OffSec SOC-200 (OSDA) Training in Finland

  • Learn via: Classroom
  • Duration: 5 Days
  • Level: Intermediate
  • Price: From €7,052+VAT
We can host this training at your preferred location. Contact us!

Learn the foundations of cybersecurity defense with Foundational Security Operations and Defensive Analysis (SOC-200), a course designed for job roles such as Security Operations Center (SOC) Analysts and Threat Hunters. Learners gain hands-on experience with a SIEM, identifying and assessing a variety of live, end-to-end attacks against a number of different network architectures. Learners who complete the course and pass the exam earn the OffSec Defense Analyst (OSDA) certification, demonstrating their ability to detect and assess security incidents.

Who is this training for;

Job roles like: Security Operations Center (SOC) Tier 1, Tier 2 and Tier 3 Analysts, Jr. roles in Threat Hunting and Threat Intelligence Analysts, Jr. roles in Digital Forensics and Incident Response (DFIR). Anyone interested in detection and security operations, and/or committed to the defense or security of enterprise networks.

Learners are required to have basic knolwedge in Networking, Linux and Windows OS.

Learners will learn how to:

  • Recognize common methodologies for end-to-end attack chains (MITRE ATT&CK® framework)
  • Conduct guided audits of compromised systems across multiple operating systems
  • Use a SIEM to identify and assess an attack as it unfolds live

About the Exam

  • The OSDA Exam Scheduling Open Now
  • The SOC-200 course prepares you for the OSDA certification
  • Exam is Proctored
  • Learn more about the exam here

Module 1 Attacker Methodology

The Network as a Whole

  • Gain a basic understanding of an enterprise network's DMZ
  • Learn about deployment environments
  • Understand the difference between core and edge network devices
  • Study virtual private networks and remote sites

The Lockheed-Martin Cyber Kill-Chain

  • Learn the parts of the Lockheed-Martin Cyber Kill-Chain
  • Apply the Kill-Chain to malware that performed cryptomining
  • Apply the Kill-Chain to three iterations of ransomware

MITRE ATT&CK Framework

  • Learn the classifications of the MITRE ATT&CK Framework
  • Review a case study of OilRig campaigns with MITRE ATT&CK principles
  • Review a case study of APT3 campaigns with MITRE ATT&CK principles
  • Review a case study of APT28 campaigns with MITRE ATT&CK principles

Module 2 Windows Endpoint Introduction

Windows Processes

  • Gain a basic understanding of programs running within Windows
  • Learn about Windows Services and their relationship with processes
  • Review the common states of Windows Services

Windows Registry

  • Review the configuration structure of theWindows Registry
  • Learn about the key-value pair relationship within the Windows Registry
  • Understand the value types and formats for Windows Registry keys

Command Prompt, VBScript, and PowerShell

  • Review the non-graphical means of interacting with Windows
  • Build batch scripts used for the command prompt to run local commands
  • Write a Visual Basic Script for collecting operating system
  • Build custom PowerShell functions

Programming on Windows

  • Review the Component Object Model in Windows
  • Learn about the development of the .NET Framework and .NET Core

Windows Event Log

  • Gain a basic understanding of Windows Event logs and sources
  • Review several Windows Event logs using the Windows Event Viewer
  • Use PowerShell to query Windows Event logs

Empowering the Logs

  • Gain a basic understanding of System Monitor Sysmon)
  • Review Sysmon events using the Windows Event Viewer
  • Review Sysmon events using PowerShell
  • Use PowerShell Core in Kali Linux to query event logs remotely

Module 3 Windows Server Side Attacks

Credential Abuse

  • Learn about the Windows Security Account Manager
  • Learn about Windows Authentication
  • Understand the concept of suspicious login activity
  • Evaluate the behavior of brute-force login activity

Web Application Attacks

  • Learn about the configuration of Internet Information Services IIS in Windows
  • Evaluate logging artifacts of local file inclusion for attacking web servers
  • Evaluate logging artifacts of command injection and file upload for attacking web servers

Binary Exploitation

  • Learn about binary attacks through buffer overflows, and the artifacts they create
  • Study the use of Windows Defender Exploit Guard and how it protects against binary exploitation
  • Evaluate logging artifacts generated by the Windows Defender Exploit Guard

