OffSec - Cyber defence analyst SOC workshop

The Cyber Defence Analyst SOC Workshop consists of an introduction to the three Defence Analyst skills of security monitoring, incident response, and threat hunting and introduces some Kali Purple based tools which will be used in the workshop. These include the ELKStack SIEM tool based on ElasticSearch/Kibana, the Velociraptor tool for incident response, the Scirius tool for security analytics, and the Idaho Labs Malcolm toolset based on Arkime/Zeek and Suricata for threat hunting. The briefing will be followed by a series of three practical sessions in which attendees can participate and get hands on to the tools. In the SIEM lab, the instructor will initiate one of four stages of a cyber-attack at the start of each session, and for the first stage demonstrate how to detect and diagnose the attack. Attendees then get to detect and diagnose stages 2-4. At the end of each stage the instructor will provide a summary brief on the attack to date and walk through one of the possible detection paths. In the IR Lab attendees will firstly use Velociraptor to investigate an incident and then review the Scirius analytics on a set of malware attacks. Finally, the instructor will wallk through a threat hunt of an ICS attack using the Malcolm toolset.

Attendees may choose to watch and listen or may be hands-on for the workshops. If the latter, they should bring their own laptops in order to participate. The only software requirement is a browser.