

SOC-200: Security Operations and Defensive Analysis
Course Information

Course Name
SOC-200: Security Operations and Defensive Analysis

Exam code
OSDA

Duration
5 Days
Certification
Overview
The Security Operations and Defensive Analysis (SOC-200) course delves into the foundations of defending networks and systems against cyber threats. Learners gain practical experience within a hands-on, self-paced environment designed to teach the fundamental concepts of SOC operations.
Individuals completing the online training course and passing its rigorous exam, earn the OffSec Defense Analyst (OSDA) certification. This SOC Analyst certification demonstrates your ability to detect, analyze, and assess a potential security incident through live exercises. The OSDA stands out in the cybersecurity field, reflecting a commitment to hands-on defensive skills sought after by employers.
Audience Profile
The SOC-200 certification course is ideal for security professionals seeking to enhance their defensive analysis and response skills and earn the OSDA. It’s designed for individuals who have a solid foundation in networking and basic familiarity with Linux and Windows systems.
Prerequisites
While there are no formal prerequisites, it’s strongly recommended that you have:
- A solid foundation in TCP/IP networking
- Familiarity with Linux and Windows operating systems
- Basic understanding of cybersecurity concepts
At Course Completion
Upon completing SOC-200 and successfully passing the OSDA exam, you’ll have mastered core defensive methodologies, including:
- Security monitoring and log analysis
- Incident detection and threat identification
- Triaging and escalating events
- Incident response process and procedures
- Network and host-based forensics (basics)
Course Outline
Build a foundation for understanding attacker behaviors and how to anticipate their moves in penetration testing engagements
Discover common vulnerabilities in Windows endpoints and the attack vectors adversaries use to target them
Learn methods commonly used to exploit critical services and vulnerabilities on compromised Windows servers
Analyze browser-based attacks, vulnerabilities in software, and social engineering techniques attackers use to compromise user-facing sides of Windows systems
Exploit misconfigurations, software flaws, and zero-day vulnerabilities to increase your level of network control
Explore file system persistence, registry modifications, scheduled tasks, and other methods to retain the upper hand on attackers trying to stay hidden on compromised Windows systems
Get familiar with common attack vectors used to target Linux endpoints, their security mechanisms, and potential vulnerabilities
Understand how adversaries compromise Linux servers through privilege escalation methods, service exploits, and configuration weaknesses
Refine your evasion strategies by using firewalls, intrusion detection systems, and other tools to identify malicious activities
Use advanced methods for evading antivirus solutions and minimize your digital footprint with techniques like payload obfuscation and exploit customization
Avoid being detected by defensive technologies while making lateral network moves using covert communication methods and tunneling techniques
Uncover potential attack paths with methods and tools that gather information about Active Directory’s structure, users, groups, and permissions
Leverage compromised credentials, remote execution, and network pivoting to expand control in Windows environments post-exploit
Explore hidden accounts, service manipulation, and other methods of blending into network fabrics using the same techniques as attackers
Building an ELK SIEM: Get hands-on with setting up a SIEM solution using the ELK stack (Elasticsearch, Logstash, and Kibana). Learn how to install, configure, and integrate these components to start collecting and analyzing security logs
Operationalizing Your SIEM: Discover how to effectively manage and use your ELK SIEM deployment. Learn to collect logs from various sources, normalize data, create insightful dashboards, and set up alerts to proactively detect a security incident
Overview
Overview
The Security Operations and Defensive Analysis (SOC-200) course delves into the foundations of defending networks and systems against cyber threats. Learners gain practical experience within a hands-on, self-paced environment designed to teach the fundamental concepts of SOC operations.
Individuals completing the online training course and passing its rigorous exam, earn the OffSec Defense Analyst (OSDA) certification. This SOC Analyst certification demonstrates your ability to detect, analyze, and assess a potential security incident through live exercises. The OSDA stands out in the cybersecurity field, reflecting a commitment to hands-on defensive skills sought after by employers.
Audience Profile
Audience Profile
The SOC-200 certification course is ideal for security professionals seeking to enhance their defensive analysis and response skills and earn the OSDA. It’s designed for individuals who have a solid foundation in networking and basic familiarity with Linux and Windows systems.
Prerequisities
Prerequisites
While there are no formal prerequisites, it’s strongly recommended that you have:
- A solid foundation in TCP/IP networking
- Familiarity with Linux and Windows operating systems
- Basic understanding of cybersecurity concepts
At Course Completion
At Course Completion
Upon completing SOC-200 and successfully passing the OSDA exam, you’ll have mastered core defensive methodologies, including:
- Security monitoring and log analysis
- Incident detection and threat identification
- Triaging and escalating events
- Incident response process and procedures
- Network and host-based forensics (basics)
Course Outline
Course Outline
Build a foundation for understanding attacker behaviors and how to anticipate their moves in penetration testing engagements
Discover common vulnerabilities in Windows endpoints and the attack vectors adversaries use to target them
Learn methods commonly used to exploit critical services and vulnerabilities on compromised Windows servers
Analyze browser-based attacks, vulnerabilities in software, and social engineering techniques attackers use to compromise user-facing sides of Windows systems
Exploit misconfigurations, software flaws, and zero-day vulnerabilities to increase your level of network control
Explore file system persistence, registry modifications, scheduled tasks, and other methods to retain the upper hand on attackers trying to stay hidden on compromised Windows systems
Get familiar with common attack vectors used to target Linux endpoints, their security mechanisms, and potential vulnerabilities
Understand how adversaries compromise Linux servers through privilege escalation methods, service exploits, and configuration weaknesses
Refine your evasion strategies by using firewalls, intrusion detection systems, and other tools to identify malicious activities
Use advanced methods for evading antivirus solutions and minimize your digital footprint with techniques like payload obfuscation and exploit customization
Avoid being detected by defensive technologies while making lateral network moves using covert communication methods and tunneling techniques
Uncover potential attack paths with methods and tools that gather information about Active Directory’s structure, users, groups, and permissions
Leverage compromised credentials, remote execution, and network pivoting to expand control in Windows environments post-exploit
Explore hidden accounts, service manipulation, and other methods of blending into network fabrics using the same techniques as attackers
Building an ELK SIEM: Get hands-on with setting up a SIEM solution using the ELK stack (Elasticsearch, Logstash, and Kibana). Learn how to install, configure, and integrate these components to start collecting and analyzing security logs
Operationalizing Your SIEM: Discover how to effectively manage and use your ELK SIEM deployment. Learn to collect logs from various sources, normalize data, create insightful dashboards, and set up alerts to proactively detect a security incident
