SOC-200: Foundational Security Operations and Defensive Analysis
Learn the foundations of cybersecurity defense with Foundational Security Operations and Defensive Analysis (SOC-200), a course designed for job roles such as Security Operations Center (SOC) Analysts and Threat Hunters. Learners gain hands-on experience with a SIEM, identifying and assessing a variety of live, end-to-end attacks against a number of different network architectures. Learners who complete the course and pass the exam earn the OffSec Defense Analyst (OSDA) certification, demonstrating their ability to detect and assess security incidents.
Learners will learn how to:
- Recognize common methodologies for end-to-end attack chains (MITRE ATT&CK® framework)
- Conduct guided audits of compromised systems across multiple operating systems
- Use a SIEM to identify and assess an attack as it unfolds live
- The OSDA Exam Scheduling Open Now
- The SOC-200 course prepares you for the OSDA certification
- Learn more about the exam
- Job roles like: Security Operations Center (SOC) Tier 1, Tier 2 and Tier 3 Analysts, Jr. roles in Threat Hunting and Threat Intelligence Analysts, Jr. roles in Digital Forensics and Incident Response (DFIR)
- Anyone interested in detection and security operations, and/or committed to the defense or security of enterprise networks
- All prerequisites for SOC-200 can be found within the Offsec Fundamentals Program, included with a Learn Subscription
- Prerequisite Topics include:
- SOC-100: Linux Basics 1 & 2
- SOC-100: Windows Basics 1 & 2
- SOC-100: Networking Basics
How to Enroll
Course & Cert
Fast-track your learning journey and earn a certificate in just 90 days. Includes one exam attempt.
One year of lab access to one OffSec course plus two exam attempts.
Unlimited OffSec Learning Library access plus unlimited exam attempts for one year.
Financing is now available through Climb Credit with as little as 0% APR and up to 36 monthly payments, excluding Learn Unlimited. Only available in the US, except IL. Learn more.
Once started, 90 day lab access cannot be paused
This course covers the following Topics. View the full syllabus.
- Attacker Methodology Introduction
- Windows Endpoint Introduction
- Windows Server Side Attacks
- Windows Client-Side Attacks
- Windows Privilege Escalation
- Windows Persistence
- Linux Endpoint Introduction
- Linux Server Side Attacks
- Network Detections
- Antivirus Alerts and Evasion
- Network Evasion and Tunneling
- Active Directory Enumeration
- Windows Lateral Movement
- Active Directory Persistence
- SIEM Part One: Intro to ELK
- SIEM Part Two: Combining the Logs
- Develop a working knowledge of security operations and best practices
- Experience investigating the evidence left behind in log files from a wide variety of common attack methods
- Configure and monitor a SIEM for active attacks on a network
- Manually inspect logs in order to be able to recognize both normal and abnormal or benign and malicious activity
- Active Discord & Community
- Access to the virtual lab environment
- Closed Captioning is available for this course
If a learner needs more lab access time or needs to retake an exam, Exam Retakes & Lab Extensions can be purchased additionally through the OffSec Training Library.
- OSDA Certification Exam Retake Fee: $249
- SOC-200 lab access extension of 30 days: $359