SOC Level 2
- 3 Days Course
- Language: English
Introduction:
Security Operations (SOC) 201 is an advanced course designed to elevate your ability to detect, investigate, and respond to complex cyber threats at scale. Building on the foundational skills from SOC 101, this course focuses on developing an effective investigative methodology and mastering the responsibilities of an Incident Responder or Threat Hunter.
Through hands-on labs and realistic scenarios, you’ll investigate sophisticated threats across enterprise environments, applying advanced techniques aligned with the MITRE ATT&CK framework. The curriculum emphasizes proactive threat hunting as part of a continuous detection and response cycle, helping analysts identify active threats, uncover security gaps, and improve future investigations.
By the end of the course, you’ll be equipped with the mindset, tools, and methodologies needed to confidently investigate incidents, trace root causes, and respond effectively to advanced adversaries.
This course includes an Exam Vouchers for TCM Security’s Practical SOC Analyst Professional (PSAP) certification – Launching September 2025. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date or certification release date.
Objectives:
Develop a robust and reliable investigator’s mindset to approach incidents methodically
Learn industry-standard methodologies and tools for detecting, hunting, and responding to cyber threats across enterprise environments
Gain experience performing incident response and threat hunting at scale
Learn to investigate and identify advanced adversary tactics following the MITRE ATT&CK framework, including execution artifacts, lateral movement, credential theft, living off the land techniques, persistence, defense evasion, command and control, and many more
Learn to perform effective attack timeline analysis, and guide effective incident response and remediation efforts
Investigate the root cause of security incidents by uncovering the entry point
Course Outline:
Day 1:
- Understanding the modern adversary
- Introduction to incident response
- Incident decision making
- Introduction to threat hunting
- Threat hunting teams, data sources, and maturity models
- Cyber threat intelligence
- Exploring the MITRE ATT&CK Navigator
- Structured and unstructured threat hunting
- Data transformation techniques
- Data transformation in the command-line, PowerShell, and Splunk
- Searching, aggregations, statistics, and visualizations
Day 2:
- Understanding and categorizing anomalies
- Masquerading
- Ambiguous identifiers
- Frequency and volume anomalies
- Temporal anomalies
- Location and environmental anomalies
- Structure and format anomalies
- Absence and suppression anomalies
- Entropy analysis
- Dissecting threat reports
- Threat hunting lab
- Tracing an attack chain
- Hunting execution
- Hunting malicious process trees
- Hunting persistence
- Hunting defense evasion
- Hunting command and control
- Hunting lateral movement
Day 3:
- Collection at scale
- Collection with WMI
- PowerShell 101
- PowerShell remoting
- Remote collection frameworks
- Triage artifact collection with KAPE
- Incident response with Velociraptor
- Windows memory structures
- The Volatility framework
- Process analysis
- Command line analysis
- Network analysis
- Registry analysis
Enroll in this course
$2,708.74