego OSSIM Keepnote Wireshark Brup Suite Hashcat Hashclc SysInternals suite FTK ImagerDomain 1: Security Operations CentreDomain 2: Digital ForensicsDomain 3: Incident Response DomainDomain 4: Threat Intelligence DomainCertified SOC Analyst Expert

Course DescriptionThe Certified SOC analyst training program ismeticulously designed by the subject matterexperts at Infosec Train. The training programoffers a deep insight into the SOC operationsand workflows. It is an excellent opportunityfor aspiring and current SOC analysts(L1/L2/L3) to level up their skills to mitigatebusiness risks by effectively handling andresponding to security threats.www.infosectrain.com sales@infosectrain.com01

ObjectiveOur Certified SOC Training Program will help you tomaster over trending and in-demand technicalskills. The program starts with intermediate-levelcybersecurity concepts and then proceeds toadvanced forensic, threat Intelligence, Securityincident, and Event Management Solutions. InfosecTrain’s SOC Training Course provides cybersecurityprofessionals with advanced security skills andcertification. The training program will allow you to:Perform technical strategies, tools, and techniques to secure datafor your organization.Understanding the threats and providing countermeasures.Understand network forensics and incident response in depth.Cybersecurity industry knowledgeAnalyze and Classify Malwarewww.infosectrain.com sales@infosectrain.com02

Why Certified SOC analyst?SOC Analyst Certification serves as a launchpad for developingsecurity professionals. Its demand is continuously increasing inthe industry. The certified SOC analyst certification will not onlyenhance your knowledge on various SOC operations but will also:Help you to showcase your skills and working experience for the SOC Analyst jobpositionProvide you opportunities to secure a job in the other network security-relateddomainsKeep you updated with the latest skills necessary for L1/L2/L3 SOC Analyst jobpositionsEnable you to demonstrate to employers that you are committed to professionalgrowth and you are better equipped with skills to carry out complex tasks withinthe SOC teamwww.infosectrain.com sales@infosectrain.com03

PrerequisitePrior knowledge of Basic Networking knowledge,OS basics, Troubleshooting is recommendedExperience as an entry-level SOC Analyst, CyberSecurity Analyst Information Security roleExperience of two years in the Information SecuritydomainTarget AudienceTechnical Support EngineersSystem AdministratorSecurity ConsultantsCyber Security AnalystSecurity Systems EngineersSOC Analysts (Tier I and Tier II)www.infosectrain.com sales@infosectrain.com04

SOC ANALYSTTOOLS GoPhish Volatility Dirbuster Sqlmap Splunk Enterprise Maltego OSSIM Keepnote Wireshark Brup Suite Hashcat Hashclc SysInternals suite FTK ImagerOSSIMwww.infosectrain.com sales@infosectrain.com05

Domain 1: Security Operations CentreIntroduction to SOCAlienVault OSSIM fundamentals Building a successful SOC Functions of SOC AlienVault fundamentals and architecturedeployment Heart of SOC- SIEM Vulnerability scanning & monitoring with OSSIM Gartner’s magic quadrant SIEM guidelines and architectureIntroduction to QRadarELK Stack: IBM QRadar SIEM component architecture anddata flows Introduction and an overview of Elastic SIEM Using the QRadar SIEM User Interface User interface How to as a part of alert investigations orinteractive threat hunting MDR vs. Traditional SIEM; and other varioussolutions Elasticsearch: Understanding of Architecture, curator fundamentals Index template for routing, mapping KIBANA: Configuration, policies, visualization Deep-dive of Log architecture, parsing,alertsSecurityOnion What is Security Onion? Monitoring and analysis tools Security Onion Architecture Deployment types Installing a Standalone server: checkingsystem services with sostat, security onion withweb browser tools, security onion terminal Replaying traffic on a standalone serverSplunk In-Depth Industrial requirements of Splunk invarious fieldsFun with logs Working with offense triggered by events Working with offense triggered by flowsMonitoring Monitor QRadar Notifications and errormessages. Monitor QRadar performance Review and interpret system monitoringdashboards. Investigate suspected attacks and policybreaches Search, filter, group, and analyze security dataTools exposure provided inthe above section: SecurityOnion ELK Stack SGUILD Wireshark Splunk AlienVault OSSIM IBM Qradar CE Splunk terminologies, search processinglanguage, and various industry use caseswww.infosectrain.com sales@infosectrain.com06

