With the Mini course, students will obtain a better understanding of what a security operation centre is. From understanding the SOC workflow to frameworks & tools used, this is tailored for beginners and professionals who is looking to transition into cybersecurity specifically in the Security Operations domain.
Links
SecurityOnion: https://github.com/Security-Onion-Solutions/securityonion/blob/2.4/main/DOWNLOAD_AND_VERIFY_ISO.md
VirtualBox: https://www.virtualbox.org/wiki/Downloads
SecurityOnion How To PCAP: https://docs.securityonion.net/en/latest/pcap.html
PCAP Used in Lab: https://www.malware-traffic-analysis.net/2022/01/07/index.html
OSINT Tools
IP reputation/information
Objective to identify the potential usage for the ip address of interest.
Tools;
virustotal
abuseipdb
greynoise
ibm x force exchange
ipvoid
Cisco Talos
Domain reputation/information
Objective to identify the behavior and obtain metadata from domain of interest.
Tools;
virustotal
urlscan
URLvoid
ibm x force exchange
Cisco Talos
File Reputation
Objective to identify the characteristics and behavior from file of interest.
Tools;
virustotal
Any.run
Joe Sandbox
Hybrid Analysis
cisco talos
Threat Intelligence
Objective is attempt to reveal additional artifacts for additional pivot opportunities and to identify motives / action on objective during an investigation.
Tools;
virustotal
pulseDive
mitre att7ck
threat minor
misp
Robtex