Bridgeway International

Linkedin Tiktok Youtube X-twitter Instagram Facebook Pinterest

346-489-4975

Contact us on  346-489-4975
Menu

SOC Level 2

  • Course Duration
  • 3 Days

Back To Courses

Course Information

  • Category
  • Duration
  • Security
  • 3 Days
  • Price
  • $1,999.00
Enroll Now

Need Group Training

Course Description

Security Operations (SOC) 201 is an advanced course designed to elevate your ability to detect, investigate, and respond to complex cyber threats at scale. Building on the foundational skills from SOC 101, this course focuses on developing an effective investigative methodology and mastering the responsibilities of an Incident Responder or Threat Hunter.

Through hands-on labs and realistic scenarios, you’ll investigate sophisticated threats across enterprise environments, applying advanced techniques aligned with the MITRE ATT&CK framework. The curriculum emphasizes proactive threat hunting as part of a continuous detection and response cycle, helping analysts identify active threats, uncover security gaps, and improve future investigations.

By the end of the course, you’ll be equipped with the mindset, tools, and methodologies needed to confidently investigate incidents, trace root causes, and respond effectively to advanced adversaries.

This course includes an Exam Vouchers for TCM Security’s Practical SOC Analyst Professional (PSAP) certification – Launching September 2025. Each exam voucher includes 1 exam attempt and is valid for 12-months from the course completion date or certification release date.

Course Objective

  • Develop a robust and reliable investigator’s mindset to approach incidents methodically
  • Learn industry-standard methodologies and tools for detecting, hunting, and responding to cyber threats across enterprise environments
  • Gain experience performing incident response and threat hunting at scale
  • Learn to investigate and identify advanced adversary tactics following the MITRE ATT&CK framework, including execution artifacts, lateral movement, credential theft, living off the land techniques, persistence, defense evasion, command and control, and many more
  • Learn to perform effective attack timeline analysis, and guide effective incident response and remediation efforts
  • Investigate the root cause of security incidents by uncovering the entry point

Course Outline

Day 1:

  • Understanding the modern adversary
  • Introduction to incident response
  • Incident decision making
  • Introduction to threat hunting
  • Threat hunting teams, data sources, and maturity models
  • Cyber threat intelligence
  • Exploring the MITRE ATT&CK Navigator
  • Structured and unstructured threat hunting
  • Data transformation techniques
  • Data transformation in the command-line, PowerShell, and Splunk
  • Searching, aggregations, statistics, and visualizations

Day 2:

  • Understanding and categorizing anomalies
  • Masquerading
  • Ambiguous identifiers
  • Frequency and volume anomalies
  • Temporal anomalies
  • Location and environmental anomalies
  • Structure and format anomalies
  • Absence and suppression anomalies
  • Entropy analysis
  • Dissecting threat reports
  • Threat hunting lab
  • Tracing an attack chain
  • Hunting execution
  • Hunting malicious process trees
  • Hunting persistence
  • Hunting defense evasion
  • Hunting command and control
  • Hunting lateral movement

Day 3:

  • Collection at scale
  • Collection with WMI
  • PowerShell 101
  • PowerShell remoting
  • Remote collection frameworks
  • Triage artifact collection with KAPE
  • Incident response with Velociraptor
  • Windows memory structures
  • The Volatility framework
  • Process analysis
  • Command line analysis
  • Network analysis
  • Registry analysis