Our experts use and update their knowledge and skills daily – rest assured you’re getting the most relevant experience out there.
Contact us
Ask a question?
If you want to know anything about the course, we’re here to help.
Security Operations and Threat Hunting
Course overview
Big companies with complex IT infrastructure need to protect it – or face the consequences of being compromised. Sophisticated attackers can bypass automatic defenses unnoticed. Here’s where Security Operations Center (SOC) comes to the rescue, bringing the expertise and skills of its professionals for upgraded business protection.
Developed by Kaspersky’s own SOC experts, this course offers a comprehensive training to SOC analysts and other staff dealing with security operations. The knowledge you will get is practical and tested: our experts update it daily, provide security to Kaspersky itself and deliver on-site training to clients all over the world.
During the time on the course, you will get to know the diverse roles within a SOC, its services and use cases, get acquainted with the modern attack tactics, techniques, and procedures, and learn how SOC helps deal with them. Within the numerous extensive practice sessions in the restricted areas of the virtual labs, you’ll get an opportunity to develop your skills in incident detection and investigation.
Up-to-date
Hands-on
One hundred hours of practice in the virtual lab are included in your course – you can put your newly acquired knowledge to practice immediately!
All-round
The course covers a wide range of SOC expertise that will be equally challenging to both entry-level and mid-level SOC professionals.
Training objectives:
The training will help companies, government organizations and academics to:
- Understand the structure of Security Operations Center as a part of security defense services
- Be able to plan and organize security monitoring in the enterprise
- Use different threat intelligence sources to find new advanced threats
- Detect and investigate malicious activity in Windows and Linux infrastructures based on attacker’s tactics, techniques and procedures
- Learn threat hunting infrastructure based on ELK (Elasticsearch, Logstash, Kibana)
Your course leaders
Dmitriy Uchakin
Kaspersky SOC Analyst and Researcher
Dmitriy is a Kaspersky SOC analyst, working in operation and research areas. He joined the company in 2019 and now performs real-time investigations of detected threats and the analysis of fresh APT threats that were observed around the globe. Dmitriy is responsible for the optimization of SOC operations, he helps to automate the SOC routines through the development of Jupyter notebooks, as well as robots for repeatable actions. He contributes to Kaspersky SOC’s Threat Hunting activities, like the creation of TH hypothesis, hunting for malicious indicators and converting successful cases into new threat detection rules.
Sergey Soldatov
Head of Kaspersky SOC
Sergey started his career over 20 years ago as a software developer, writing in C and Perl. After working as a sysadmin of security systems, he became a member of a SOC team and was engaged in threat detection and incident investigation. Currently, Sergey is the head of Kaspersky SOC, responsible for internal SOC activities at the company as well as external managed detection and response and Compromise assessment services. Sergey is a certified information systems security professional (CISSP, OSCP) and auditor (CISA).
Roman Nazarov
Head of Kaspersky SOC Consulting
Roman has 13-years experience in Information Security mainly focused on SOC areas. He started his career as a security engineer and advanced to manage a team specializing in building SOC platforms for big national organizations. Working internationally on various challenges, like designing threat detection frameworks, Roman became a certified ArcSight instructor. Back in Russia, he developed a cyber security platform handling 2 million security events per second at the country’s biggest bank.
Now at Kaspersky SOC Consulting, he focuses on a complex approach that includes all areas of SOC/MSS/CERT design and architecture, establishing operations and development planning. Roman is an acknowledged professional holding certificates like CISSP, CISM, CISA, GNFA, GCIH.
Who it's for
SOC analysts and specialists
For cybersecurity specialists involved in security operations and threat hunting.
Enterprises
For teams and enterprises focusing on threat hunting.
How you'll learn
Guided video lectures
Learn from more than 60+ videos by the top-notch Kaspersky SOC experts, sharing their practical experience and hacks.
Hands-on virtual lab and various environments within
Practice in our fully configured virtual lab - and experience various environments to hunt a wide range of threats.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
Syllabus
General cybersecurity concepts
SOC People
SOC Services
- Security Monitoring
- SOC Use Cases
- Threat Intelligence
- Threat Hunting
SOC Technologies
- ELK Stacks
- SOC Tools
SOC Development And Maturity Levels
Lab: WMI Consumer Hunting
Lab: Linux Service Hunting
Lab: Domain Name Hunting
Windows
Windows Credentials and authentication
- SAM and NTDS DIT
Lab: Password credentials in SAM and NTDS
Lab: Password credentials in memory
Lab: Security support providers
User Rights
- Privileges and access control
Lab: Windows Privileges
Lab: Windows services exploitation
- UAC
- Pass the token
Lab: Pass the token and Impersonation
Kerberos
- Kerberoasting
- AS-REP roasting
- Silver ticket
- Golden ticket
Lab: Kerberoasting
Lab: AS-REP roasting
Lab: Silver ticket
Lab: Golden ticket
Windows Security Auditing
Lab: Windows Security Audit
Linux
Linux general information
Linux security
Mandatory access control
Lab: Openssl. Attack Overview
Lab: Openssl. Ivestigation
Lab: Sudo privilege escalation. Attack Overview
Lab: Sudo privilege escalation. Investigation
Network
Introduction to Networks
Typical network attacks
Network security monitoring tools
Lab: Spoofing and replying. Investigation with Wireshark and Zeek
Lab: Client-side attack
Lab: Server-side attack
Network security monitoring tools
Benefits for you
 |
6 months to complete your course from activation of your access code |  |
 |
Delivered in English with subtitles | |
 |
Self-guided learning that fits around your life (It will take you approximately 18 hours to watch the videos) | |
 |
100 hours of virtual lab time for hands-on learning | |
 |
PDF downloads of training materials & tips | |
 |
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client) | |
 |
Course author Members of Kaspersky Security Operations Center | |
 |
60+ videos to guide you through the course | |
 |
Platform support and help from our subject matter experts is available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com | |
 |
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) | |
$1,400 inc. tax per learner