Domain 2: Digital Forensics1: Introduction to Incident Response Section Introduction What is Digital Forensics?- Collecting evidence typically related to cybercrime Digital Subject Access Requests Computer Forensics Process- Identification, Preservation, collection, examination, analysis, reporting Working with Law Enforcement- The difference between an internal security issue and one that requires external assistance2: Forensics Fundamentals Section Introduction Introduction to Data Representationhexadecimal, octal, binary files vs. txt files, timestamp formats: UNIX epoch, MAC, Chrome,Windows, FILETIME Hard Drive Basics- Platters, sectors, clusters, slack space SSD Drive Basics- garbage, collection, TRIM, wear leveling File Systems- FAT16, FAT32, NTFS, EXT3/EXT4, HFS /APFS Metadata & File Carving Memory, Page File, and Hibernation File Order of Volatilitywww.infosectrain.com sales@infosectrain.com07

3: Evidence Forms Section Introduction Volatile Evidence- Memory RAM, Cache, Registers content, Routing tables, ARP cache, process table,kernel statistics, temporary filesystem/swap space Disk Evidence- Data on Hard Disk or SSD Network Evidence- Remotely Logged Data, Network Connections/Netflow, PCAPs, Proxy logs Web & Cloud Evidence- Cloud storage/backups, chat rooms, forums, social media posts, blog posts Evidence Forms- Laptops, desktops, phones, hard drives, tablets, digital cameras, smartwatches, GPS4: Chain of Custody Section Introduction What is the Chain of Custody? Why is it Important?- In regard to evidence integrity and examiner authenticity Guide for Following the Chain of Custody- evidence collection, reporting/documentation, evidence hashing, write-blockers,working on a copy of original evidence5: Windows Investigations Section Introduction Artifacts- Registry, Event Logs, Prefetch, .LNK files, DLLs, services, drivers, common maliciouslocations, schedules tasks, start-up files Limitations Example Investigationswww.infosectrain.com sales@infosectrain.com08

6: *nix Investigations Section Introduction Artefacts Limitations Example Investigations Artefact Collection- Section Introduction- Equipment- non-static bags, faraday cage, labels, clean hard drives, forensic workstations,Disk imagers, hardware write blockers, cabling, blank media, photographs- Tools- Wireshark, Network Miner, and others- ACPO Principles- Live Forensics- Fast acquisition of key files- How to Collect Evidence- Laptops, desktops, phones, hard drives, tablets, websites, forum posts, blogposts, social media posts, chat rooms- Types of Hard Drive Copies visible data, bit for bit, slackspace7: Live Forensics Section Introduction Live Acquisition- What is a live acquisition/live forensics? Why is it beneficial? Products- Carbon Black, Encase, memory analysis with agents, Custom Scripts Potential Consequences- Damaging or modifying evidence making it invalid8: Post-Investigation Section Introduction Report Writing Evidence Retention- Legal retention periods, internal retention periods Evidence Destruction- Overwriting, degaussing, shredding, wiping- Further Reading9: Tools exposure provided in the above section: Command-LINE for Windows / Linux FTK IMAGER MAGNATE RAM CAPTURE AUTOPSY Volatility Volatility WorkBench ENCASEwww.infosectrain.com sales@infosectrain.com09

