<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=325921436538399&amp;ev=PageView&amp;noscript=1">
Skip to the main content.
Contact Us Join our Discord
Contact Us Join our Discord
Facebook Instagram Linkedin X YouTube Medium

SOC100-3

DEFEND

The Why Behind the SOC100 Course Series

Many students still find Level Effect after spending tens of thousands on entry-level bootcamps or live training vendors with not a lot to show for, or getting lost in a sea of 20-30 hour high-level courses that were never designed to connect to one another.

Let's change that - together with SOC100:

  1. You invest, We invest. The course is pay-what-you-can with an affordable minimum pricing. Additionally, what ever you pay we'll credit toward CDA or any one of our other courses after completion. 

  2. It's taught by many top professionals in the field and features over 20 modules, 400+ hours of content, and 180+ labs, all instructed live and available on-demand afterward

  3. Go from opening an app to removing malware and using a SIEM, to working in a Virtual SOC as a Tier 1 Cybersecurity Analyst

  4. It readies you for Intermediate training by starting you in Detection Engineering, DFIR, and more

  5. It offers experience to put on your resume as a Community SOC Analyst helping others just like you

Let's make an impact.

Course Description

Welcome to "SOC100-3: Defend".

You've learned how to triage Tier 1 incidents in SOC100-2, now it's time to get to work in your own Virtual SOC! You'll choose your incidents to respond to and triage. You'll then need to validate your findings in order to complete the course.

Completing this course requires complete practical ability. No multiple choice guesswork or test-taking ability. You need to be able to do the work. Upon completion you will be rewarded with the SOC100-3 certification!

🔴 NOTE - This is Course 3 of the SOC100 Course Series here! If you want a visual you can check out the flowchart roadmap here.

SOC100-3 will be streamed on our Twitch channel here: https://www.twitch.tv/leveleffect

SOC100-3 44 Badge Transp

 

Tier 1 Triage

  • Be able to independently triage SOC Analyst Tier 1 difficulty tickets inside of a Virtual SOC Environment.
  • That's it. Prove you can do it!

This course has full on-demand content that will also be instructed live fully the first time. Review the Stream Schedule above for timing.

The stream recordings will then be added in as recordings to the course content where the course will remain completely on-demand after that.

The on-demand content will consist of:

  • Video lectures and labs

  • Quizzes and challenges

  • Portfolio projects to build of your own

  • Industry speakers & CDA Alumni

PRE-REQUISITES

  • SOC Analyst Tier 1 Triage: Be able to respond to and remediate malicious incidents identifying persistence, process, and network related IOCs.

  • SOC100-1 and 2: You will have completed these or have similar experience.

 

SOC100 students have access to an exclusive Discord help channel.

  • Help is provided during business hours.

  • You will find access to the channel within the SOC100 series of courses.

  • You will receive help from the Level Effect team as well as Community Analysts (see the next tab for more information on this).

Education is not enough. Our students can gain resume volunteer experience as per below and we will provide what you add on your resume:

  1. SOC100 students can submit a form within the course to be Community Jr. SOC Analysts

  2. CDA Students can submit a form to be Community SOC Analysts, and Community Malware & Challenge Developers

The expectations are as follows:

  1. Community Jr. SOC Analysts are expected to help other SOC100 students in the Discord support channel get through the SOC100 series of content

  2. Community SOC Analysts are expected to help SOC100 and CDA Students get through content

  3. Community Malware & Challenge Developers are expected to contribute to our community GitHub

 

Pay what you can (PWYC) with a "You Invest, We Invest" model.

  • Minimum $59.

  • Suggested $89.

  • What you pay we'll credit toward our CDA course or one other course of your choice.

  • Owned forever after purchase, including updates.

  • 50 lab hours are included in the purchase.

  • Additional lab time is $0.20 - $0.40 per hour and can be used on any courses you own in our platform.

0

DFIR Incidents*

0

Weeks+

0

Hours+

Curriculum

SOC100-3 consists of individual DFIR incidents in your own Virtual SOC to triage through per the competencies below. The course will release with several with more added monthly until we get to a minimum of 12.

