WEEK 2

Security Monitoring

Data Sources, Network Attacks & Detection Techniques

Topics

0 / 12

Labs

0 / 8

Complete

0%

Monitoring Foundations

2.1

Attack Surfaces & Vulnerabilities

Compare attack surfaces, understand the vulnerability lifecycle, and SOC integration.

TOPIC 2.2

NSM Data Types

The NSM data pyramid: Alert, Statistical, Transaction, Session, and Full Packet data.

CREATE 2.3

Data Visibility Challenges

Six blind spots: Encryption, Cloud/SaaS, DoH/DoT, IoT, BYOD, and East-West traffic.

CREATE

Data Sources

2.4

tcpdump & NetFlow Data

Packet capture with tcpdump, flow analysis with NetFlow, when to use each.

TOPIC 2.5

Firewall Log Analysis

Reading firewall logs, identifying attack patterns, SOC response workflows.

TOPIC 2.6

Content Filtering Data

URL categories, proxy logs, web filtering policies and enforcement.

CREATE 2.7

Application Visibility & Control

Layer 7 inspection, DPI, application identification and risk assessment.

CREATE

Attack Types

2.8

Network Attacks & Detection

DoS, MITM, spoofing attacks with SOC detection signatures and response.

TOPIC 2.9

Web Application Attacks

XSS, SQLi, CSRF, command injection with OWASP context and log detection.

TOPIC 2.10

Social Engineering Attacks

Phishing, pretexting, baiting, and human-focused attack vectors.

LINK

Advanced Concepts

2.11

Evasion & Obfuscation

Encoding, tunneling, LOLBins, and how attackers hide their activity.

CREATE 2.12

Certificate Components

X.509 structure, PKI, certificate validation and common issues.

LINK

Hands-On Labs

Windows PowerShell

Essential PowerShell for security operations and automation.

30 min Script House

Windows Task Manager

Process monitoring, performance analysis, security triage.

30-45 min Local

Windows System Resources

Resource Monitor, Performance Monitor, PowerShell queries.

45-60 min Local

Linux Text Files (CLI)

Text processing with grep, sed, awk for log analysis.

30 min Script House

Linux Shell Basics

Essential Linux CLI navigation and command fundamentals.

45 min Script House

Linux Servers

Service management, port investigation, security hardening.

45-60 min Local

Locating Log Files

Linux log structure, journalctl, log analysis techniques.

45 min Script House

Linux Filesystem & Permissions

File permissions, ownership, and security implications.

30 min Script House

Week 2 Evaluation

Complete all topics and labs, then take the Week 2 assessment to test your knowledge.

Begin Evaluation
Week 1: SOC Foundations | CyberOps Home | Week 3: Host-Based Analysis