Curriculum
- 9 Sections
- 87 Lessons
- 52 Weeks
Expand all sectionsCollapse all sections
- Introduction to Cyber Dojo Platform5
- Introduction to Security Operations Analyst Course1
- Chapter 1: Blue Team Tools and Operations24
- 3.1Chapter Overview2 Minutes
- 3.2Welcome to the Blue Team30 Minutes
- 3.3SOC Overview1 Hour
- 3.4Exercise 1.0: Virtual Machine Setup13 Minutes
- 3.5Defensible Network Concepts46 Minutes
- 3.6Events, Alerts, Anomalies, and Incidents52 Minutes
- 3.7Incident Management Systems1 Hour
- 3.8Exercise 1.1: TheHive Incident Management System24 Minutes
- 3.9TryHackMe Bonus Lab: TheHive Project
- 3.10Threat Intelligence Platforms1 Hour
- 3.11MISP Overview10 Minutes
- 3.12Exercise 1.2: MISP Threat Intelligence Platform29 Minutes
- 3.13TryHackMe Bonus Lab: Intro to Cyber Threat Intel
- 3.14TryHackMe Bonus Lab: Threat Intelligence Tools
- 3.15TryHackMe Bonus Lab: MISP
- 3.16TryHackMe Bonus Lab: OpenCTI
- 3.17TryHackMe Bonus Lab: Yara
- 3.18SIEM and Automation1 Hour
- 3.19Know Your Enemy51 Minutes
- 3.20Exercise 1.3: SIEM with the Elastic Stack45 Minutes
- 3.21TryHackMe Bonus Lab: Introduction to SIEM
- 3.22Quiz: CTI Analyst1 Day19 Questions
- 3.23TryHackMe Bonus Lab: Friday Overtime
- 3.24TryHackMe Bonus Lab: Trooper
- Chapter 2: Understanding Your Network13
- 4.1Chapter 2 Overview7 Minutes
- 4.2Network Architecture1 Hour
- 4.3Traffic Capture and Analysis41 Minutes
- 4.4Understanding DNS55 Minutes
- 4.5DNS Analysis and Attacks2 Hours
- 4.6Exercise 2.1: Exploring DNS54 Minutes
- 4.7Understanding HTTP47 Minutes
- 4.8TryHackMe Bonus Lab: Web Application Basics40 Minutes
- 4.9HTTP(S) Analysis and Attacks1 Hour
- 4.10Exercise 2.2: HTTP and HTTPS Analysis34 Minutes
- 4.11Understanding SMTP and Email47 Minutes
- 4.12Exercise 2.3: SMTP and Email Analysis1 Hour
- 4.13Additional Network Protocols54 Minutes
- Chapter 3: Understanding Endpoints, Logs, and Files16
- 5.1Chapter 3 Overview8 Minutes
- 5.2Endpoint Attack Tactics2 Hours
- 5.3Endpoint Defense In Depth2 Hours
- 5.4Bonus Session: LOLBins: The Double-Edged Sword of Cybersecurity and How to Hunt for Them2 Hours
- 5.5TryHackMe Bonus Lab: OpenVAS28 Minutes
- 5.6TryHackMe Bonus Lab: Nessus38 Minutes
- 5.7How Windows Logging Works20 Minutes
- 5.8How Linux Logging Works18 Minutes
- 5.9Interpreting Important Events
- 5.10Exercise 3.1: Interpreting Windows Logs
- 5.11Understanding Kerberos
- 5.12Log Collection, Parsing, and Normalization
- 5.13Exercise 3.2: Log Enrichment and Visualization
- 5.14File Contents and Identification
- 5.15Identifying and Handling Suspicious Files
- 5.16Exercise 3.3: Malicious File Identification
- Chapter 4: Triage and Analysis11
- 6.1Alert Triage and Prioritization
- 6.2Perception, Memory, and Investigation
- 6.3Models and Concepts for Infosec
- 6.4Exercise 4.1: Alert Triage & Prioritization
- 6.5Structure Analytical Techniques
- 6.6Analysis Questions and Tactics
- 6.7Analysis OPSEC
- 6.8Exercise 4.2: Structured Analysis Challenge
- 6.9Intrusion Discovery
- 6.10Incident Closing and Quality Review
- 6.11Exercise 4.3: Collecting and Documenting Incident Information
- Chapter 5: Continuous Improvement, Analytics, and Automation11
- 7.1Improving Life in the SOC
- 7.2Analytic Features and Enrichment
- 7.3New Analytic Design, Testing, and Sharing
- 7.4Tuning and False Positive Reduction
- 7.5Exercise 5.1: Alert Tuning
- 7.6Automation and Orchestration
- 7.7Improving Operational Efficiency and Workflow
- 7.8Exercise 5.2: Security Automation
- 7.9Containing Identified Intrusions
- 7.10Exercise 5.3: Incident Containment
- 7.11Skill and Career Development
- Final Exam0
- Project: Day in the Life of a SOC Analyst8
- 9.1Background10 Minutes
- 9.2Alert (1): Suspicious Behavior on Corporate Web Server15 Minutes
- 9.3Alert (2): Unauthorized Access and File Exfiltration15 Minutes
- 9.4Alert (3): Possible Malware on Windows Host25 Minutes
- 9.5Alert (4): Possible Malware Detected20 Minutes
- 9.6Alert (5): Phishing Email Campaign5 Minutes
- 9.7Project Rubric15 Minutes
- 9.8Project Details and Submission14 Days
