SOC ANALYST TRAINING

• • Network architecture, protocols, and technologies: Layered architecture, Open Systems Interconnect (OSI) Model
    1. Topologies: Bus, Star, Mesh, Ring, Hybrid topologies
    2. Types of Network: LAN, MAN, CAN, WAN
    3. Half duplex, Full duplex, Unicast, Multicast, Broadcast
  • Transmission Control Protocol/Internet Protocol (TCP/IP)
  • TCP/IP Model
  • Application Layer Protocols: HTTP, SNMP, DNS, POP, SMTP, IMAP, HTTPS
  • Transport layer protocols: Transmission Control Protocol (TCP), User Datagram Protocol (UDP)
  • Network/Internet layer protocols: Internet Protocol (IP) v4, IPv6, IPsec protocols
    1. IP address ranges
    2. Static and Dynamic IP addressing
    3. Public and private IP’s
    4. IP subnetting
  • Link layer protocols: Address Resolution Protocol (ARP) / Reverse ARP / Proxy ARP, Ethernet, VLAN
  • Protocols working Mechanism: DNS, DHCP,
  • Network Devices: Hub, Repeaters, Bridge, Switches, Routers, IDS/IPS, Email Gateways, Proxy, Firewall, DLP, VPN,

• Packet Analysis Using Wireshark for
  1. DNS
  2. DHCP
  3. TCP Three-way handshake
  4. ARP Lab
• Cisco Packet Tracer
• Building Lab for DNS, DHCP, Routers, Switches, NAT etc.
• Using tools Ping, Telnet, Tracert, netstat, nbtstat, netshare etc.

• Difference between System software and Application software
• Architecture of Operating system
• Flavors of Operating system
• Linux Distributions, RHEL, DEBIAN
• Linux directory Structures
• Windows Registry, Event Logging
• Processes, Services, Active Directory
• Various Commands in Linux
• File permissions, User creations, vim, shell
• Windows system, network, utility commands, security Event ID’s

• Windows Event viewer: Security Logs, System Logs, Application Logs
• Resource Monitor: Network, Memory, CPU utilization
• Task Manager: Processes, Performance, Startup etc.
• Services: Analyzing malicious services

In this module, you will learn about the essential building blocks and basic concepts around cyber security such as Confidentiality, Integrity, Availability, Authentication, Authorization, Vulnerability, Threat & Risk and so on. In addition to these concepts, you will also explore the core topics such as Security Governance, Audit, Compliance and Security Architecture.

• Importance of Cyber Security
• Fundamentals of Cyber Security (CIA Triad), AAA.
• Vulnerability, Exploit, Threat and Risk
• Security Control Types
  1. Administrative
  2. Technical
  3. Physical
• Incident Response
  1. Incident Response Life Cycle
  2. Incident Management
• Cyber Kill chain: Recon, Weaponize, Delivery, Exploitation, Install, C&C, Act on Objectives.
  1. Use cases in each Level
  2. Defensive Strategies
• Risk Management.
• Security Event vs Security Incident.
• Security Incidents by Example
• Ethical Hacking objectives.
• Security Testing: Blackbox, Graybox, Whitebox
• Phases of Pen testing
• Computer Security Architecture & Design and Compliance.
• Virtualization and Cloud Infrastructure: Pros and Cons.
• Cryptography: Encryption, Decryption, Hashing, Encoding
  1. Symmetric Encryption: DES, AES, RC4
  2. Asymmetric Encryption: RSA, Diffie-Hellman etc.
  3. Diff between SSL & TLS

• Kali, Metasploitable2, Windows
• NMAP, Maltego CE, SET.
• GHDB, Metasploit, Hping3
• Qualysguard, Nexpose

We are going to discuss data and Endpoint(host) security, which is crucial to make sure all endpoints are secured in the organization.

• Host & Endpoint Security controls: Host firewall, AV, HIDS/HIPS
• DLP: Symantec
• Exfiltration, Lateral Movement

• Symantec DLP
• Windows Defender Firewall
• Symantec Endpoint protection

You will glance over various known application weaknesses, techniques to attack them and various controls/solutions to these vulnerabilities.

• Importance of Application Security
• OWASP Top 10 web application vulnerabilities and their mitigations

• OWASP Attacks on Metasploitable2 using Kali
  1. SQL injection
  2. Cross site scripting etc.

Here we discuss on understanding the behavior and purpose of a suspicious file or URL.

• Malware Overview: Adware, Spyware, Trojans & Backdoors, Viruses, Worms, Rootkits, Ransomware, RAT etc
• Static Analysis (Reverse Engineering)
• Dynamic Analysis (Behavior Analysis)
• Importance of Threat intelligence in order to detect zero-day threats, IOCs

• Cuckoo Sandbox, PE studio, procmon, process explorer
• MISP, RepSM+
• VirusTotal, Hybrid Analysis, Cisco Talos, IBM X-Force, AlienVault OTX, AbuseIPDB, Robtex, ThreatMinor etc.

A SOC exists to monitor and protect the critical assets of an organization through standardized and repeatable processes. This means they have the task of maintaining eyes on an entire business to identify and block malicious behavior by insiders or outsiders.

• Importance of SOC
• Architecture of SOC using People, process, Technology. Individual contributions.
• MITRE ATT&CK Framework: adversary tactics and techniques, APT groups.
• Analyzing Phishing Mails: Spear phishing, Vishing, Whaling, smishing,
• Overview of Security Attacks and their mitigations and remediations
  1. Port scanning
     1. Vertical Port Scanning
     2. Horizontal Port Scanning
  2. DOS, DDOS, ICMP Flood, UDP Flood, Syn Flood
  3. Successful Brute Force attack
  4. Malware Outbreak
  5. Ransomware Attacks
  6. Data Exfiltration over ICMP.
  7. Insider Threat
  8. Cross Site scripting
  9. Use cases on top of IDS/IPS, Firewall, Proxy, Endpoint protection.
  10. Attacks according to OSI Layers etc.
  11. Defensive strategies using Firewall, Proxy, Email Gateway, IDS/IPS, DLP etc.
  12. Evasion Techniques

Real-time threat detection and response backed by a powerful, open and intelligent SIEM (Security Information and Event Management)

• ArcSight
  1. Architecture of ArcSight
  2. Creation of Content: Reports, Dashboards, Rules, Filters
  3. Integration of Log Sources with ESM, Troubleshooting agents’ issue
  4. ArcMC, ArcCC, Arcsight Logger

• QRadar
  1. Architecture of QRadar
  2. Creation of Dashboards, Reports
  3. Analyzing offences
  4. Installation of Collectors