UP TO BUT NOT LIMITED TO:

  • PCAP Analysis
  • Protocol & Protocol Analysis
  • Protocol Metadata
  • Common Anomalous Protocol Activity
  • Outlier Identification
  • IP, Domain, DNS, TLD
  • Captured Objects & Attachments
  • HTTP/TCP Streams

UP TO BUT NOT LIMITED TO:

  • RFP Headers
  • Custom Headers
  • Integrity & Trust
  • SPF, DKIM, DMARC
  • Forwarding
  • Body
  • Embeds
  • Encoding
  • Attachments
  • URL & Parameter

UP TO BUT NOT LIMITED TO:

  • Persistence
    • Registry
    • Tasks
    • Scripts
    • Autoruns
    • Services
  • Process
    • Creation
    • Runtime
    • Termination
    • Dependencies
    • Operations
    • Read/Write
  • Network
    • Egress & Ingress
    • Listening & Established, etc.
    • DNS, Hosts

UP TO BUT NOT LIMITED TO:

  • Strings
  • Signatures
  • Hashes
  • API Calls
  • Runtime Operations
  • Threads, DLLs
  • File Headers & Metadata

Note - we do not get into code, or assembly at this level as that is much more advanced.

UP TO BUT NOT LIMITED TO:

  • Logs
  • Events
  • Codes
  • Actions
  • Queries
  • Arguments
  • Patterns
  • Parameters

Note - we use ELK as a SIEM for you.

UP TO BUT NOT LIMITED TO:

  • OSINT
  • TTPs
  • IOC
  • IOA
  • Attack Lifecycle
  • Threat Modelling
  • Report Writing
  • Requirements & Validation

 

 

DFIR Scenarios

Choose from a list of individual DFIR scenarios to generate alerts and data for you to begin your hunt.

CleanShot 2025-02-13 at 12.17.54@2x
 

Review the Alert

Investigate the incident, determine the extent of the threat, document a timeline and prepare your findings for validation.

CleanShot 2025-02-13 at 13.45.16@2x
 

Findings Validation & Report Reviews

Working in the Virtual SOC provides you with experience similar to working in the field, with an interface and environment of enriched data you'd see in a SOC/SOAR and challenging Tier 1 difficulty tickets.

You'll also be able to submit your reports for evaluation inside the VSOC itself as a feature coming soon.

Note - In the meantime you will submit your IOC findings individually for validation of your work.

CleanShot 2025-02-13 at 12.18.25@2x

Why the SOC100 Course Series?

From Basics to Breaches 

Go from opening up a browser to hunting down malware while learning all relevant IT skills along the way, with no need to stitch together different content and courses to accomplish this.

Senior Instructors, Proven Track Record, Community

You have more than one top experienced professional teaching you here, and a Discord community where you can reach them directly for support. Level Effect has also been doing this for 4 years now - check out our testimonials.

SOC Training & 5 Technical Certifications

Gain experience in a virtualized Security Operations Center (SOC) environment triage incidents just like on the job, and complete 5 challenging certifications.

Pay What You Can for "Content" not Marketing

We're tired of overpriced content & bootcamps where you're paying for their marketing budget, and we bet that you are, too. This is our effort to put out a solid course with far better value, that shouldn't break your bank.

Lifelong Access & Experience

Once you own the content, you own it forever! This includes the updates we'll make to this course. The best part is once you learn the material, you can ask to help others and put various roles on your resume as Community SOC Analyst, or Malware Developer, and more.

Ready for Intermediate & Advanced

The future of Cybersecurity at a technical level is Engineering. Develop your Tier 1 Analyst skills here to get going, as well as advanced foundations to get started on the needs of what's to come.

John Hammond's Thoughts

This is what John Hammond had to say about our Cyber Defense Analyst Program in its first iteration.

And guess what? It's only gotten better.

 

Sandra - Tech & Lifestyle's Review

Sandra's reviewed a lot of training programs... hear what she has to say about our real SOC experience.

 

Hear From the Co-Founders How We Started

Learn about the origin story of Level Effect, why we made our original Cyber Defense Analyst program, and the problems we aimed to solve in the cybersecurity training landscape.

 

 

FAQ