Blue Team Curriculum
504.1: Incident Response and Cyber Investigations
- SOC Overview
- Defensible Network Concepts
- Events, Alerts, Anomalies, and Incidents
- Incident Management Systems
- Threat Intelligence Platforms
- SIEM and Automation
504.2: Scanning and Enumeration Attacks
- Network Architecture
- Understanding DNS
- DNS Analysis and Attacks
- Understanding HTTP
- HTTP(S) Analysis and Attacks
- Understanding SMTP and Email
- Additional Network Protocols
504.3: Password Attacks and Exploit Frameworks
- Endpoint Attack Tactics
- Endpoint Defense In Depth
- How Windows Logging Works
- How Linux Logging Works
- Interpreting Important Events
- Log Collection, Parsing, and Normalization
- File Contents and Identification
- Identifying and Handling Suspicious Files
504.4: Web Application Attacks
- Alert Triage and Prioritization
- Perception, Memory, and Investigation
- Models and Concepts for Infosec
- Structured Analytical Techniques
- Analysis Questions and Tactics
- Analysis OPSEC
- Intrusion Discovery
- Incident Closing and Quality Review
504.5: Evasion and Post-Exploitation Attacks
- Improving Life in the SOC
- Analytic Features and Enrichment
- New Analytic Design, Testing, and Sharing
- Tuning and False Positive Reduction
- Automation and Orchestration
- Improving Operational Efficiency and Workflow
- Containing Identified Intrusions
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
