Join the Webinar | Strong Protection Against Cyber Threats
Join Webinar
Join Webinar

Solutions

We Develop Information Security Processes

Have a question?

Call Now +0850 800 1483
Contact us
https://www.beyaz.net/files/elfinder/content_photo/icerik_dosyalari/soc-hizmet-surekliligi_photo.jpg

SOC Analyst Training

Our SOC Analyst Training Program helps you develop technical skills that are in demand and trending in the industry. With the skills you will gain as a result of the training, you will reach a level where you can carry out extremely complex SOC operations. Our program will start with intermediate cybersecurity concepts and move up to advanced Forensics, Threat Intelligence, Security Incidents and Incident Management. Participants who successfully complete our training will be given a certificate of participation.

achievements

  • You will be able to develop strategies and use popular tools and techniques to ensure the security of your organization.
  • You will be able to understand cyber threats and take precautions.
  • You will understand network forensics and event management.
  • You will get to know the cyber security industry.
  • You will be able to identify vulnerabilities for risk analysis and prioritize and remediate them.
  • You will be able to perform static analysis of malware and understand their purposes.
  • You will be able to write SIEM correlations against attackers and understand their techniques.
  • You will be able to block attackers who attempt to attack or violate your security by following their traces.

Program Content

1- Fundamentals of Security

  • Entrance

    • Introduction to Security Fundamentals
    • Blue Team Roles

     

    Social Skills

    • Department Introduction, Social Skills
    • Contact
    • Team work
    • Problem Solving Skills
    • Time management
    • Mental Health

     

    Security Checks

    • Section Introduction, Security Checks
    • Physical Security
    • Network Security
    • Endpoint Security
    • Email Security
    • (Event) End of Chapter Evaluation

     

    Networking 101

    • Episode Introduction, Networking 101
    • Network Fundamentals
    • OSI Model
    • Network Devices
    • Network Tools
    • Ports and Services
    • (Event) Port Scanning Activity with Nmap, End of Section Evaluation

2- Phishing Analysis

  • Entrance

    • Episode Introduction, Email and Phishing Attacks
    • How Does Electronic Mail Work?
    • Email Structure
    • What is a Phishing Attack?
    • Impact of Phishing Attack
    • Phishing Analysis Concepts
    • (Event) End of Chapter Evaluation

     

    Phishing Email Types

    • Episode Introduction, Phishing Emails
    • Discovery
    • spam
    • False-postives
    • Collection of Identity Information
    • Social Engineering
    • Vishing and Smishing 
    • whaling
    • Files with Malicious Content
    • (Video) Phishing Attack Types
    • (Event) Categorizing Phishing Attacks
    • (Event) End of Chapter Evaluation

     

    Tactics and Techniques

    • Chapter Introduction, Tactics and Techniques
    • Spear Phishing Attacks
    • Imitation (Impersonation)
    • Typosquatting and Homographs
    • Sender Spoofing
    • HTML Styling
    • attachments
    • Hyperlinks
    • URL Shortening
    • Use of Legitimate Services
    • Corporate Email Compromised

     

    Researching Email Addresses

    • Department Introduction, Researching Email Addresses
    • Information We Need to Collect (Artifacts)
    • Manual Information Collection – Email Digital Record Artifacts
    • Manual Information Collection – Web Digital Record Artifacts
    • Manual Information Collection – File Digital Record Artifacts

     

    Analysis of Products (Analyzing Artifacts)

    • Department Introduction, Analysis of Products
    • Virtualization Tools
    • URL Reputation Tools
    • File Reputation Tools
    • Malware Sandboxing

     

    Defensive Actions

    • Section Introduction, Defense Measurement
    • Measure: Marking External Mail
    • Measure: Email Security Technology
    • Measure: Spam Filter
    • Measure: Additional Filtering
    • Measure: Attachment Sandboxing
    • Precaution: Security Awareness
    • Active: Immediate Intervention Process
    • Active: Blocking Email Digital Record Remnants
    • Active: Blocking Web Element Digital Record Remnants 
    • Active: Blocking File Digital Record Remnants

