Security Operations & Monitoring

Learn how to configure and utilise tooling to ensure that suspicious activity is quickly identified and dealt within your environment.

Defenders use a variety of tools that make up the security stack such as Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) tools. Defenders need to know how to configure these tools properly and utilise them to gain visibility and identify anomalous activity in their network. This module will explore these different tools used to monitor and detect threats on the network and endpoints.

Core Windows Processes

Explore the core processes within a Windows operating system and understand what normal behaviour is. This foundational knowledge will help you identify malicious processes running on an endpoint!

Sysinternals

Learn to use the Sysinternals tools to analyze Windows systems or applications.

Windows Event Logs

Introduction to Windows Event Logs and the tools to query them.

Sysmon

Learn how to utilize Sysmon to monitor and log your endpoints and environments.

Osquery: The Basics

Let's cover the basics of Osquery.

Splunk: Basics

Learn the basics of Splunk.

Splunk 2

Part of the Blue Primer series. This room is based on version 2 of the Boss of the SOC (BOTS) competition by Splunk.

Need to know

Network Exploitation Basics

Understand, enumerate and attack various networking services in real-world environments.

Threat and Vulnerability Management

Identify how attackers are developing their techniques to use in your defensive strategy.

Next steps

Threat Emulation

The best way to understand how attackers work is to get hands-on experience with their techniques.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).