Domain 3: Incident Response Domain1: Introduction to Incident Response What is Incident Response? Why is IR Needed? Security Events vs. Security Incidents Incident Response Lifecycle – NIST SP 800 61r2- What is it, why is it used Lockheed Martin Cyber Kill Chain- What is it, why is it used MITRE ATT&CK Framework- What is it, why is it used2: Preparation Incident Response Plans, Policies, and Procedures The Need for an IR Team Asset Inventory and Risk Assessment to Identify High-Value Assets DMZ and Honeypots Host Defences- HIDS, NIDS- Antivirus, EDR- Local Firewall- User Accounts- GPO Network Defences- NIDS- NIPS- Proxy- Firewalls- NAC Email Defences- Spam Filter- Attachment Filter- Attachment Sandboxing- Email Tagging Physical Defences- Deterrents- Access Controls- Monitoring Controls Human Defences- Security Awareness Training- Security Policies- Incentiveswww.infosectrain.com sales@infosectrain.com10

3: Detection and Analysis Common Events and Incidents Establishing Baselines and Behaviour Profiles Central Logging (SIEM Aggregation) Analysis (SIEM Correlation)4: Containment, Eradication, Recovery CSIRT and CERT Explained- What are they, and why are they useful? Containment Measures- Network Isolation, Single VLAN, Powering System(s) Down, Honeypot Lure Taking Forensic Images of Affected Hosts- Linking Back to Digital Forensics Domain Identifying and Removing Malicious Artefacts- Memory and disk analysis to identify artefacts and securely remove them Identifying Root Cause and Recovery Measures5: Lessons Learned What Went Well?- Highlights from the Incident Response What Could be Improved?- Issues from the Incident Response, and How These Can be Addressed Important of Documentation- Creating Runbooks for Future Similar Incidents, Audit Trail Metrics and Reporting- Presenting Data in Metric Form Further Reading6: Tools exposure provided in the above section: SYSINTERNAL SUITE Hash Calculator Online Sources CyberChef Wireshark Network Minorwww.infosectrain.com sales@infosectrain.com11

Domain 4: Threat Intelligence Domain1: Introduction to Incident Response3: Advanced Persistent Threats Section Introduction Threat Intelligence Explained- What is TI, why is it used Why Threat Intelligence can be Valuable- Situational awareness, investigation enrichment,reducing the attack surface Criticisms/Limitations of Threat Intelligence- Attribution issues, reactive nature, old IOCs,false-positive IOCs The Future of Threat Intelligence- Tenable Predictive Prioritization (mixing threatintel with vulnerability management data to calculate dynamic risk scores) Types of Intelligence- SIGINT, OSINT, HUMINT, GEOINT What are APTs?- What makes an APT?, Real-world examples of APTs their operations Motivations for Cyber Operations- Why APTs do what they do (financial,political, social) Tools, Techniques, Tactics- What do APTs actually do when conducting operations Custom Malware/Tools- Exploring custom tools used by APTs, whythey’re used Living-off-the-land Techniques- What LOTL is, why it’s used, why it can beeffectivev2: Threat Actors Common Threat Agents- Cybercriminals, hacktivists, insider threats,nation-states Motivations- Financial, social, political, other Skill Levels/Technical Ability- Script Kiddies, Hackers, APTs Actor Naming Conventions- Animals, APT numbers, other conventions Common Targets- Industries, governments, organizations12

