• No products in the cart.

HG315: Security Analysis & Blue Team Operations provides students with comprehensive technical knowledge and key concepts required for security operation centre (SOC) analysts and new blue team members. By providing in-depth explanation of the mission and mindset of a modern cyber defence professional, this course jump-start with the tools common to a defender's work environment, and packs in all the essential and detailed explanations of SOC tools, processes, and data flow that every blue team member should understand.


ratings )



This Course Includes

4 weeks

Items in Curriculum

Course Badge

Created by

4 weeks
HG315 offers in-depth and comprehensive knowledge about security analytics and blue teaming to new cyber defense team members and SOC managers. This course introduces students to the tools common to a defender's work environment, and packs in all the important explanations of SOC tools, processes, and data flow that every blue team member must know.   Students will explore the process of security operations: how log data is collected, where it is collected, and how security threats are identified within that data. The course offers comprehensive insights into tactics for triage and investigation of security events identified as malicious, as well as how to avoid common mistakes and perform continuas security analysis. Students will learn the inner workings of the most common protocols, and how to identify malicious files as well as attacks within the network.   The course offers pragmetic, hands-on instruction using a virtual SOC environment with a real, fully-integrated toolset that includes:  
  • Security Information and Event Management
  • Incident tracking and management system
  • Threat intelligence platform
  • Packet capture and analysis tool
  • Automation tools
  You will be able to :  
  • How SIEM, incident management systems, threat intelligence platforms, and automation tools should connect and work together to provide a comprehensive workflow for analysts.
  • Analysis of common alert types including HTTP/HTTPS, DNS, and email-based attacks etc.
  • Identification of post-exploitation attacker activity.
  • Mental models for understanding security alerts and attack patterns that can help to effectively classify and prioritize security alerts.
  • How to perform high-quality, bias-free security analysis and investigation.
  • How to identify the critical security alerts, and quick ways to verify them.
  • How event logs are collected throughout the IT environment and the importance of log parsing, enrichment, and correlation capability of the SIEM.
  • How to create and fine tune threat detection analytics to eliminate false positives.
  You will learn :  
  • Introduction to the Blue Team
  • SOC Overview
  • Defensible Network Concepts
  • Events, Alerts, Anomalies, and Incidents
  • Incident Management Systems
  • Threat Intelligence Platforms
  • SIEM
  • Automation and Orchestration
  • Corporate Network Architecture
  • Zero-trust architecture
  • Traffic Capture and Analysis
  • Understanding DNS
  • DNS analysis and attacks
  • Understanding HTTP and HTTPS
  • Analyzing HTTP for Suspicious Activity
  • SMTP and Email Attacks
  • SMB - versions and typical attacks
  • DHCP for defenders
  • ICMP and how it is abused
  • FTP and attacks
  • SSH and attacks
  • PowerShell remoting
  • Endpoint Attack Tactics
  • Initial exploitation
  • Post-exploitation tactics
  • Endpoint Defense In-Depth
  • Vulnerability scanning and patching
  • Host intrusion prevention and detection systems
  • File integrity monitoring
  • Anti-exploitation
  • Data loss prevention
  • User and entity behavior analytics
  • Windows Logging
  • Linux Logging
  • Interpreting Important Events
  • Object and file auditing
  • PowerShell logging
  • Kerberos and Active Directory Events
  • Authentication and the ticket-granting service
  • Kerberos authentication steps
  • Kerberos log events in detail
  • Log Collection, Parsing, and Normalization
  • File contents at the byte level
  • How to identify a file by the bytes
  • Magic bytes
  • Nested files
  • Strings - uses, encoding options, and viewing
  • Identifying and Handling Suspicious Files
  • Alert Triage and Prioritization
  • Spotting late-stage attacks
  • Attack lifecycle models
  • Spotting exfiltration and destruction attempts
  • Targeted attack identification
  • Lower-priority alerts
  • Alert validation
  • Perception, Memory, and Investigation
  • Mental Models for Information Security
  • Cyber kill chain
  • Defense-in-depth
  • NIST cybersecurity framework
  • Incident response cycle
  • Threat intelligence levels, models, and uses
  • F3EAD
  • Diamond model
  • The OODA loop
  • Attack modeling, graph/list thinking, attack trees
  • Pyramid of pain
  • Structured Analysis Techniques
  • Analysis Tactics
  • Analysis OPSEC
  • Intrusion Discovery
  • Incident Response
  • Improving Life in the SOC
  • Common SOC issues
  • Analytic Features and Enrichment
  • Analytic Design, Testing, and Sharing
  • Tuning and False Positive Reduction
  • Automation and Orchestration
  • SOAR
  • Alert and case management
  • Improving Operational Efficiency and Workflow
  • Containing Identified Intrusions

Course Currilcum

2021 © Aristi Cybertech Private Limited. All rights reserved.