     

    Lessons Learned

    • Department Introduction, Lessons Learned
    • Determining New Tactics
    • Response Improvements

3- Threat Intelligence (1/2)

  • Entrance

    • Section Introduction, Threat Intelligence
    • What is Threat Intelligence?
    • The Importance of Threat Intelligence
    • Types of Intelligence
    • The Future of Threat Intelligence
    • Threat Intelligence Concepts

     

    Threat Actors and APTs

    • Episode Introduction, Actors
    • Common Threat Agents
    • Motivations
    • Actor Naming Conventions
    • What is APT?
    • Tools, Techniques and Procedures
    • (Event) Investigating a Threat Actor, End-of-Chapter Evaluation

     

    Operational Intelligence

    • Department Introduction, Operational Intelligence
    • Indicators of Compromise (IOCs)
    • MITER ATT&CK Structure
    • Lockheed Martin Cyber Kill Chain
    • (Event) End of Chapter Evaluation

     

    Tactical Intelligence

    • Department Introduction, Tactical Intelligence
    • Threat Exposure Controls
    • Watch List/IOC Watch
    • Public Data Leakage Controls
    • Threat Intelligence Platforms
    • Malware Information Sharing Platform
    • (Event) MISP Setup
    • (Event) End of Chapter Evaluation

     

    Strategic Intelligence

    • Department Introduction, Strategic Intelligence
    • Information Sharing and Partnership
    • IOC/TTP Collection and Distribution
    • OSINT vs Paid Resources
    • (Event) End of Chapter Evaluation

     

    Global Malware Attacks

    • Episode Introduction, Global Malware Attacks
    • Malware Used by Threat Actors
    • Global Malware Attack: TrickBot
    • Global Malware Attack: Sodinokibi
    • Global Malware Attack: Magecart 
    • Global Malware Attack: Emotet 
    • (Event) End of Chapter Evaluation

4- Digital Forensics (1/2)

  • Entrance

    • Department Introduction, Digital Forensics
    • What is Digital Forensics?
    • Digital Forensics Processes
    • Digital Forensics Concepts
    • (Event) Download List

     

    Computer Forensics Fundamentals

    • Chapter Introduction, Digital Forensics Fundamentals
    • Data Marking
    • (Event) Data Marking
    • Hard Disk Basics
    • SSD Basics
    • File Systems
    • (Event) File Systems
    • Digital Evidence and Processing
    • Volatility
    • Metadata
    • (Event) Metadata
    • RAM, Pagefile and Hibernation File
    • Hashing and Integration
    • (Event) Hashing and Integration
    • (Event) End of Chapter Evaluation

     

    Digital Evidence

    • Episode Introduction, Evidence Collection
    • Equipment
    • ACPO Evidence Collection and Preservation Principles
    • Custody Chain
    • Disk Imaging: FTK Imager
    • Live Digital Forensics
    • Live Gain: KAPE
    • Evidence Destruction
    • (Event) End of Chapter Evaluation

     

    Computer Forensics – Windows

    • Chapter Introduction, Windows Forensics
    • Windows Digital Record Remnants – Programs
    • (Event) Windows Research – 1
    • Windows Digital Record Remnants – Browsers
    • (Event) Windows Research – 2
    • (Event) End of Chapter Evaluation

     

    Computer Forensics – Volatility

    • Episode Introduction, Volatility
    • What is Volatility?
    • Volatility Walkthrough
    • (Event) Volatility Exercise

5- Security Information and Event Management (SIEM)

  • Entrance

    • Section Introduction, SIEM
    • Security Information Management (SIM)
    • Security Event Management (SEM)
    • What is SIEM?
    • SIEM Platforms
    • SIEM Concepts
    • (Event) End of Chapter Evaluation