4: Operational Intelligence6: Strategic Threat Intelligence Indicators of Compromise Explained & Examples- What IOCs are, how they’re generated and shared,using IOCs to feed defences Precursors Explained & Examples- What precursors are, how they’re different fromIOCs, how we monitor them TTPs Explained & Examples- What TTPs are, why they’re important, using tomaintain defences (preventative) MITRE ATT&CK Framework- Framework explained and how we map cyber-attacks, real-world example Lockheed Martin Cyber Kill Chain- Framework explained and how we map cyber-attacks, real-world example Attribution and its Limitations- Why attribution is hard, impersonation, sharinginfrastructure, copy-cat attacks Pyramid of PainYou’ll wish we didn’t teach you this. It’s called thePyramid of Pain for a reason. Intelligence Sharing and Partnerships- Why sharing intel is important,existing partnerships, US-CERT, NCCIC,NCSC, ISACs IOC/TTP Gathering and Distribution Campaign Tracking & SituationalAwareness- Why we track actors, why keepingthe team updated is important New Intelligence Platforms/Toolkits- Undertaking proof-of-value demosto assess the feasibility of new tooling OSINT vs. Paid-for Sources- Threat Intelligence Vendors, PublicThreat Feeds, National VulnerabilityDatabase, Twitter5: Tactical Threat Intelligence Threat Exposure Checks Explained- What TECs are, how to check your environment forthe presence of bad IOCs Watchlists/IOC Monitoring- What are watchlists, how to monitor for IOCs (SIEM,IDPS, AV, EDR, FW) Public Exposure Assessments- What PEAs are, how to conduct them, google dorks,harvester, social media Open-Web Information Collection- How OSINT data is scraped, why it’s useful Dark-Web Information Collection- How intel companies scrape dark web intel, why it’suseful, data breach dumps, malicious actors onunderground forums, commodity malware for sale Malware Information Sharing Platform (MISP)- What is MISP, why is it used, how to implement MISP7: Malware and Global Campaigns Types of Malware Used by ThreatActors- Trojans, RATs, Ransomware, Backdoors, Logic Bombs Globally recognized Malware Campaigns- Emotet, Magecart, IcedID, Sodinikobi,Trickbot, Lokibot8: Further Reading Further Reading Material- Links to more resources thatstudents may find helpful.Tools exposure provided in the above section: AlienVAULT OTX MITRE & ATTACK MISP Maltego ONLINE SOURCESwww.infosectrain.com sales@infosectrain.com13

IND: 1800-843-7890 (Toll Free) / US: 1 657-207-1466 /UK : 44 7451 208413sales@infosectrain.comwww.infosectrain.com

SOC Analyst Certification serves as a launchpad for developing security professionals. Its demand is continuously increasing in the industry. The certified SOC analyst certification will not only enhanc

Related Documents:

SOC/G&WS 200 Intro to LGBTQ Studies SOC 210 Survey of Sociology SOC/C&E SOC 211 The Sociological Enterprise SOC/C&E SOC/G&WS 215 Gender & Work in Rural Am SOC/ASIAN AM 220 Ethnic Movements in the US SOC/C&E SOC 222 Food, Culture, and Society x Any SOC course with a Social Sciences breadth will satisfy this prerequisite.

LLP. About SSAE 16 Professionals, LLP SSAE 16 Professionals, LLP is a leading provider that specializes solely in SSAE 16 (SOC 1) and SOC 2 readiness assessments, SSAE 16 (SOC 1) and SOC 2 Reports, and other IT audit and compliance reports. Each of our prof

Requisites: Completion of introductory Sociology course (SOC/C&E SOC 140, SOC 181, SOC/C&E SOC 210, or SOC/C&E SOC 211) . be reading close to 100 pages per week. If you are unable or unwilling to do this much reading, you . Each quiz is due by 12:30 PM on the day we will discuss the reading; late .

casa mia ed. soc. soc.coop in pe casa mia ed. soc. soc.coop in pe casa mia ed. soc. soc.coop in pe fall.to salumificio rugiada snc fallimento la maiolica s.r.l. in l ballotti sistemi srl fallimento borghi lorenzo costruzioni fai . bernardi maria teresa geosaving srl fallimento . 5707 2012 uni

jeffrey l. romig, senior policy analyst 12/94-8/95 immigration and naturalization service gregg a. beyer, senior policy analyst 1/97-present patricia a. cole, senior policy analyst 4/93-6/95 thedora hernandez, policy analyst 6/94-3/95 michael d. hoefer, policy analyst 12/93-9/94 edward skerrett, senior policy analyst 11/95-10/96

SOC Policy Applies” elsewhere in this section for additional information.) Reversing SOC Transaction To reverse SOC transactions, providers enter the same information as for a clearance but specify that the entry is a reversal transaction. After the SOC file is updated, provi