Module 4 Windows Client Side Attacks

Attacking Microsoft Office

  • Review social engineering and spearphishing techniques
  • Evaluate the use of Microsoft Office products to deploy phishing attacks
  • Review logging artifacts generated from a phishing attack

Monitoring Windows PowerShell

  • Gain a basic understanding of extended PowerShell logging capabilities
  • Understand the use of PowerShell module logging
  • Understand the use of PowerShell script block logging
  • Understand the use of PowerShell transcription
  • Review PowerShell logging artifacts generated from a phishing attack
  • Learn about PowerShell obfuscation and deobfuscation

Module 5 Windows Privilege Escalation

Privilege Escalation Introduction

  • Gain a basic understanding of Windows integrity levels and enumeration
  • Learn about Windows’ User Account Control UAC
  • Evaluate a UAC bypass technique and the logging artifacts it creates

Escalations to SYSTEM

  • Perform an elevation using UAC Bypass and review the logging artifacts created
  • Learn about service permissions for privilege escalation along with relevant logging artifacts
  • Learn about unquoted service paths for privilege escalation along with logging artifacts

Module 6 Linux Endpoint Introduction

Linux Applications and Daemons

  • Understand what Linux daemons are
  • Understand the Syslog Framework components
  • Understand how the syslog and the journal daemon work together
  • Understand Linux web logging

Automating the Defensive Analysis

  • Understand how scripting can aid log analysis
  • Understand how to scale further scripting with DevOps tools
  • Understand how to put together what we learned in a real-life hunting scenario

Module 7 Linux Server-Side Attacks

Credential Abuse

  • Understand suspicious logins and how to detect them in logs
  • Understand brute-force password attacks and their log footprints

Web Application Attacks

  • Understand command injection attacks and their log footprint and detections
  • Understand SQL injection attacks and their log footprint and detections

Module 8 Linux Privilege Escalation

User-side privilege escalation attack detections

  • Understand how Linux privileges works
  • Understand how to detect privilege escalation attacks on user's configuration files

System-side privilege escalation attack detections

  • Understand how Linux privileges works
  • Understand how to detect privilege escalation attacks on user's configuration files

Module 9 Windows Persistence

Persistence on Disk

  • Understand and recognize Persisting via Windows Service
  • Understand and recognize Persisting via Scheduled Tasks
  • Understand and recognize Persisting by DLLSideloading/Hijacking

Persistence in Registry

  • Understand Using Run Keys
  • Understand Using Winlogon Helper

Module 10 Network Detections

Intrusion Detection Systems

  • Understand theory and methodologies behind IPS and IDS
  • Understand Snort rule syntax
  • Learn how to craft basic Snort rules

Detecting Attacks

  • Learn how to detect known vulnerabilities with Snort rules
  • Learn how to detect novel vulnerabilities with Snort rules

Detecting C2 Infrastructure

  • Understand the components of a C2 framework
  • Learn how to detect a well-known C2 communication through Snort rule sets

Module 11 Antivirus Detections

Antivirus Basics

  • Understand an Overview of Antivirus
  • Understand Signature-Based Detection
  • Understand Heuristic and Behavioral-Based Detection

Antimalware Scan Interface AMSI

  • Understand the basics of AMSI
  • Understand how attackers bypass AMSI

Active Directory Enumeration

Abusing Lightweight Directory Access Protocol

  • Understand LDAP
  • Interact with LDAP
  • Enumerate Active Directory with PowerView

Detecting Active Directory Enumeration

  • Audit Object Access
  • Perform Baseline Monitoring
  • Use Honey Tokens

Module 12 Network Evasion and Tunneling

Network Segmentation

  • Understand the concept of network segmentation
  • Learn the benefits of network segmentation
  • Understand possible methods of implementing network segmentation in an enterprise

Detecting Egress Busting

  • Understanding the concept of egress filtering
  • Understanding an iptables firewall setup and application of egress filtering
  • Evaluate an 'egress busting' technique and the logging artifacts it creates

Port Forwarding and Tunneling

  • Understand the concept of tunneling and port forwarding
  • Learn how attackers use it to compromise additional machines in the network
  • Understand the possible methods and tools attackers use to tunnel into the network and how to detect them

