SOC Analyst Job Role Path 🛡️🔍

Welcome to the SOC Analyst Job Role Path! This path is designed for newcomers to information security who aspire to become professional SOC analysts. It covers core concepts of security monitoring and analysis, and provides an in-depth understanding of specialized tools, attack tactics, and methodologies used by adversaries. Through a combination of theoretical knowledge and practical exercises, students will learn to navigate all stages of security analysis, from traffic analysis and SIEM monitoring to DFIR activities and reporting. By the end of this path, you will have the skills and mindset necessary to monitor enterprise-level infrastructure and detect intrusions at an intermediate level.

Prerequisite: The SOC Analyst Prerequisites skill path is recommended before starting this path.

Modules Overview 📚

Incident Handling Process 🛠️🔒

Difficulty: Fundamental
Sections: 9
Points: +10
Learn to handle security incidents from the early detection stage to response.

Security Monitoring & SIEM Fundamentals 🖥️📊

Difficulty: Easy
Sections: 11
Points: +20
Get a comprehensive overview of SIEM and the Elastic Stack, including practical skills in developing SIEM use cases.

Windows Event Logs & Finding Evil 🪟🕵️

Difficulty: Medium
Sections: 6
Points: +20
Explore the anatomy of Windows Event Logs and learn to detect malicious behavior using Sysmon and Event Logs.

Introduction to Threat Hunting & Hunting With Elastic 🔍🧩

Difficulty: Medium
Sections: 6
Points: +20
Understand threat hunting fundamentals and practice threat hunting using the Elastic stack with real-world logs.

Understanding Log Sources & Investigating with Splunk 🔍🗃️

Difficulty: Medium
Sections: 6
Points: +20
Learn to use Splunk for security monitoring and incident investigation, developing effective SPL searches.

Windows Attacks & Defense 🛡️🚪

Difficulty: Medium
Sections: 16
Points: +20
Walk through common attacks against Active Directory and learn prevention and detection methods.

Intro to Network Traffic Analysis 🌐🔍

Difficulty: Medium
Sections: 15
Points: +10
Monitor network activity for anomalies indicating security issues, useful for both offensive and defensive security.

Intermediate Network Traffic Analysis 🌐🔬

Difficulty: Easy
Sections: 18
Points: +20
Detect link layer attacks, network abnormalities, and application layer threats through advanced traffic analysis.

Working with IDS/IPS 🛡️📈

Difficulty: Medium
Sections: 11
Points: +20
Dive into rule development and intrusion detection using Suricata, Snort, and Zeek with hands-on examples.

Introduction to Malware Analysis 🦠🔍

Difficulty: Hard
Sections: 9
Points: +20
Analyze malware targeting Windows, using tools for static and dynamic analysis, and reverse engineering.

JavaScript Deobfuscation 📜🔍

Difficulty: Easy
Sections: 11
Points: +10
Learn the fundamentals of JavaScript Deobfuscation to understand and deobfuscate basic JavaScript code.

YARA & Sigma for SOC Analysts 🛡️🔎

Difficulty: Easy
Sections: 11
Points: +20
Create and apply YARA and Sigma rules for threat hunting in real-world scenarios.

Introduction to Digital Forensics 🕵️💻

Difficulty: Medium
Sections: 8
Points: +20
Gain mastery over digital forensic tools and techniques for memory forensics, disk image analysis, and more.

Detecting Windows Attacks with Splunk 🖥️🔍

Difficulty: Medium
Sections: 23
Points: +20
Identify Windows and Active Directory attacks using Windows Event Logs and Zeek network logs in Splunk.

Security Incident Reporting 📝🔐

Difficulty: Easy
Sections: 5
Points: +10
Learn to document security incidents accurately and professionally, with a focus on creating robust incident reports.

Get Started Today! 🚀

Embark on your journey to become a professional SOC analyst. Each module is carefully designed to build your skills progressively, ensuring you gain both theoretical knowledge and practical experience. Happy learning and good luck on your path to mastering SOC analysis! 🌟

9QIX / HTB-SOCAnalyst