Skip to content

Training Tracks
Analyst Defense Labs
Free Training
Events
Log In

Training Tracks
Analyst Defense Labs
Free Training
Events
Log In

Enterprise Security Operations

Current Status

Not Enrolled

Enroll in this course to get access

Price

Closed

Get Started

Take this Course

SOC Analyst Core: Enterprise Security Track

Formerly 101 Enterprise Security Fundamentals

> View Course Syllabus

Support & FAQs

Please use our Support & FAQ page to find more information and reach out to us and join our Discord community for general conversation topics and networking.

Important: Virtual Labs

Your labs are real virtual machines in the cloud. This means it may take a few minutes until they are started up and available.
Whenever you have less than 15 minutes remaining, you will have the option to extend your lab by 1 hour.
When a VM shuts down, it will not store your files and data.
For the best experience, it’s recommended to use Google Chrome where you will have copy and paste functionality.

Tools Used

Sysmon, PowerShell, CyberChef, ExifTool, Sysinternals Tools, AdFind, PowerView, Incognito, John Ripper, Mimikatz, RClone, Process Hacker, scdbg, Cmder, dnSpy, capa, oletools, Wireshark, PEStudio

Certificate of Completion

Once you finish the course you will receive your Certificate of Completion!

Average Review Score:

★★★★★

Great Intro to Enterprise Fundamentals

By michael.jacobs15 on 18 December, 2025 at 17:00

★★★★★

Enjoyed the class. It was a refresher course in some areas and I also learned some newer technologies and tools.

Good knowledges

By Komitse Sena ATAMEKLO on 10 August, 2024 at 12:40

★★★★★

Good knowledge anyone one embracing CyberSecurity should begin with.
I loved going through all the lessons. Very good stuffs. Good job
Thanks bro.

You must log in and have started this course to submit a review.

Username or Email Address

Password

Remember Me

Course Content

Introduction

Course Introduction 2 Topics Sample Lesson

Lesson Content

0% Complete 0/2 Steps

Welcome and Course Overview

Course Logistics, Resources and Support

Offline Lab Setup 1 Topic

You don't currently have access to this content

Lesson Content

0% Complete 0/1 Steps

Optional: Offline Lab Setup Instructions

Cyber Threat Landscape 1 Topic Sample Lesson

Lesson Content

0% Complete 0/1 Steps

Mastering Enterprise Security: Threat Actors, Attacks, and Response

1) Enterprise Domain Environments

1.1 Enterprise Domain Environments 6 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/6 Steps

Domains and Active Directory Overview

Accounts and Credential Abuse Techniques

1.1 Lab Instructions

Lab: Domain Controllers and User Accounts Management

Lab: Managing Group Policy Objects

Lab: Deploy Ransomware using GPOs

1.2 Logging, Telemetry, Visibility 1 Topic Sample Lesson

Lesson Content

0% Complete 0/1 Steps

Logging, Telemetry and Visibility Overview

1.2.1 Windows Event Logs 3 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/3 Steps

1.2.1 Lab Instructions

Lab: Exploring and Analyzing Windows Event Logs

Lab: Enabling Process Creation Events and Analysis with PowerShell

1.2.2 PowerShell Event Logging and Tuning 5 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/5 Steps

PowerShell Logging Matters

1.2.2 Lab Instructions

Lab: PowerShell Logging Basics

Greater Visibility Through PowerShell Advanced Logging

Lab: PowerShell Logging Advanced

1.2.3 Sysmon Event Logging and Detection 6 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/6 Steps

Sysmon Essentials – Introduction into Powerful System Monitoring

1.2.3 Lab Instructions

Lab: Setting Up Sysmon – Installation and Essential Configurations

Harnessing Sysmon Configurations: Optimize Monitoring Efficiency

Lab: Customizing Sysmon Templates

Lab: Next-Level Sysmon – Enhanced Detections and Advanced Configurations

2) Initial Access

Initial Access Techniques 5 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/5 Steps

Understanding Initial Access Techniques: Real-World Insights and Statistics

2.1 Lab Instructions

Lab: Exploring Malicious Office Documents with Macros

SQL Injections Primer

Lab: Analyzing FortiClient EMS Logs for SQL Injection Attacks (CVE-2023-48788)

3) LOLBins

Discovery, Execution and File Transfer with LOLBins 6 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/6 Steps

