SIEM/SOC Advanced / NS108

FIVE   |   SIX   |   85%   |   40

                SCENARIOS               LABS                HANDS-ON           DURATION

This SOC Operation course is designed for SOC organizations implementing a SOC solution and provides full guidance on the necessary skills and procedures to operate it. The training will provide trainers with all aspects needed for a SOC team to keeping the adversary out of the enterprise.

LAB 01

Basic Intrusion Detection Tools and Methods

LAB 02

Using Scapy

LAB 03

Building the SIEM Environment

LAB 04

Advanced Monitoring

LAB 05

Configuring WMI

LAB 06

Digital Investigations

Scenario: SCCB001

Rodpicom Botnet sends a message to the victim with a link to a malicious site that leads to downloadable content. The link content contained malware, which causes CPU overloads on a small advertising company customer. The company’s SOC team was asked to check the security logs on the web-server for further investigation.

Rodpicom Botnet.jpg

Scenario: SCCB002

In the last few months, multiple groups of attackers successfully compromised corporate email accounts at various firms, using phishing techniques. As part of the security team, we need your help to find leads to the attacker.


Scenario: SCCB003

Former Yahoo employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users. We would like you to help us investigate the incident.


Scenario: SCCB004

Over the past few months, hundreds of Android users have been complaining about a new piece of mysterious malware. Our company uses the system "Security Onion", and we need your help analyzing the logs it generated by the malware traffic.


Scenario: SCCB005

The web hosting company, Hostinger, has suffered a data breach. Using the access token, the hackers infiltrated a SQL database server and found a file containing a list holding millions of hashed passwords and usernames. Following the incident, the CEO hired a group of Cyber Security professionals, to work together and close the vulnerability that allowed the hackers to infiltrate the network and steal the file.


© 2020 by ThinkCyber

THE 2020