Module 13 Windows Lateral Movement

Windows Authentication

  • Understanding Pass the Hash
  • Understanding Brute Forcing Domain Credentials
  • Understanding Terminal Services

Abusing Kerberos Tickets

  • Understanding Pass the Ticket
  • Understanding Kerberoasting

Active Directory Persistence

Keeping Domain Access

  • Understanding Domain Group Memberships
  • Understanding Domain User Modifications
  • Understanding Golden Tickets

Module 14 SIEM Part One: Intro to ELK

Log Management Introduction

  • Understand SIEM Concepts
  • Learn about the ELK Stack
  • Use ELK Integrations with OSQuery

ELK Security

  • Understand Rules and Alerts
  • Understand Timelines and Cases

Module 15 SIEM Part Two: Combining the Logs

Phase One: Web Server Initial Access

  • Detect enumeration and command injection
  • Implement Phase One detection rules

Phase Two: Lateral Movement to Application Server

  • Discover brute forcing and authentication
  • Create Phase Two detection rules

Phase Three: Persistence and Privilege Escalation on Application Server

  • Understand persistence and privilege escalation
  • Build Phase Three detection rules

Phase Four: Perform Actions on the Domain Controller

  • Identify dumping the AD database
  • Create Phase Four detection rules


Contact us for more detail about our trainings and for all other enquiries!

Upcoming Trainings

Join our public courses in our Finland facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

Classroom / Virtual Classroom
26 marraskuuta 2024
Helsinki, Espoo
5 Days
Classroom / Virtual Classroom
27 marraskuuta 2024
Helsinki, Espoo
5 Days
Classroom / Virtual Classroom
26 marraskuuta 2024
Helsinki, Espoo
5 Days
Classroom / Virtual Classroom
27 marraskuuta 2024
Helsinki, Espoo
5 Days
Classroom / Virtual Classroom
13 helmikuuta 2025
Helsinki, Espoo
5 Days
Classroom / Virtual Classroom
23 helmikuuta 2025
Helsinki, Espoo
5 Days
Classroom / Virtual Classroom
13 helmikuuta 2025
Helsinki, Espoo
5 Days
Classroom / Virtual Classroom
23 helmikuuta 2025
Helsinki, Espoo
5 Days

Related Trainings

OffSec SOC-200 (OSDA) Training Course in Finland

Finland is a country located in northern Europe. Helsinki is the capital and largest city of the country. The majority of the people are Finns but there is also a small Lapp population in Lapland, where the country is famous for the Northern Lights. Finland's national languages are Finnish and Swedish.

Known for its vast forests, lakes, and natural beauty, Finland is one of the world's largest producers of forest products, such as paper, pulp, and lumber. One of the world's largest sea fortresses Suomenlinna, Rovaniemi with the "White Nights", dogsled safaris and of course the Northern Lights are what makes Finland so popular for tourists. Finland is one of the best places in the world to see the Northern Lights and attracts millions of tourists during its seasons.

Finland is home to a thriving technology industry and is widely recognized as one of the world's leading technology hubs. Companies such as Nokia and Rovio (creator of the popular game Angry Birds) are based in Finland. Some of the key factors that have contributed to Finland's success in technology include; strong investment in research and development, a highly educated workforce and fundings.

Finland has a strong educational system, and is widely regarded as one of the world's most literate countries. In fact, Finland's literacy rate is one of the highest in the world, and its students consistently perform well in international tests of math and reading ability.

Also, as a pioneer in environmental sustainability, Finland is known for its efforts to reduce its carbon footprint and promote clean energy. This Nordic country is also famous for its unique and distinctive cultural heritage, including its traditional folk music and its elaborate traditional costumes.

Helsinki, Finland's capital city, is the country's business center. Helsinki is Finland's largest city, and it is home to many of the country's major corporations and organizations, including many of the country's leading technology firms. The city is also a commercial, trade, and financial center, as well as one of the busiest ports in the Nordic region.

Take advantage of our diverse IT course offerings, spanning programming, software development, business skills, data science, cybersecurity, cloud computing and virtualization. Our knowledgeable instructors will provide you with practical training and industry insights, delivered directly to your chosen venue in Finland.
By using this website you agree to let us use cookies. For further information about our use of cookies, check out our Cookie Policy.