Introduction 4 Order Number: 329866-001US 1 Introduction The Intel Quark SoC X1000 processor is the next generation secure, low-power Intel Architecture (IA) SoC for deeply embedded applications. The SoC integrates the Intel Quark SoC X1000 Core plus all the required hardware components to run off- the-shelf operating

Implementing on Altera SoC and FPGA Platforms Tools –Intel Quartus Prime Standard Edition 18.0 –Intel SoC FPGA Embedded Development Suite (EDS) 18.0 Boards –Arria 10 SoC Development Kit –Cyclone V SoC Development Kit I/O modules –None

SOC teams are handcuffed by limited visibility into the attack surface, which 69% of respondents cite as one of the primary causes of SOC analyst pain. The mean time to resolution remains unacceptably high. MTTR is one of the benchmark metrics for SOC performance, and the responses t

Course Description The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring

SOC analyst from what we call “Global SOC Functions” by identifying services offered by a SOC and mapping the activities of analysts to these functions. We report the following factors and criteria: quality of an analyst’s analysis, qu

analyst for six months in a corporate SOC. The corpora-tion is a major information technology (IT) products and services provider headquartered in the United States. The SOC is monitoring the enterprise’s network 24x7x365 for se-curity threats. The fieldworker went through the whole new-analyst

Introduction to the SOC and the Tier 1 Analyst Role Operating System Security Analysing Advanced Threats Week 1 Week 2 Week 3 Week 4 Week 5 Incident Response . Certification Quiz Week 6 DUE 1st day of Week 8 Week 9 Week 12 Cyber Security Analyst Course Outline. Cyber Security Analyst Course Outline TECHNICAL REQUIREMENTS CAREERS Hardware and .

CS3195 Russ Michael Redlands CA Senior Crime Scene Analyst 04/06/2021 Renew CS1044 Anderson Barbara Rocklin CA Senior Crime Scene Analyst 11/10/2022 Renew CS1377 Chapman Felita Sacramento CA Senior Crime Scene Analyst 10/29/2022 Renew CS3306 Shapiro Kimberley San Bernardino CA Senior Crime Scene Analyst 08/29/2021 Renew

Investment Banking Analyst Consultant Associate Banker Associate Business Analyst Private Banking Junior Trader M&A Analyst Corporate Credit Analyst Junior Sales Support Corporate Finance - M&A M&A Trainee Analyst . recruiters process your resume. - AI-based interview preparation app.

David Bleustein UBS - Analyst Ann Duignan Bear Stearns - Analyst Peter Nesvold Bear Stearns - Analyst Robert McCarthy Banc of America Securities - Analyst Chris Kotowicz A.G. Edwards - Analyst PRESENTATION Operator Good day, ladies and gentlemen, and welcome to the Gene

A business analyst is someone who analyzes an organization or business domain (real or hypothetical) and documents its business, processes, or systems, assessing the business model or its integration with technology. However, organizational titles vary such as analyst, business analyst, business systems analyst or maybe systems analyst.

Carter Woodson Institute to the Center for Survey Research and Quantitative Collaborative. We . In the fall, students are required to take Introduction to Statistics (SOC 5020), Classical Theory (SOC 5030) and the Pro-Seminar (SOC 8031). . Sociology of Gender SOC 8410 – Race & Eth

§ SOC Ticketing/case management system § SIEM / analytic platform / EDR-anywhere analysts create detections, investigate alerts § SOC code repository § SOC budget – CAPEX including hardware & software – OPEX including people & cloud § Enterprise asset management systems

Principles of Animal Nutrition Applied Animal Science Research Techniques for Bioscientists Principles of Animal Health and Disease 1 Optional Physiology of Electrically Excitable Tissues Animal Behaviour Applied Agricultural and Food Marketing Economic Analysis for Agricultural and Environmental Sciences Physiology and Biotechnology option Core Endocrine Control Systems Reproductive .