Today I will be purchasing the Certified CyberDefenders training and certifaction course from Cyberdefenders.org for SOC Analysts. I was torn between this cert and SecurityBlueTeam’s BTL1 (both of which I have heard nothing but good things about), but ultimately decided on the CCD due to its material and labs being more up-to-date and finished. I look forward to the “brain bending” labs through the course and 48hr final exam.

Below is what is covered in this course.

Certification Summary

This training introduces you to real-world threats defenders experience in their networks and the tools used to defend against them. You will learn defense strategies, threat-hunting techniques, adversary detection, and how to investigate security intrusions and perform forensic analysis.

About the exam

The exam is a 48-hours, 100% practical, and evaluates your skills across the following domains; threat hunting, perimeter defense, disk forensics, memory forensics, and network forensics. You will use Elastic SIEM to hunt threats, investigate real-world intrusion, create an incident timeline, and perform forensic analysis on different attack artifacts.

CCD Practical Labs

Microsoft Defender for Cloud
OSSEC Host Intrusion Detection System (HIDS)
Nessus for Vulnerability Assessment
Microsoft Sentinel SIEM / SOAR
Canary Tokens
Suricata - Network Detection
C2 Traffic Detection with RITA
Application Detection - Web Shells
Sysmon: Endpoint Perimeter/System Detection
Velociraptor - Enterprise Incident Response
Shodan open-source Intelligence
IOC Extraction
OpenCTI: Open Cyber Threat Intel Platform
Threat Profiling using MITRE ATT&CK Navigator
MISP: Malware Information Sharing Platform
Evidence Collection (memory, triage, and disk images)
Windows Forensics Investigation Case
Linux Forensics Investigation Case
Memory Forensics Investigation Case
Network Forensics Investigation Case
USB Forensics Investigation Case
Elastic SIEM
Network Hunting Case
Endpoint Hunting Case
Application Hunting Case
SPF, DKIM, and DMARC Deployment
GoPhish Phishing Simulator
Detecting Phishing Attacks using Canarytokens

Blue Team Practiced Tools

AnyRun, Arsenal Image Mounter, BelkaSoft ram capturer, Canary Tokens, Cuckoo SandBox, CyLR, CyberChef, DD, Dumpit, Elastic-SIEM, Esentutil, Event Log Explorer, FTK Imager, GoPhish, INDXRipper, JumpListExplorer, Kape, LECmd, LiME, MFTECmd, Magnet Encrypted Disk Detector (EDD), Microsoft Defender for Cloud, Microsoft Sentinel SIEM, NTFS Log Tracker, Nessus, NirSoft TurnedOnTimeView, NirSoft WifiHistoryView, NirSoft WinPrefetchView, OpenCTI, OSSEC, pfSense, R-Studio recovery, RITA, RegRip, Registry Explorer, SRUMECmd, ShellBags Explorer, ShimCacheParser, Sigma, Suricata, Sysmon, TimeLine Explorer, USB Forensics Tracker, Velociraptor, Volatility 2, WinSearchDBAnalyzer, WireShark, WxTCMD, Yara, Zeek