SOC Analyst Projects
Maybe you’re in college, or transitioning from the military, or maybe you’re from another area of IT, or just maybe you’re just teaching yourself... projects are a big part of any training for a SOC analyst. Some of these are challenging, and some are a little easier but there are three here to teach you practical skills that you’ll need to have as a SOC analyst.
Cryptography
There are three cipher-texts that you will turn back into plaintext. One of these cipher texts lead you to particular places that might not be so friendly. Do NOT access from work or using work resources. Be extra careful with links. If you are unsure how to safely handle clicking on links, please do your research prior to following the rabbit hole.
Good luck — Be safe
~godspeed
Questions for this assignment
What is the plaintext for these three ciphertexts?
Decipher One
Erthyne FBP Nanylfgf znxr bire fvk svtherf HFQ ng fbzr pbzcnavrf abj.
Decipher Two
The key is Decipher OneQfla QBG Fopyyfrd pttv gev eqwjjmofxx iikbljd n vzckzr bmf crdmftf tip (tzwziysxpcewayulqnmyz) ieh xvww-fxf gidwyetxfqgp (hzlggrdt hrzcsxkhnuc).Ajsro — ureuy://bvj.vfvblfj.xye/rtagy?a=p-wjkxJa_D8
Decipher Three
QmFzZTY0IGlzIGVuY29kaW5nLCBub3QgZW5jcnlwdGlvbi4gIEVuY29kaW5nIGRvZXNuJ3QgaGF2ZSBhIGtleSB3aGVyZWFzIGVuY3J5cHRpb24gaGFzIGEga2V5LgoKSGV5LCBjaGVjayB0aGlzIG91dC4uLgoKaHR0cHM6Ly9nb29nbGUuY29tLz9xPWludGl0bGUlM0ElMjJoYWNrZWQrYnklMjIraW51cmwlM0F1cGxvYWQr==
2. Networking
Questions for this assignment
Trace the route then research and explain how the internet sang the song of Bad Horse. How did the administrator configure each hop for this to work?
3. Malware
theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.
theZoo’s purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyze the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.
Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes
Warning! You are about to handle live malware and if you are unsure how to safely handle malware, please conduct research prior to continuing.
Instructions for this assignment
Visit the Live Malware Repository at https://github.com/ytisf/theZoo
Upload malware samples to Virus Total at https://www.virustotal.com/gui/home/upload
Calculate the file hash of malware samples and search Virus Total for it at https://www.virustotal.com/gui/home/search
Execute the sample interactively in a sandbox (any of them will work but I enjoy https://app.any.run or https://hybrid-analysis.com )
Compile a list of Indicators of Compromise (IoCs) from the malware execution and search google for them.
Questions for this assignment
How does Virus Total know that these files are malware?
How would an attacker take malware like this and make it undetectable?
What is the difference between behavioral antivirus and traditional antivirus?
What is the difference between antivirus and modern endpoint detection and response tools?
Did googling the Indicators of Compromise (IoCs) lead you to any interesting threat intelligence about the malware?
Why aren’t IP addresses considered ‘good threat intelligence?’
What are the various levels of ‘good threat intelligence’ and how might you be able to identify malicious behavior?
Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent.
You can connect with him on LinkedIn.
Get 20% off all courses in our On-Demand catalog with coupon code “Welcome20”
Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.
Also available in the Secure Style Store, download the Job Hunting Application Tracker for FREE to keep track of all your job applications.
Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.
Comments