Curriculum
- 9 Sections
- 109 Lessons
- 52 Weeks
Expand all sectionsCollapse all sections
- Introduction to Cyber Dojo Platform5
- Introduction to Security Operations Analyst Course1
- Chapter 1: Blue Team Tools and Operations26
- 3.1Chapter Overview2 Minutes
- 3.2Welcome to the Blue Team30 Minutes
- 3.3SOC Overview1 Hour
- 3.4Exercise 1.0: Virtual Machine Setup13 Minutes
- 3.5TryHackMe SOC Level 1 Path Intro7 Minutes
- 3.6TryHackMe Bonus Lab: Junior Security Analyst Intro27 Minutes
- 3.7Defensible Network Concepts46 Minutes
- 3.8Events, Alerts, Anomalies, and Incidents52 Minutes
- 3.9Incident Management Systems1 Hour
- 3.10Exercise 1.1: TheHive Incident Management System24 Minutes
- 3.11TryHackMe Bonus Lab: TheHive Project40 Minutes
- 3.12Threat Intelligence Platforms1 Hour
- 3.13MISP Overview10 Minutes
- 3.14Exercise 1.2: MISP Threat Intelligence Platform29 Minutes
- 3.15TryHackMe Bonus Lab: Intro to Cyber Threat Intel22 Minutes
- 3.16TryHackMe Bonus Lab: Threat Intelligence Tools1 Hour
- 3.17TryHackMe Bonus Lab: OpenCTI46 Minutes
- 3.18TryHackMe Bonus Lab: MISP19 Minutes
- 3.19TryHackMe Bonus Lab: Yara
- 3.20SIEM and Automation1 Hour
- 3.21Know Your Enemy51 Minutes
- 3.22Exercise 1.3: SIEM with the Elastic Stack45 Minutes
- 3.23TryHackMe Bonus Lab: Introduction to SIEM
- 3.24Quiz: CTI Analyst1 Day19 Questions
- 3.25TryHackMe Bonus Lab: Friday Overtime
- 3.26TryHackMe Bonus Lab: Trooper
- Chapter 2: Understanding Your Network24
- 4.1Chapter 2 Overview7 Minutes
- 4.2Network Architecture1 Hour
- 4.3Traffic Capture and Analysis41 Minutes
- 4.4Understanding DNS55 Minutes
- 4.5DNS Analysis and Attacks2 Hours
- 4.6Exercise 2.1: Exploring DNS54 Minutes
- 4.7Understanding HTTP47 Minutes
- 4.8TryHackMe Bonus Lab: Web Application Basics40 Minutes
- 4.9HTTP(S) Analysis and Attacks1 Hour
- 4.10Exercise 2.2: HTTP and HTTPS Analysis34 Minutes
- 4.11Understanding SMTP and Email47 Minutes
- 4.12Exercise 2.3: SMTP and Email Analysis1 Hour
- 4.13Additional Network Protocols54 Minutes
- 4.14TryHackMe Bonus Lab: Traffic Analysis Essentials
- 4.15TryHackMe Bonus Lab: Snort1 Hour
- 4.16TryHackMe Bonus Lab: Snort Challenge – The Basics1 Hour
- 4.17TryHackMe Bonus Lab: Snort Challenge – Live Attacks15 Minutes
- 4.18TryHackMe Bonus Lab: NetworkMiner
- 4.19TryHackMe Bonus Lab: Zeek
- 4.20TryHackMe Bonus Lab: Zeek Exercises
- 4.21TryHackMe Bonus Lab: Brim
- 4.22TryHackMe Bonus Lab: Wireshark: The Basics
- 4.23TryHackMe Bonus Lab: Wireshark: Packet Operations
- 4.24TryHackMe Bonus Lab: Wireshark: Traffic Analysis
- Chapter 3: Understanding Endpoints, Logs, and Files26
- 5.1Chapter 3 Overview8 Minutes
- 5.2Endpoint Attack Tactics2 Hours
- 5.3Endpoint Defense In Depth2 Hours
- 5.4Bonus Session: LOLBins: The Double-Edged Sword of Cybersecurity and How to Hunt for Them2 Hours
- 5.5TryHackMe Bonus Lab: OpenVAS28 Minutes
- 5.6TryHackMe Bonus Lab: Nessus38 Minutes
- 5.7How Windows Logging Works20 Minutes
- 5.8How Linux Logging Works18 Minutes
- 5.9Interpreting Important Events1 Hour
- 5.10Exercise 3.1: Interpreting Windows Logs1 Hour
- 5.11Bonus Session: Understanding Kerberos
- 5.12Log Collection, Parsing, and Normalization43 Minutes
- 5.13Exercise 3.2: Log Enrichment and Visualization28 Minutes
- 5.14File Contents and Identification37 Minutes
- 5.15Identifying and Handling Suspicious Files1 Hour
- 5.16Exercise 3.3: Malicious File Identification1 Hour
- 5.17TryHackMe Bonus Lab: Intro to Endpoint Security
- 5.18TryHackMe Bonus Lab: Core Windows Processes
- 5.19TryHackMe Bonus Lab: Sysinternals
- 5.20TryHackMe Bonus Lab: Windows Event Logs
- 5.21TryHackMe Bonus Lab: Sysmon
- 5.22TryHackMe Bonus Lab: Osquery: The Basics
- 5.23TryHackMe Bonus Lab: Wazuh
- 5.24Quiz: Endpoint Security Monitoring3 Hours16 Questions
- 5.25TryHackMe Bonus Lab: Monday Monitor
- 5.26TryHackMe Bonus Lab: Retracted
- Chapter 4: Triage and Analysis11
- 6.1Alert Triage and Prioritization
- 6.2Perception, Memory, and Investigation
- 6.3Models and Concepts for Infosec
- 6.4Exercise 4.1: Alert Triage & Prioritization
- 6.5Structure Analytical Techniques
- 6.6Analysis Questions and Tactics
- 6.7Analysis OPSEC
- 6.8Exercise 4.2: Structured Analysis Challenge
- 6.9Intrusion Discovery
- 6.10Incident Closing and Quality Review
- 6.11Exercise 4.3: Collecting and Documenting Incident Information
- Chapter 5: Continuous Improvement, Analytics, and Automation11
- 7.1Improving Life in the SOC
- 7.2Analytic Features and Enrichment
- 7.3New Analytic Design, Testing, and Sharing
- 7.4Tuning and False Positive Reduction
- 7.5Exercise 5.1: Alert Tuning
- 7.6Automation and Orchestration
- 7.7Improving Operational Efficiency and Workflow
- 7.8Exercise 5.2: Security Automation
- 7.9Containing Identified Intrusions
- 7.10Exercise 5.3: Incident Containment
- 7.11Skill and Career Development
- Final Exam0
- Project: Day in the Life of a SOC Analyst8
- 9.1Background10 Minutes
- 9.2Alert (1): Suspicious Behavior on Corporate Web Server15 Minutes
- 9.3Alert (2): Unauthorized Access and File Exfiltration15 Minutes
- 9.4Alert (3): Possible Malware on Windows Host25 Minutes
- 9.5Alert (4): Possible Malware Detected20 Minutes
- 9.6Alert (5): Phishing Email Campaign5 Minutes
- 9.7Project Rubric15 Minutes
- 9.8Project Details and Submission14 Days
