+91-9999508202 [email protected]

Security Operations Center Training

Beginner • Advanced

Security Operations Center Training

Security Operations Center Training Overview

The Security Operations Center analyst training program is a highly practical focused and comprehensive training that aims to provide individuals with the necessary skills, knowledge, and hands-on experience to excel in the role of a Security Operations Center – SOC analyst . The program is designed to cater to individuals across all levels of SOC expertise, including L1, L2, and L3, ensuring that they possess the required skills to effectively handle cybersecurity incidents.

SOC team is responsible for the ongoing security operations of an enterprise, SOC analysts play a critical role in detecting, analysing, responding to, reporting on, and preventing cybersecurity incidents. Security operations centers have advanced capabilities such as forensic analysis, crypt-analysis, and malware reverse engineering to further enhance their incident analysis and response capabilities. The Blue team Specialist program nurture individuals in understanding SOC design principals , Industrial frameworks, hands-on experience to conduct forensic analysis, Incident response strategies ,APT Threat Hunting  & threat intelligence, malware reverse engineering to investigate and respond to complex cybersecurity incidents.

What You’ll Learn

    • SOC Design and Implementation Methodologies
    • Vulnerability Analysis and Management
    • Infrastructure Penetration Testing
    • Red Team Activities with C2 operations
    • Building Effective SOC for Active Monitoring
    • SIEM Implementation and Monitoring
    • Practical APT Incident Response Strategies
    • Digital Forensic Triage and Collection
    • Threat Intelligence Internals
    • Malware Analysis and Reverse Engineering
    • APT Threat Hunting and Documentation

