From Basics to Breaches
Go from opening up a browser to hunting down malware while learning all relevant IT skills along the way, with no need to stitch together different content and courses to accomplish this.
SOC100-2
TRAIN
The Why Behind the SOC100 Course Series
Many students still find Level Effect after spending tens of thousands on entry-level bootcamps or live training vendors with not a lot to show for, or getting lost in a sea of 20-30 hour high-level courses that were never designed to connect to one another.
Let's change that - together with SOC100:
-
You invest, We invest. The course is pay-what-you-can with an affordable minimum pricing. Additionally, what ever you pay we'll credit toward CDA or any one of our other courses after completion.
-
It's taught by many top professionals in the field and features over 20 modules, 400+ hours of content, and 180+ labs, all instructed live and available on-demand afterward
-
Go from opening an app to removing malware and using a SIEM, to working in a Virtual SOC as a Tier 1 Cybersecurity Analyst
-
It readies you for Intermediate training by starting you in Detection Engineering, DFIR, and more
-
It offers experience to put on your resume as a Community SOC Analyst helping others just like you
Let's make an impact.
Course Description
Welcome to "SOC100-2: Train". You've learned how things work in SOC100-1. Now learn to secure them. In this course you will develop the competencies required to perform SOC Tier 1 Analyst triage and incident response tasks.
You will perform log analytics within a SIEM, triage compromised Windows endpoints, inspect malicious emails, learn how to write technical reports, and understand the supporting governance, risk, and compliance aspects to these competencies. You will also learn how to research, and analyze cyber threat intelligence to enrich and enhance your effectiveness. Finally, you will assemble a malware analysis lab of your own to continue applying yourself.
This course prepares you for the SOC100-2 certification and comes with three attempts for it.
🔴 NOTE - This is Course 2 of the SOC100 Course Series here! If you want a visual you can check out the flowchart roadmap here.
SOC100-2 will be streamed on our Twitch channel here: https://www.twitch.tv/leveleffect
Understand the Cybersecurity Landscape:
- Gain insights into the structure and dynamics of the cybersecurity industry, including key roles, emerging trends, and prevalent threat actors.
Implement Governance, Risk, and Compliance (GRC) Practices:
- Develop and apply GRC frameworks to ensure organizational adherence to security policies, regulatory requirements, and effective risk management strategies.
Apply Cryptographic Techniques:
- Comprehend and utilize various cryptographic methods, including hashing, encoding, and both symmetric and asymmetric encryption, to safeguard data integrity and confidentiality.
Triage Compromised Windows Endpoints:
- Perform thorough analysis of malware behavior and persistence mechanisms within Windows environments to identify and neutralize malicious software.
Triage Malspam:
- Analyze email headers and authentication protocols to detect and mitigate phishing attempts and other email-based threats.
Perform Log and Event Analysis Using a SIEM:
- Utilize Security Information and Event Management (SIEM) tools to collect, analyze, and interpret logs from diverse sources, facilitating effective incident detection and response.
Develop Cyber Threat Intelligence (CTI):
- Gather, analyze, and disseminate threat intelligence to anticipate and counteract cyber threats, employing frameworks like the MITRE ATT&CK.
Produce Comprehensive Technical Reports:
- Craft clear and concise reports that effectively communicate technical findings to stakeholders, ensuring accurate documentation of security incidents and analyses.
Build a Home Malware Analysis Lab:
- Set up and operate a personal malware analysis lab to practice and refine skills in a controlled environment, supporting continuous learning and professional development.
This course has full on-demand content that will also be instructed live fully the first time. Review the Stream Schedule above for timing.
The stream recordings will then be added in as recordings to the course content where the course will remain completely on-demand after that.
The on-demand content will consist of:
-
Video lectures and labs
-
Quizzes and challenges
-
Portfolio projects to build of your own
-
Industry speakers & CDA Alumni
PRE-REQUISITES
-
Willingness to Learn: Strong interest and commitment to learning cybersecurity concepts and practices.
-
Basic Computer Skills: Understanding of fundamental computer and how to open up a browser.
- SOC100-1: Ideally you will have completed or at least have the experience in SOC100-1.
