BHIS SOCC Notes Overview
Introduction
Class: SOC Core Skills w/ John Strand – Antisyphon Training
Lab setup: John Strand Training Lab – Download Instructions – Antisyphon Training
First, this course was great; tons of great information, the brightest brains ripe for picking, an active live-chat with good conversation and exchange of information, and an infectiously energetic atmosphere. I registered for the live, Pay What You Can edition of this course, was able to attend all 4 days live and perform all the labs during the training. I'm sharing my notes (cleaned up and revisited so I don't accidentally share any of their copyrighted material) in hope that it helps someone out who's just getting started.
If you can, I highly recommend you check out and attend their courses; this was a Pay What You Can course, and many of students took it for free. They also offer On Demand training if you're on a schedule, and Live Courses (that are note pay what you can), that cover a broader, more advanced range of topics.
Since the course was taught over 4 days from a 200-page slide deck, I'm going to organize my notes in order of instruction and general topic; as I explore and expand the notes, they may get broken off into their own tool deep-dives and linked back in previews (like tcpdump).
Side topics (like Job Hunting) will get their own out-of-order page in the main folder.
Navigation
Some of the links below will appear a little darker; that's because I'm still reviewing those notes for editing and additional context, and will come online as I clean them up.
- 00-BHIS-SOCC-lab-Config
- SOCC01 - Networking and PCAPs
- SOCC02 - Linux
- SOCC03 - Windows Endpoint Management
- SOCC04 - Server Log Analysis
- SOCC05 - Memory Forensics
- SOCC06 - Egress Traffic Analysis
- SOCC07 - User and Entity Behavior Analytics
- SOCC08 - Endpoint Protection
- SOCC09 - Vulnerability Management
- SOCC10 - Security in SDLC