SIT™ - SOC IMMERSION TRAINING™ (BootCamp Edition)

Course Metadata

Course Abbreviation: SIT

Course Length: 5 Days

Course Category: Intermediate

Price Per Student: FREE (Normal 5-day SIT pricing $5,250)

Training catalog: https://www.scribd.com/document/406726933/Obscurity-Labs-Training-Catalog-FY2019v1

Training website and Curriculum: https://train.obscuritylabs.com/courses/sit-soc-immersion-training  

Website: https://obscuritylabs.com

Course Details

Please PAY CLOSE attention to the details of this offering:

• Obscurity Labs is offering a free seat to the SIT-BC class starting on May 18, 2019
• You must be able to be at the venue on Saturday and Sunday to complete the course
• Please don't sign up if you can't make it 
• Seats will be chosen at random lottery style
• Winners will be emailed on May 11, 2019 to confirm their lottery selection for a free seat

Course Summary

SOC Immersion Training is a deep dive into Hunt Teaming & Intrusion Analysis. Actions taken by an adversary can be generally defined as a collection of TTPs and Tradecraft Core Concept (TCCs) to achieve specific objectives. SOC Immersion Training will deep dive into the analysis and detection of both threat actor TTPs and TCCs. This course will identify and explain the critical data points that drive the creation of the forensic artifacts necessary for analysis of TTPs & TCCs.

Course Core Objectives

SOC Immersion Training is designed for Intermediate level cybersecurity and/or hunt team analysts to increase their functional knowledge of analytical thinking & analysis concepts. By using demonstrated real-world attack methodologies in a step by step manner, SIT provides analysts with an in-depth understanding of how to analyze attack TTPs, and the ability to construct complex IOCs derived from environment-specific threats and constraints. SOC Immersion Training will accomplish these course goals by providing labs taught from an attack specific perspective, coupled with well-designed detection & analysis capabilities to produce forensic evidence from multiple emulated advanced adversary attacks.

SIT will teach you to:

• Layered Analysis Methodology
• Understand capabilities & analysis instead of any particular tool
• Understand and create hard Indicators of Compromise (IOCs) for detection
• Identify artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geolocation, file download, anti-forensics, and detailed system usage

Hands-on laboratory exercises:

• Windows 7,8,10
• Sharepoint, exchange, outlook
• Windows File Structures
• Application File Structures 
• Windows Registry Essentials
• ID Suspect Files
• Sensor Tunning 
• Memory Analysis 
• Infection Vectors
• Malware Behavior and Anti-Forensics
• Hard & Soft IOCs

Following tools will be used during this course

• SecurityOnion
• Sysinternals Suite
• OSSEC/Wazuh
• Winlogbeat
• Auditbeat
• Filebeat
• ELK
• Redline
• Memoryze
• Sysmon
• Netsnif-NG
• Bro
• Suricata
• Tcpdump

Course Differentiators 

• Cyber Range: Custom range with complete coverage into each of the key data points required to provide each student with access to a range representative of an enterprise security stack.
• Lab Driven: Course focused around labs, providing short blocks of instruction followed by instructor-led demonstrations.
• Tangible Metrics: Students will be able to decrease their mean time to detection and show improvements by determining the difference between their pre & post course statistics
• Personnel: Each course will be taught with an active Red Team and Blue Team SMEs