WHO IS THIS FOR?
-
Complete newcomers looking to get started in IT and Cybersecurity with a clear roadmap.
-
Those with some experience looking to develop entry-level Cybersecurity or Security Engineering skill sets i.e. malware analysis, log analytics, detection engineering, etc. for further training or experience.
-
Current Cybersecurity professionals in the field looking to strengthen their foundations or undertake some additional experience.
-
Managers or those in positions supportive or adjacent to IT that wish to be more knowledgeable about this area or contribute more.
SOC100 students have access to an exclusive Discord help channel.
-
Help is provided during business hours.
-
You will find access to the channel within the SOC100 series of courses.
-
You will receive help from the Level Effect team as well as Community Analysts (see the next tab for more information on this).
Education is not enough. Our students can gain resume volunteer experience as per below and we will provide what you add on your resume:
-
SOC100 students can submit a form within the course to be Community Jr. SOC Analysts
-
CDA Students can submit a form to be Community SOC Analysts, and Community Malware & Challenge Developers
The expectations are as follows:
-
Community Jr. SOC Analysts are expected to help other SOC100 students in the Discord support channel get through the SOC100 series of content
-
Community SOC Analysts are expected to help SOC100 and CDA Students get through content
-
Community Malware & Challenge Developers are expected to contribute to our community GitHub
Pay what you can (PWYC) with a "You Invest, We Invest" model.
-
Minimum $19.
-
Suggested $29.
-
What you pay we'll credit toward our CDA course or one other course of your choice.
-
Owned forever after purchase, including updates.
-
50 lab hours are included in the purchase.
-
Additional lab time is $0.20 - $0.40 per hour and can be used on any courses you own in our platform.
0
Units
0
Hands On Labs
0
Weeks+
0
Hours+
Curriculum
SOC100-2 provides both soft and technical skill development. We've organized the tab sections below to group each content as such.
The order displayed below is NOT chronological however.
You can check out the full curriculum clicking here.
SUMMARY
This module provides an overview of the cybersecurity sector, exploring its evolution, current landscape, and future directions. Topics include the CIA Triad, Defense in Depth strategies, Identity and Access Management (IAM), Zero Trust principles, and cyber hygiene practices.
You'll also examine various threat actors, including nation-state adversaries, and understand the threat vectors they exploit.
LECTURES
- Contexts of Security
- Security Controls
- CIA Triad and Defense in Depth
- IAM Zero Trust and Cyber Hygiene
- Cyber Threats and Nation State Threat Actors
- Threat Actors Continued
- Threat Vectors
- Module Quiz
SUMMARY
Delve into the principles of GRC, focusing on how organizations manage cyber risks and ensure compliance with legal and regulatory standards. The module covers asset, configuration, patch, and vulnerability management, along with practical labs on cyber risk assessments and system hardening using CIS Benchmarks.
A culminating challenge involves completing a comprehensive risk assessment for a hypothetical company.
LECTURES
- Cyber Risk
- Governance
- Risk
- Compliance
- Asset Management
- Configuration Management
- Patch Management
- Vulnerability Management
- Vulnerability Scanning
- Vulnerability Triage
LABS
- Lab: Cyber Risk & Maturity Assessments
- Lab: Windows Server Hardening with CIS Benchmarks
- Challenge: Complete Goodcorp's Risk Assessment
SUMMARY
Explore the fundamentals of cryptography, including hashing, encoding, and encryption techniques. Through hands-on labs, you'll practice implementing ciphers, symmetric and asymmetric encryption, and digital signatures.
The module emphasizes practical applications, such as using tools like CyberChef, and includes a challenge to encrypt a message for the community.
LECTURES
- What is Cryptography?
- Hashing, Encoding, Symmetric & Asymmetric Encryption
LABS
- Lab: Hashing and Encoding
- Lab: Ciphers and Symmetric Encryption
- Lab: Asymmetric Encryption
- Lab: Digital Signatures & Certificates Resume
- Lab: Cooking with the Cyberchef
- Challenge: Encrypt a Message to the Community!
SUMMARY
Develop the skills necessary for effective technical communication in cybersecurity. The module covers the essentials of technical writing, structuring reports, and conveying complex technical findings to diverse audiences.
