RESILIENT SOC OPERATIONS: PROACTIVE DEFENSE AGAINST ADVANCED ADVERSARIES
Summary
In today's fast-changing world of cyber threats, organizations must be prepared to tackle persistent and highly skilled adversaries who constantly try to breach their systems. To effectively defend against these threats, security operations centers (SOCs) need to adopt a proactive and resilient approach to security operations.
Introducing "Resilient SOC Operations: Proactive Defense Against Advanced Adversaries," a professional training course tailored for security professionals. This course aims to equip participants with the necessary expertise and techniques to establish strong SOC procedures.Through a comprehensive curriculum, attendees will gain practical insights into detection engineering research and learn how to analyze and create effective detection strategies.
Detailed Description
Introducing "Resilient SOC Operations: Proactive Defense Against Advanced Adversaries," a professional training course tailored for security professionals. This course aims to equip participants with the necessary expertise and techniques to establish strong SOC procedures. Through a comprehensive curriculum, attendees will gain practical insights into detection engineering research and learn how to analyze and create effective detection strategies.
Benefits
- Gain a comprehensive understanding of the detection content development life cycle.
- Acquire the skills to develop detection rules for all phases of the attack lifecycle.
- Learn how to effectively use SIEM and open-source tools to develop advanced detection analytics.
- Gain practical experience and knowledge in implementing continuous purple teaming practices
Agenda / Topics to be Covered
Day 1:
- Detection Engineering Fundamentals
- MITRE Framework and its Pitfalls
- Understanding the Adversary
- Intelligence Driven Detection
- Visibility Assessment and Data Sources
- SIGMA and YARA
- Getting Started with Automation
Day 2:
- Phishing Detection
- COM Hijacking Persistence
- Powershell and WMI Attacks
- Mimikatz Credential Dumping
- Bloodhound for Defenders
- Common Lateral Movement Techniques
- Impacket Suite
- Active Directory Attacks
- MSSQL and SCCM Attacks
- Anomaly Detection
Day 3:
- Continuous Improvement
- Building Adversary Emulation Plans
- Building a detection lab
- Practical Purple Teaming
- Proactive Deception Techniques
Day 4:
- Threat Hunting Process
- Jupyter Notebook
- MUDDYWATER Emulation
- OILRIG Emulation
- Lockbit Emulation
Target audience / Who should take this course?
This course is designed for individuals who aim to enhance their Security Operations Center (SOC) by implementing modern detection engineering practices and adopting continuous purple teaming. It is suitable for a diverse range of students, including SOC analysts, detection engineers, and threat hunters seeking to advance their skills and knowledge in modern SOC practices.
What students should bring with them to the class:
- Familiarity with the basics of Linux and Windows as well as cybersecurity concepts, network protocols, and Windows Active Directory. This course assumes no previous experience in working in a SOC, though participants would benefit from previous exposure to a SOC environment.
- Participants must provide their own computer with a modern web browser installed to access training materials. There are no local virtual machines or special software required to fully participate in the course
What students will be provided with onsite:
The student will be provided with all course materials including tools, slides, and walkthroughs that can be used long after the course.