Skip to main content
rod_soto_def_con_training
rod_soto_def_con_training

Rod Soto - SOC 101 - SOC 1 Analyst Bootcamp $1,900 (Early $1,700)

$1,700.00

Name of Training:

SOC 101 - SOC 1 Analyst Bootcamp

Description:

This course will provide students with extensive hands-on exercises and labs that emulate real-life security operation center tasks and related technologies.

Training description:

During this comprehensive course, tools and methodologies that are used in Security Operation Centers will be introduced and detailed. This course will provide students with extensive hands-on exercises and labs that emulate real-life security operation center tasks and related technologies.

From text handling, packet dissection, and analysis, to adversarial simulation and detection engineering, this course will provide students with a solid base of skills and a comprehensive understanding of a Security Operations Center (SOC) Analyst job.

The focus will be geared toward basic, hands-on skills that allow students to perform and excel at baseline SOC tasks.

Hardware & Minimum Course Requirements:
A laptop with 16GB of RAM and the ability to run Virtual Machines. Understanding of basic networking concepts and basic Linux comprehension.

Target Audience:
This training is geared towards Information Technology, Computer System, or Computer Network Professionals seeking to enter the Information Security Industry while enriching those who seek to develop the skills and knowledge necessary to work at a Security Operations Center.

Skills that will be learned:
This course will provide students with the necessary skills and knowledge to work in a Security Analyst 1 job and understand the dynamics of a Security Operations Center

Past content:

Rod Soto Udacity Instructor https://www.udacity.com/course/security-engineer-nanodegree--nd698
Rod Soto RSA Conference 2021
https://www.rsaconference.com/Library/presentation/USA/2022/Web%20Application%20Hacking%20101
Rod Soto - Red Team Village - Adversarial Simulation Workshop 2 hours. https://www.youtube.com/watch?v=YEnL8QfFlJI
Rod Soto - Linux Threat Detection using Attack Range - Texas CyberSummit 2022 https://www.youtube.com/watch?v=YEnL8QfFlJI
For new Trainers, so the Review Board is able to get a sense of your presentation style, do you have a video sample of any previous conference presentations or training? (Optional)
Rod Soto - Red Team Village - Adversarial Simulation Workshop 2 hours. https://www.youtube.com/watch?v=YEnL8QfFlJI

Trainer(s) bio:

Rod Soto has over 15 years of experience in information technology and security. Has worked in Security Operations Centers as a support engineer, soc engineer, security emergency response, and incident response. Currently working as a detection engineer and researcher at Splunk Threat Research Team. Previously worked at Prolexic/AKAMAI, Splunk UBA, JASK (SOC Automation).
Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and Red Alert ICS CTF at DEFCON 2022 contest. He has spoken at ISSA, ISC2, OWASP, DEFCON,  RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN.

Trainer(s) social media links:

https://twitter.com/rodsoto : @rodsoto

Outline:

Day 1:

Introduction to SOC & SOC-related technologies (2 hours)
Whoami
What is a SOC
Types of SOC
What is expected of a SOC Analyst (SOC 101)
Security Principles
Access Controls
SOC Security Technologies
Principles of Defense in Depth
Defense in Depth technologies
SOC main focus - Endpoints (Linux - Windows)
Linux Access Controls (DAC, MAC), Access Log locations
Exercise 1. Linux Access Controls, Linux Access Logs (grep, awk, and cli tools)
Exercise 2. Windows Access Controls - NTFS & Active Directory
(SysIinternals AccessEnum, Powershell & Windows CLi commands)
User Groups, Permissions, NTFS folder and file permissions.
Security Events & Data Manipulation (2 hours)
What is a security event?
Security Event Types
Triage of Security Events/Incidents
Logs & Text manipulation
- Logs, metadata, management, ETL, storage
- Linux, PowerShell, Batch - GREP, AWK, SED, REGEX
- Log and Metadata Standards - CIM, WWW, JSON, XML, SYSMON, SYSLOG, CSV
    - Linux Logs → locations and structure
- Windows Logs → locations and structure
Exercise -
Use Regex against CSV, WWW, RAW logs to find security events relevant metadata
Use PowerShell to view, parse and find data in files
Use cat, grep, sed, and awk to manipulate, find data and understand the structure of log files (syslog, sysmon, json, xml)
Identify attack vector in logs
Networking   - Threat Detection & Analysis (2 hours)
Network Basics
Basic TCP/IP – OSI Layers, distribution by protocol RFCs
Netflow
Packet Capture
Wireshark, TCPDump
PCAP readers – Chaos Reader, Foremost, Network Miner, Arkime
Network Analysis and threat detection
Arkime
Suricata
Exercise -
Use TCPdump & Wireshark to find attack signatures in attack pcaps
Use NetworkMiner to mine and identify information
Use Arkime to capture and obtain pcaps
Replay pcap and visualize detection in Suricata
Vulnerabilities & Attacks (2 hours)
Vulnerabilities & Attacks SOCs are exposed
Endpoints
Servers
Applications
Cloud
Industry Nomenclature
Mitre CVEs, Mitre ATT&CK, OWASP TOP 10
TLP Protocol
CVSS
Industry Compliance Frameworks
Risk & Threat Modeling
Exercise -
Identify vulnerability, score RISK, and calculate CVSS
Identify APT 28 TTPs
Perform RDP attack against a windows host and find related policies and security logs
Identify OWASP Top 10 attack in a campaign (sqli / nginx logs)

Day 2:

Management of logs (3 hours)
How to send logs to a centralized location 
→ syslog, rsyslog, netcat
-  Windows Event Subscription
– malware related logs
Malware-centric logs → registry, evtx/xml, json, www
Management of centralized logs
SIEM
SPLUNK
Elastic
Introduction to EDR
Wazuh
OpenEdr
Exercise
Use docker to create a Splunk Instance and upload data, find a threat in the uploaded data
Use docker to create Elastic instance upload data and find threat
Operate a Wazuh Instance to load data and discover and analyze threats
Install OpenEdr and detonate threats to verify detection
Use EICAR file to visualize windows defender and logs at endpoint and SIEM
Use Elastic EDR to find threats
Adversarial Simulation & Detection Engineering (3 hours)
Infrastructure as Code
Adversarial Simulation Frameworks
Atomic Red Team
Operator
Splunk Attack Range
Manual exploitation
Detection engineering Windows (Sysmon)
Detection Engineering Linux (Syslog)
Exercise
Execute Atomic Red Team atomics against a target
Device a detection from collected logs
Execute an attack on Linux host, detect an attack from collected logs 
SOC challenges and interactions (1 hour)
Cryptography and the SOC
Incident Response
SOC Periphery teams
CTF  (1 hour)

Technical difficulty:

Beginner.

Suggested Prerequisites:

Basic understanding of Windows and Linux Command Line, as well as basic networking skills (TCP/IP)

What students should bring:

A laptop with 16GB of RAM and the ability to run Virtual Machines. Understanding of basic networking concepts and basic Linux comprehension.

*Due to virtualization issues with M2 Apple Chip based laptops, these types of laptops are NOT supported for this training. Please bring Intel-based laptops that support x86 virtualization. 

DATE: August 12th-13th, 2024
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINERRod Soto

- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.