Blue Team / SOC Analyst

Learning roadmap untuk defensive security

Phase 1

Security Fundamentals

CIA Triad & Security Principles

Confidentiality, Integrity, Availability, least privilege, defense in depth

Networking & Protocols

TCP/IP, DNS, HTTP, SMTP, DHCP, ARP, packet analysis basics

Operating System Security

Windows & Linux hardening, user management, file permissions, services

Common Attack Types

Phishing, malware, ransomware, DDoS, man-in-the-middle, social engineering

Security Frameworks

NIST CSF, ISO 27001, CIS Controls, MITRE ATT&CK overview

Phase 2

Log Analysis & Monitoring

Log Sources & Types

Syslog, Windows Event Logs, firewall logs, web server logs, authentication logs

SIEM Fundamentals

Splunk, ELK Stack, Wazuh -- ingestion, parsing, correlation rules

Log Analysis Techniques

Filtering, pattern recognition, anomaly detection, timeline analysis

Network Traffic Analysis

Wireshark, tcpdump, Zeek -- packet capture and protocol analysis

Detection Engineering

Writing Sigma rules, YARA rules, Snort/Suricata signatures

Phase 3

Incident Response

IR Process & Frameworks

NIST IR lifecycle: Preparation, Detection, Containment, Eradication, Recovery

Triage & Prioritization

Alert classification, severity assessment, escalation procedures

Containment Strategies

Network isolation, account disabling, firewall rules, DNS sinkhole

Evidence Collection

Chain of custody, disk imaging, memory dumps, log preservation

Post-Incident Activities

Root cause analysis, lessons learned, report writing, IOC extraction

Phase 4

Digital Forensics

Disk Forensics

File system analysis (NTFS, ext4), deleted file recovery, timeline analysis

Memory Forensics

Volatility framework, process analysis, DLL injection detection, rootkit hunting

Network Forensics

Packet analysis, C2 detection, data exfiltration identification, DNS tunneling

Email Forensics

Header analysis, phishing investigation, attachment analysis, SPF/DKIM/DMARC

Malware Analysis (Basic)

Static analysis, strings, PE headers, sandbox execution, behavior analysis

Phase 5

Threat Hunting & Intelligence

MITRE ATT&CK Framework

Tactics, techniques, procedures (TTPs), mapping attacks to ATT&CK

Threat Hunting Methodology

Hypothesis-driven hunting, data-driven hunting, IOC sweeping

Threat Intelligence

IOC feeds, threat reports, STIX/TAXII, diamond model, kill chain mapping

Active Defense

Honeypots, deception technology, canary tokens, threat emulation

SOC Operations

Playbook development, automation (SOAR), metrics, shift management

Essential Tools

Explore our tools for your research

tools.redlimit.id

Siap mulai?

Latihan forensics dan log analysis di challenges kami

Mulai Challenge Forensics