LOLBins Overview

3.1 Lab Instructions

Lab: System Reconnaissance with LOLBins

Lab: Malicious PowerShell Execution Techniques

Lab: Execution and Persistence with Service Installs

Common Miscellaneous LOLBin Usage

4) Discovery

Domain Reconnaissance 5 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/5 Steps

Domain Enumeration Introduction

4.1 Lab Instructions

Lab: Active Directory Enumeration with PowerView

Lab: Suspicious ADFind Domain Enumeration

Advanced Domain Enumeration with BloodHound

5) Credential Attacks

Credential Dumping 5 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/5 Steps

The Windows Authentication Architecture

5.1 Lab Instructions

Lab: Dumping NTLM hashes with Mimikatz

Lab: Extracting NTLM Hashes Offline

Lab: Cracking NTLM Hashes

Sessions and Tokens 2 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/2 Steps

Windows Logon Sessions and Access Tokens

Lab: Token Impersonation Attack

6) Lateral Movement

Lateral Movement Techniques 2 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/2 Steps

Windows SSO and Lateral Movement Techniques Overview

Demo: Pass-the-hash, Pass-the-ticket and PsExec

7) Windows Endpoint Compromise

Windows Endpoint Compromise Overview 2 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/2 Steps

Windows Endpoint Compromise Tactics and Techniques

7 Lab Instructions

Persistence Mechanisms 3 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/3 Steps

Lab: Autostart via Registry Runkeys and Startup Folders

Lab: Scheduled Tasks for Initial or Recurring Execution of Malicious Code

Lab: Persistence via WMI Event Subscribers

Privilege Escalation Techniques 2 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/2 Steps

Common Privilege Escalation Tactics

Lab: Bypassing the User Account Control

Execution and Defense Evasion 4 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/4 Steps

Introduction Into Process Internals

Demo: Exploring Live Windows Processes and What Looks Normal

Lab: Deep Dive into Process Injection with Process Hollowing

Bypassing AVs and EDRs in Modern Day Environments

Data Staging and Exfiltration Techniques 2 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/2 Steps

Lab: Manual Data Staging and Exfiltration Using RClone

Lab: Automated Data Exfiltration with Exbyte

8) Network Telemetry

Network Telemetry and Security 2 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/2 Steps

Network Telemetry and Security Introduction

8 Lab Instructions

Windows Network Security 2 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/2 Steps

Lab: Network Security on Windows Endpoints

Lab: Common Techniques for Tampering with Windows Firewalls

C2 Beacon Analysis 3 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/3 Steps

C2 Attack Infrastructure and Beacons Overview

Lab: Extracting Network Indicators from C2 Beacon Payloads

Lab: Hunting for Beacons via PCAP Analysis and Fingerprinting

9) Malware

Static Malware Analysis 7 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/7 Steps

Understanding Binary File Formats

9 Lab Instructions

Lab: Analyzing File Types and Formats

Lab: Advanced File Examination and Header Inspection

Lab: Analyzing Files for Malicious Behavior with CAPA

Lab: Extracting Malicious Macros in Office Documents

Lab: Static Portable Executable File Analysis with PEStudio

Dynamic Malware Analysis 1 Topic

You don't currently have access to this content

Lesson Content

0% Complete 0/1 Steps

Lab: Decompiling and Debugging .NET Malware with dnSpy

PowerShell Payload Analysis 3 Topics

You don't currently have access to this content

Lesson Content

0% Complete 0/3 Steps

Lab: Analyzing Payloads and Extracting Shellcode Part 1

Lab: Analyzing Payloads and Extracting Shellcode Part 2

Gathering Intel via VirusTotal

Final

Congratulations and Next Steps

You don't currently have access to this content

Training

Training Tracks Analyst Defense Labs Hero Bundle Events

Company

About Us Contact & Support Imprint Terms & Conditions Privacy Policy

Community

Blog Join Discord Affiliate Program Career FAQs Subscribe to Newsletter →

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options
Manage services
Manage {vendor_count} vendors
Read more about these purposes

Preferences

{title}
{title}
{title}

Scroll to Top

Training Waitlist

Join our waitlist and get notified when training becomes available.

Contact Information

First Name

Last Name

Country

email

Professional Experience

role

linkedin

I'm interested in

training

Personal Training Group Training Workshops Corporate Training

*By submitting this form, you’re agreeing that we will contact you and to receive our free email newsletter. (You’ll never be spammed and you can unsubscribe at any time.) We do not share your information with third-parties.