     

    logging

    • Episode Introduction, Logging
    • What is Logging?
    • syslog
    • Windows Event Logs – Sysmon
    • Other Logs
    • (Event) Windows Event Log Analysis
    • (Event) End of Chapter Evaluation

     

    correlation

    • Episode Introduction, Correlation
    • Normalization and Processing
    • SIEM Rules
    • Sigma Rules
    • regex
    • (Event) Writing a Sigma Rule
    • (Event) End of Chapter Evaluation

6- Incident Response (1/2)

  • Entrance

    • Episode Introduction, Incident Response
    • What is Incident Response?
    • Why is Incident Response Necessary?
    • Security Events vs Security Incidents
    • Incident Response Lifecycle
    • CSIRT and CERT
    • Incident Response Concepts
    • (Event) End of Chapter Evaluation

     

    Preparation Phase

    • Department Introduction, Preparation
    • Preparation: Incident Response Plan
    • Preparedness: Incident Response Teams
    • Preparation: DMZ
    • Preparation: Host Defense
    • Preparation: Network Defense
    • (Event) Installing a Firewall
    • Preparation: Email Defense
    • Preparation: Physical Defense
    • Preparation: Human Defense
    • Preparation: Snort
    • (Event) Snort Setup
    • (Event) End of Chapter Evaluation

     

    Detection and Analysis

    • Episode Introduction, Identification and Analysis
    • Common Events and Events
    • Baselines and Code of Conduct
    • Introduction to Wireshark (GUI)
    • Introduction to Wireshark (Analysis)
    • (Event) PCAP 1
    • (Event) PCAP 2
    • (Event) PCAP 3
    • Wound Rules for Detection
    • CMD and PowerShell in Incident Response
    • (Event) End of Chapter Evaluation

    Containment, Eradication, Recovery

    • Department Introduction, CER
    • Event Limitation
    • Taking Forensic Images
    • Detection and Removal of Suspicious Digital Record Remnants
    • Detection of Root Cause and Recovery
    • (Event) End of Chapter Evaluation

     

    Lesson Learned

    • Department Introduction, Lesson Learned
    • What's Going Well?
    • What Can Be Improved?
    • Importance of Documentation
    • Incident Response Metrics
    • Reporting Format
    • Report Considerations

     

    MITER ATT&CK

    • Section Introduction, MITER ATT&CK
    • Initial Access
    • Execution
    • Persistence
    • Privilege Escalation
    • Bypassing Defense Systems (Defense Evasion)
    • Providing Access to Credential Information
    • Discovery
    • Lateral Movement 
    • Collection
    • Command and Control
    • Data Theft (Exfiltration)
    • Impact
    • (Event) ATT&CK Navigator 
    • (Event) End of Chapter Evaluation

7- Malware Analysis

  • Entrance

    • Chapter Introduction, Malware Analysis
    • Why is it important?
    • Types of Malware
    • Analysis Types
    • Tools Used
    • (Event) End of Chapter Evaluation

     

    Establishing a Laboratory Environment

    • Department Introduction, Laboratory Environment
    • Requirements
    • Configurations
    • Installations, Settings and Snapshots
    • Collection of Malware Samples

     

    Static Analysis

    • Section Introduction, Static Analysis
    • Introduction to Static Analysis
    • Portable and Executable File Format
    • hashing
    • Strings
    • (Lab) Hashing and Strings
    • YARA and yarGen
    • (Lab) YARA and yarGen
    • Analysis of PE Files
    • (Lab) Analysis of PE Files
    • Analysis of PDF Files
    • (Lab) Analysis of PDF Files
    • Analysis of Office Files
    • (Lab) Analysis of Office Files
    • (Event) End of Chapter Evaluation

     

