SOC Immersion Training (SIT)

SIT is designed for intermediate-level cybersecurity and hunt team analysts to increase their functional knowledge of analytical thinking and concepts. By using demonstrated real-world attack methodologies in a step-by-step manner, SIT provides analysts with an in-depth understanding of how to analyze attack TTPs and the ability to construct complex IOCs derived from environment-specific threats and constraints.

Enroll Now Contact Us

SIT Overview

In 2018 there were over 6,500 cyber incidents that resulted in the compromise of over 5 billion sensitive records, with the average cost of a single data breach at $3.9 million.

Malicious attacks were the root cause of almost 50% of these data breaches. Rather than focusing on “toolset mastery”, Obscurity Labs’ Security Operations Center (SOC) Immersion Training (SIT) aims to disrupt breach statistics by educating SOC analysts in critical analyst concepts and methodologies necessary to detect and respond to current real-world advanced persistent threat (APT) Tactics Techniques and Procedures (TTP) and Tradecraft Core Concepts (TCC). Instead of the traditional “lecture, followed by static lab” concept; SIT utilizes a unique training model with hands-on, live attack scenarios, performed by experienced Red Team Operators, to reinforce the SOC analyst’s understanding of lecture materials.

More Information

SIT Core Concepts

Executing a Layered Analysis Methodology

When analyzing an alert, it is important to follow a methodology that encourages analytical thought. This enables the SOC analyst to draw conclusions that transcends alerts generated by tools.
Creating Indicators of Compromise (IOC)

Understanding the difference between hard and soft IOC allows an analyst to make tactical assumptions. This enables the SOC analyst to reduce the “mean time to react” and improves their overall ability to detect and respond to malicious activity.
Identifying Artifact and Evidence Locations

SOC analysts must use multiple data sources to create high fidelity alerts, correlate events, and focus their analysis. This enables SOC analysts to improve processes, reduce triage timing, and identify detection gaps.

Course Curriculum

1
- Welcome & Team Introductions
- Tactics Tools & Techniques
- Layered Analysis Methodology
2
- Initial Access Overview
- HTML Application (HTA)
- Microsoft Office Macros
- Microsoft Silverlight
3
- Persistence Overview
- Registry Modification
- Service Abuse
- Windows Management Interface (WMI) Subscriptions
4
- Privilege Escalation Overview
- PowerUP
- User Account Control (UAC) Bypass
- Remote Privilege Escalation
5
- Lateral Movement & Objective Achievement Overview
- PsExec / Powershell
- WMI Process Creation
- WMI Subscription
6
- Congrats! Here's what's next...
- More resources for you
- Before you go...

Countdown Until The Next SIT!

The next SIT will be held on (TBD).

00 Days
00 Hours
00 Minutes
00 Seconds

Enroll Now

SIT Overview

SIT Core Concepts

Executing a Layered Analysis Methodology

Creating Indicators of Compromise (IOC)

Identifying Artifact and Evidence Locations

Course Curriculum

Day 1 – Introduction & Analysis Methodology

Day 2 - Initial Access

Day 3 - Persistence

Day 4 - Privilege Escalation

Day 5 - Lateral Movement & Objective Achievement

Next steps

Countdown Until The Next SIT!