Labs provide practice in drafting reports, with challenges focused on documenting technical findings and malware analyses comprehensively.
LECTURES
- Technical Writing 101
- Reporting in Cybersecurity
- Communicating Technical Findings
- Common Mistakes Made
LABS
- Lab: Your First Report
- Lab: Your Second Report
- Challenge: Writing up a Technical Finding
- Challenge: Malware Analysis Report
SUMMARY
Gain expertise in analyzing Windows processes, threads, and memory management. Labs focus on using tools like Process Explorer, understanding multi-threaded applications, and navigating the Windows Registry.
You'll study malware persistence mechanisms and conduct process and network analyses to identify and mitigate malicious activities. Challenges involve investigating compromised hosts to apply your skills in real-world scenarios.
LECTURES
- Processes, Threads, and Virtual Memory
- Birth and Lifecycle of a Process
- EXEs, DLLs, and Threads
- Registry Structure
- Windows Architectures and Key Components
- Operating System Security Measures
LABS
- Lab: Task Manager vs Process Explorer
- Lab: Multi-threaded Applications
- Lab: Windows Registry
- Lab: Windows Security
- Lab: Malware Persistence Analysis: The Autorunner
- Lab: Malware Process Analysis: Process Me If You Can
- Lab: Malware Network Analysis: Nettin But Time
- Challenge: Compromised Host 1
- Challenge: Compromised Host 2
- Challenge: Compromised Host 3
SUMMARY
This module addresses the intricacies of email systems and the security challenges they present. You'll learn about SMTP protocols, email header analysis, and various types of phishing attacks. Labs provide experience in inspecting URLs, understanding authentication headers like SPF, DKIM, and DMARC, and conducting comprehensive email analyses.
Challenges test your ability to analyze and respond to email security incidents.
LECTURES
- Phishing by the Numbers
- SMTP Transfer Systems in Action
- Crash Course in SMTP
- SMTP & Email Security
- Email Header Analysis
- Types of Phishing
- Phishing Containment and Response
LABS
- Lab: Headers: From, Reply-To, and Originating-From
- Lab: URL Inspection
- Lab: Authentication Headers: SPF, DKIM, & DMARC
- Lab: Email Analysis in Practice
- Lab: PowerShell Refresher
- Lab: Becoming the Master Chef
- Challenge: Email Security Analysis 1
- Challenge: Email Security Analysis 2
- Challenge: Email Security Analysis 3
SUMMARY
Learn to collect and analyze logs from Windows and Linux systems using SIEM tools. The module introduces the ELK stack and teaches you to craft queries for effective data analysis.
Labs include investigating security events, utilizing intrusion detection tools like YARA, and conducting comprehensive log analyses to detect malicious activities.
LECTURES
- Logs and Sources
- SIEM and SOAR
LABS
- Lab: Windows Event Logs
- Lab: Linux Logs
- Lab: Intro to ELK and Queries
- Lab: ELK Investigation
- Lab: Intrusion Detection with YARA
- Challenge: Malicious Log Activity 1
- Challenge: Malicious Log Activity 2
- Challenge: All Seeing Yara
SUMMARY
Understand the role of CTI in cybersecurity operations. Topics cover the CTI lifecycle, types and sources of intelligence, and frameworks like the MITRE ATT&CK.
Through labs, you'll analyze industry breach reports, assess threat actor tactics, techniques, and procedures (TTPs), and apply models such as the Cyber Kill Chain and the Diamond Model to real-world scenarios.
LECTURES
- Cyber Threat Intelligence (CTI)
- CTI Types and Sources
- CTI Lifecycle and MITRE ATT&CK
LABS
- Lab: Industry Breach Reports with Verizon DBIR
- Lab: Threat Actor Report Analysis
- Lab: Threat Actor TTPs with MITRE ATT&CK
- Lab: Cyber Kill Chain, Pyramid of Pain, Diamond Model
- Challenge: Intelligence on Indicators of Compromise
SUMMARY
Build upon your existing home lab by integrating malware analysis capabilities. You'll learn about neutered and defanged malware, set up log shipping, and configure the ELK stack for monitoring. Labs involve testing lab functionality and simulating attacks to practice detection and analysis. Mandatory challenges require you to hunt for malware and produce detailed analysis reports, reinforcing your practical skills.