Training Modules

SOC Foundations and Design Principals
  •  SOC models, SOC types, and organisational positioning
  •  SOC budgeting and planning of scope
  •  SOC roles and hierarchy of teams
  •  SOC Models and Compliances
  •  SOC Maturity Model and SOC-CMM tool
  •  SOC- Services: Security Monitoring, Incident Response, Security Analysis, Threat Intelligence, Threat Hunting, Vulnerability Management, Log Managements
Vulnerability Analysis and Management
  • Common tools and techniques for vulnerability assessment
  • Building vulnerability scan policies and managing scanning as a service
  • Intigrating Scanning results with a common monitoring platform
  • Practical system hardening and Audits of endpoint perimeter devices
Infra Pentesting and Red teaming Exercises
  • Penetration testing frameworks
  • C2 matrix and tooling essentials
  • Bruteforcing the infrastructure services 
  • Exploiting the common services in Windows & Linux systems
  • Exploiting the web applications critical vulnerabilities
  • Practical phishing attacks simulations
  • Understanding the malware development for Initial Access
  • Exploiting the active directory network with C2 
Building Codefenisve managed SOC
  • Building the road-map for the Codefensive Open-Source SOC 
  • Understanding the storage units 
  • Log Ingestion and Log normalisation with GreyLog 
  • Implementing ELK / WAZUH for log monitoring
  • Managing the indexes and Nodes for performance improvemnts
  • Implementation of OpenCTI / MISP platforms for Threat Intelligence
  • Building detection capabilities with YARA and sigma
  • Incident Management with Shuffle 
  • Forensics Response implementation  with velociraptor  / F-Response 
  • Network Monitoring  with Security Onion 
  • Protecting the SOC with Firewalls – Pfsense
IBM Qradar For SIEM Operations
  • Understating the Need of Qradar in the Environment
  • Defining log sources and events details
  • Customizing the configurations
  • Understanding Custom rule engine
  • Discover and manage asset engine
  • Understating the architecture
  • Working with log collection
  • Mapping the vulnerabilities with Qradar
  • AQL language for blue teams
  • Developing and customising rules
Incident Response Foundations
  • What is Incident Response?
  • Why is IR Needed?
  • MITRE ATT&CK Framework for IR
  • Incident Response Lifecycle – NIST SP 800 61r2
  • Incident Response Plans, Policies, and Procedures
  • Incident Response Documentation procedure
  • Lab – APT Investigation
Digital Forensic Triage and Response
  • Fundamentals of digital forensics, digital evidence, and intrusion reconstruction
  • Evidence Acquisition Tools and Techniques
  • Live Forensic and Triage-Based Acquisition
  • Registry, Pagefile, and Unallocated Space Analysis
  • Memory Investigations
  • Windows Shell Items forensics
  • Log Analysis and triage activities
  • Data Execution Investigation
  • Timeline Foundations and Analysis for evidence Mapping
  • Shadow Copy , Snapshots analysis
  • Browser forensics and Removable disks analysis
  • Evidence Recovery and Anti-forensic activities detection
Malware Analysis for APT Detection
  • Role of malware analysis in incident response
  • Types of malware and malware analysis techniques
  • Malware sample and acquisiton tools
  • PE file structure analysis
  • IOC to yara rules for detection
  • Windows process and APIs
  • Analysing the process injections
  • Working Dlls and Dll injections
  • Dynamically analysing the backdoors
Threat Intelligence for Blue Teams
  • Threat Intelligence types, protocols & standards, feeds, platforms
  • ISACs and other communities, Chatham House Rule 
  • CTI process, CTI infrastructure management
  • CTI skills: NIST NICE – CTI Analyst
  • Cyber Kill Chain vs MITRE ATT&CK and PRE-ATT&CK Frameworks
  • Lockheed Martin Cyber Kill Chain
  • OODA loop, Diamond model of intrusion analysis.
  • MaGMa, MaGMa UCF Tool
  • Tools, Techniques, Tactics for Threat Intelligence
  • Detailed Operational , Tactical and Strategic Intelligence Primer  
Threat Hunting for Blue Teams
  • Forensics vs IR vs Threat Hunting
  • Hunting Spear Phishing Operations
  • Identification of Compromised Systems
  • Finding Active and Persistent Malware
  • Hunting for Initial access Vectors
  • Hunting Powershell , WMI and In memory executions
  • Living-off-the-land Techniques
  • Log Analysis for threat hunting
  • Anomaly  Process Execution and Creation detection
  • Credential Theft and Usage detection
  • Common Hiding and Persistence Mechanisms
  • Lateral Movement and Persistence Detection
  • Active hunting the Network traffic and Connecting the Dots 
  • Final Case preparation and root cause analysis
Blue Team Analyst SOC Challenge
  • Investigating and Detecting the APT Presence
  • Monitoring the traffic and Log analysis
  • Building Incident response capabilities  to analyse APT 
  • Identify the Initial Access to Persistence activities 
  • Detect sophisticated C2 activities 
  • Recovery and Re-implementation 
  • Case preparation and Future Lessons 

Who Can Apply For Security

Operations Center Training ?

  • Individuals holding a bachelor’s degree and demonstrating a passion for acquiring advanced proficiencies in Defensive Security.
  • Professionals aspiring to advance their careers within the Blue team domain, focusing on growth opportunities.
  • Those possessing a bachelor’s degree in an IT-related discipline and desiring to pivot towards a role in the Security Operations Center (SOC) team.
  • IT Managers seeking to elevate their expertise in SOC technical strategies for enhanced skill sets.
  • Existing Blue team participants aiming to amplify and refine their current skill portfolio.
Training Delivery Mode

On-Demand Live Training

Join virtual Codefensive training experience, right from the comfort of your own home! Our industry-leading instructors will deliver interactive courses via live stream, giving you the ultimate in cybersecurity education. Following each class, you’ll have the opportunity to enjoy a keynote from top industry professionals. Choose the ultimate in cybersecurity education and join us today!

Self-Paced Training

Self-paced, the ultimate in flexible cybersecurity learning! With unlimited access to your training, you can learn at your own pace, wherever and whenever it’s convenient for you. Our program includes all labs, exercises, and live support from Codefensive subject matter experts to ensure your success. Join us now to take control of your cybersecurity education!

Basics of Computer Networks
Basics of Cyber Security

Ready to Get Started?

Book an free consultation and Join the right training for you .