Keywords:
Cyber, Security, Security Professionals, Hacking
Edu type:
Course or training
Location:
3447gv, Online
Education:
Associate degree (EQF 5), MBO-4/HAVO/VWO (EQF 4)
Start date:
29/03/2024
Study Load:
35 hrs
Duration:
5 days
More information

Description:

Threat Analyst leert u geavanceerde principes, tools en praktische technieken voor een senior, pro-active defense role in een SOC of soortgelijk team. De cursus biedt hands-on praktische opdrachten in een Next Generation SOC met een moderne technology stack en geëvolueerde processen, en duikt in de praktijk van veelbesproken concepten zoals XDR, Rapid Response en Automation. Je voert complexe tier 2,3 escalated threat- en incidentonderzoeken uit, oefent geavanceerde persistente dreigingsanalyses en besteedt 3 speciale ‘deep dive’-trainingsdagen aan Threat Intelligence, Threat Hunting en Incident Response-onderzoeken. De cursus behandelt actieve verdedigingsconcepten en geavanceerde praktische technieken en hulpmiddelen die u helpen bij het prioriteren van onderzoeken, het verbeteren van de zichtbaarheid van detectie en het bewaken van de beveiliging. 

 

Doelgroep

 

Enterprise SOC-Teams, Managed Service en MDR-providers die een baseline willen zetten voor hun dreigingsanalisten.

SOC-analisten, MDR-analisten, dreigingsanalisten, ontwikkelaars van bedreigingsinhoud, beveiligingsadviseurs, incidentresponders, beveiligingsingenieurs en -architecten, rode teams die paars worden.

 

Dit is een vervolgopleiding en niet geschikt voor beginnende SOC-analisten. Als je op zoek bent naar een instapcursus, raden we je aan om de Associate SOC Analyst Training te bekijken

 

Voorkennis

 

Associate SOC Analyst

IT-Security Practitioner

Veel ervaring in de rollen genoemd bij het kopje doelgroep

Cursusmateriaal

 

U ontvangt bij aanvang van de cursus het officiële cursusmateriaal van SECO-Institute. Het cursusmateriaal is Engelstalig en de voertaal tijdens de opleiding is ook Engels.

 

Bij de cursus zit het volgende inbegrepen:

 

Het SECO-Institute cursusmateriaal

Het SECO-Institute online IT-Security Expert/SOC examen

1 jaar SECO-Membership

 

Cursusmodules

 

Day 1 – From Mindset to Toolset

Module 1 – Setting the Stage: The SOC and the Threat Analyst

1.1. SOC Services evolution to MDR and the impact on the Threat Analyst role (Cloud, On-prem & Strategic SOC)

1.2. MDR Service Operations (ITIL Service Management, Threat Modelling, Threat Analysis, Threat Hunting, Threat Intelligence, Create and improve security monitoring and threat detection use cases, conduct blind spot detection assessments, automate SOC processes, respond rapidly to incidents.)

1.3. Business (New Drivers, Customers, New governance, New privacy regulation, SOC Metrics.)

1.4. People (New roles and hierarchy, Training, Knowledge Management, SOC Career progression, Assessing the SOC team.)

 

Module 2 – Key toolset of the Threat Analyst: Introduction to SECO’s Virtual SOC

2.1. ITSM and CMDB (Hands on)

2.2. SOC Ticketing System (Hands on)

2.3. SIEM (Hands on)

2.4. Threat Intelligence platform (Hands on)

2.5. Packet capture and analysis

2.6. Automation tools

2.7. Incident Response tool

2.8. Security Automation tool and scripts

 

Day 2 – Set the stage & Next level Threat Analysis

Module 3 – Infrastructure Modelling, Risk Analysis, Blind spot detection

3.1. Network Modelling, Asset Modelling, Risk Analysis (Hands- on)

3.2. Logging, Log sources, Log ingestion (Hands- on)

3.3. Blind Spot Detection Assessment (Hands- on)

3.4. ITSM and defining SOC Services conform ITIL (Hands-on)

 

Module 4 – Attacker Tactics and Techniques in- depth

4.1. MITRE ATTACK&CK Framework (Hands-on)

4.2. MITRE ATTACK&CK Navigator (Hands-on)

4.3. Cyber Kill Chain (Hands-on)

 

Module 5 – Advanced Threat Analysis

5.1. Splunk and Elastic SIEM (Hands – on)

5.2. Threat Analysis , correlation and Attack Techniques (Hands – on)

5.3. Alerting, Reporting, Dashboarding and Escalating (Hands – on)

 

Day 3 – Adding some Intelligence to the Flavor

Module 6 – Threat Intelligence & Detection use cases

6.1. MITRE ATTACK&CK applied to monitoring, detection and threat intelligence

6.2. Security Monitoring and Threat Detection Use Cases (Hands-on) (Security Monitoring, Threat Detection, Use Case Development, MaGMA UCF.)

6.3. SIGMA Rules (Hands-on)

6.4. Threat Intelligence (Hands-on) (Types, Protocols, Standards, Feeds, Platforms, STIX/TAXII/OpenIoC.)

6.5. Threat Intelligence on the Dark Web (Hands-on)

 

Frameworks, best practices for this module (Hands-on) (CSAN Threat Actors, Threat intelligence protocols and standards, Pyramid of Pain and TTP’s, Cyber Kill Chain versus MITRE ATT&CK, OODA loop Diamond model of intrusion analysis, Chatham House Rule, MaGMa and MaGMa UCF Tool, MISP, NIST NICE.)

 

Day 4 – Hunt like a Ninja, Defend like a Samurai

Module 7 – Threat Hunting and Defense

7.1. Pyramid of Pain (Hands-on)

7.2. TTPs (Hands-on)

7.3. Threat Hunting Methodologies (Hands-on) (Cyber Threat Hunting Framework, TaHiTI, The Hunting Loop)

7.4. The Hunt Matrix (Hands-on)

7.5. The Defense Chain

7.6. Detection Feedback

7.7. Advanced Persistence Defense

7.8. Snort/Zeek Rules (Hands-on)

 

Frameworks, best practices for this module (Hands-on) (CSAN Threat Actors, Threat intelligence protocols and standards, Pyramid of Pain and TTP’s, Cyber Kill Chain versus MITRE ATT&CK, OODA loop Diamond model of intrusion analysis, Chatham House Rule, MaGMa and MaGMa UCF Tool, MISP, NIST NICE.)

 

Day 5 – Department of Escalated Affairs

Module 8 – Incident Response

8.1. Preparation Phase (Hands-on) (Policies, IR Plan, IR procedures, Playbooks)

8.2. Identification/Detection(Hands-on) (Memory Analysis, Disk Analysis, Malware Analysis (YARA), Network Analysis)

8.3. Containment (Systems, Network, Users, Services, Cloud)

8.4. Eradication (Systems, Network, Users, Services, Cloud)

8.5. Recovery (Systems, Data)

8.6. Lessons Learned (Hands-on)

8.7. Dissemination and Security Awareness

 

Collect your badge of honor

Exam

1. Homework assignment in CTF format

 

The hands-on section on the last day of training prepares you for a complex, hands on homework assignment in a Capture the Flag format that will be part of your exam and certification. You must finalize your assignment before you can schedule your exam.

 

2. Exam

 

Language: English

Delivered: Online via a certified proctor

Questions: 40 multiple choice (5 questions related to your CTF homework assignment)

Time: 60 minutes