LECTURES
- Upgrading a Home Lab
- What is a Malware Lab?
- Neutered and Defanged Malware
LABS
- Lab: Log Shipping
- Lab: Setting up ELK
- Lab: Testing Functionality
- Lab: Attacking Your Home Lab
- Mandatory Challenge: Hunt!
- Mandatory Challenge: Post a Malware Analysis Report
Why the SOC100 Course Series?
Senior Instructors, Proven Track Record, Community
You have more than one top experienced professional teaching you here, and a Discord community where you can reach them directly for support. Level Effect has also been doing this for 4 years now - check out our testimonials.
SOC Training & 5 Technical Certifications
Gain experience in a virtualized Security Operations Center (SOC) environment triage incidents just like on the job, and complete 5 challenging certifications.
Pay What You Can for "Content" not Marketing
We're tired of overpriced content & bootcamps where you're paying for their marketing budget, and we bet that you are, too. This is our effort to put out a solid course with far better value, that shouldn't break your bank.
Lifelong Access & Experience
Once you own the content, you own it forever! This includes the updates we'll make to this course. The best part is once you learn the material, you can ask to help others and put various roles on your resume as Community SOC Analyst, or Malware Developer, and more.
Ready for Intermediate & Advanced
The future of Cybersecurity at a technical level is Engineering. Develop your Tier 1 Analyst skills here to get going, as well as advanced foundations to get started on the needs of what's to come.
John Hammond's Thoughts
This is what John Hammond had to say about our Cyber Defense Analyst Program in its first iteration.
And guess what? It's only gotten better.
Sandra - Tech & Lifestyle's Review
Sandra's reviewed a lot of training programs... hear what she has to say about our real SOC experience.
Hear From the Co-Founders How We Started
Learn about the origin story of Level Effect, why we made our original Cyber Defense Analyst program, and the problems we aimed to solve in the cybersecurity training landscape.
FAQ
-
Is it really pay what you can?
Yes.
And we'll credit you back what you pay for if you take future courses with us.
-
How do lab hours work?
All content will be provided with enough VM hours for a single pass. We've kept the cost for additional hours as low as possible and will be within the $0.20 - 0.40 range per hour.
Any lab hours you purchase can be used in any other course you own in our https://training.leveleffect.com platform.
-
What if I build my own lab?
The majority if not 90% or more is completely fine to do on your own home lab.
Some students that come through are more proficient or “tech-savvy” and want to set up a virtual machine to continue their learning. We'll do our best to help you troubleshoot things in Discord if you choose this but we do also expect you to be willing to troubleshoot what we suggest so that we can maintain our time and resources for the delivery of this course to everyone.
Inside SOC100, you’ll have access to essential steps to build out some home lab virtual machines to continue the work there.
NOTE: This is not a requirement to complete SOC100; instead, this is optional for those who wish to step outside of the curriculum with their learning. You can still complete SOC100 without a home lab virtual machine. -
Can I really add experience to my resume from this course?
Yes!
You can add all the SOC100 coursework as anything under Education and Training.
Afterwards you can add the following as Volunteer Experience:
- Community SOC Analyst
- Malware Developer
- Challenge Developer
- and more to come...
You can also add any of the "Challenge" topics in the coursework under your portfolio as Home Lab based, as they will start you off but have you finish them on your own to your liking. We strongly recommend grouping up on this part for networking and feeling what it's like to work in technical teams!
-
How will the Live Classes work?
Firstly, make sure to submit the Waitlist Form and provide your preferences for days and time for when you'd like the content to be instructed live.
If you want to see examples of what the classes might be like, click here to check out our Example Class section and more on our YouTube.
Live classes will be streamed on Twitch open to all to join. Questions can be asked live that can be answered right on the spot and we encourage it! Any further troubleshooting or deeper questions can be put inside our Discord where one of us will help you through it.
There is NO CAMERA for students, you will all be in the chat and it will be moderated.