    Static Analysis

    • Chapter Introduction, Dynamic Analysis
    • Introduction to Dynamic Analysis
    • Introducing Sysinternals
    • Sysinternals AutoRuns
    • Sysinternals TCPView
    • (Lab) Using Sysinternals
    • Transaction Monitoring and ProcDOT
    • (Lab) Monitoring Suspicious Transactions
    • Online Analysis Tools
    • (Event) Online Analysis Tools
    • Anti-sandboxing Techniques
    • (Event) End of Chapter Evaluation

8- Threat Hunting

  • Entrance

    • Episode Introduction, Threat Hunting
    • What is Threat Hunting?
    • Benefits of Hunting
    • Threat Hunting Lifecycle
    • Threat Intelligence
    • MITER ATT&CK
    • Tools Used
    • (Event) End of Chapter Evaluation

     

    Establishing a Laboratory Environment

    • Department Introduction, Laboratory Environment
    • Laboratory Architecture
    • Lab Setup
    • Kibana Interface
    • Sigma and Elastalert
    • (Event) End of Chapter Evaluation

     

    Endpoint Hunting

    • Episode Introduction, Endpoint Hunting
    • Windows Systems
    • Windows User Accounts
    • Windows Program Execution
    • (Lab) Windows Program Execution
    • Windows Network Connections
    • Windows Services
    • Windows Registry
    • Windows Logging
    • Hunting for Event Logs with Chainsaw
    • (Lab) Hunting for Event Logs with Chainsaw
    • (Lab) Windows System Hunt
    • Linux Systems
    • Linux User Accounts
    • Linux Network Connections
    • Linux Services
    • Linux Automated Tasks
    • Linux Logging
    • (Lab) Linux System Hunt
    • (Event) End of Chapter Evaluation

     

    Threat Hunting at Scale

    • Episode Introduction, Large Scale Hunting
    • Velociraptor Hunting: Introduction
    • Velociraptor: Web GUI
    • Velociraptor: VQL
    • Velociraptor: Hunting and Notebook 1
    • Velociraptor: Hunting and Notebook 2
    • Velociraptor: Summary
    • (Lab) Velociraptor Hunting
    • GRR Hunting: Introduction
    • GRR: Web GUI
    • GRR: Flow and Prey
    • GRR: Hunt Walkthrough
    • GRR: Summary
    • (Event) End of Chapter Evaluation

9- Advanced SIEM

  • Entrance

    • Section Introduction, SIEM
    • What is SIEM?
    • SIEM Providers
    • Benefits of SIEM
    • SIEM Automation
    • SIEM and MITER ATT&CK 
    • Tools Used
    • Why Splunk?
    • (Event) End of Chapter Evaluation

     

    SIEM Setup

    • Section Introduction, SIEM Setup
    • SIEM Architecture
    • Logs and Transport
    • Splunk CIM
    • Storage, Holding and Collection
    • Generating Alarms with Sigma
    • (Event) End of Chapter Evaluation

     

    Proactive SIEM

    • Section Introduction, Proactive SIEM
    • Threat Hunting Lifecycle
    • Proactive SIEM vs Reactive SIEM
    • Splunk Threat Hunting Application
    • Investigation of Threats
    • (Lab) Hunting and Analysis
    • (Lab) Research and Reporting – ThreatHunting Application – File Integrity Tracking
    • (Event) End of Chapter Evaluation

     

    Attacker Simulation, Detection and Analysis 

    • Episode Introduction, Adversary Emulation
    • Threat Modeling and Planning
    • Attacker Simulation Tools
    • CALDERA and Operations
    • (Lab) Adversary Emulation
    • Post-Simulation Activities
    • (Lab) Logging, Simulation and Dashboards
    • Command and Control Detection
    • (Lab) Command and Control Detection
    • (Event) End of Chapter Evaluation

Established in 2017 to provide consultancy, service and support services on information security, InfinitumIT carries out studies within the framework of cyber incident response services, secure code development/analysis, penetration tests, and blue/red teamwork.

Services

Products

Company

Resources

Copyright © 2023 InfinitumIT– All Rights Reserved.