SOC Analyst Projects
Maybe you’re in college, or transitioning from the military, or maybe you’re from another area of IT, or just maybe you’re just teaching yourself... projects are a big part of any training for a SOC analyst. Some of these are challenging, and some are a little easier but there are three here to teach you practical skills that you’ll need to have as a SOC analyst.
1. Cryptography
There are three cipher-texts that you will turn back into plaintext. One of these cipher texts lead you to particular places that might not be so friendly. Do NOT access from work or using work resources. Be extra careful with links. If you are unsure how to safely handle clicking on links, please do your research prior to following the rabbit hole.
Good luck — Be safe
~godspeed
Questions for this assignment
What is the plaintext for these three ciphertexts?
Decipher One
Erthyne FBP Nanylfgf znxr bire fvk svtherf HFQ ng fbzr pbzcnavrf abj.
Decipher Two
The key is Decipher One
Qfla QBG Fopyyfrd pttv gev eqwjjmofxx iikbljd n vzckzr bmf crdmftf tip (tzwziysxpcewayulqnmyz) ieh xvww-fxf gidwyetxfqgp (hzlggrdt hrzcsxkhnuc).Ajsro — ureuy://bvj.vfvblfj.xye/rtagy?a=p-wjkxJa_D8
Decipher Three
QmFzZTY0IGlzIGVuY29kaW5nLCBub3QgZW5jcnlwdGlvbi4gIEVuY29kaW5nIGRvZXNuJ3QgaGF2ZSBhIGtleSB3aGVyZWFzIGVuY3J5cHRpb24gaGFzIGEga2V5LgoKSGV5LCBjaGVjayB0aGlzIG91dC4uLgoKaHR0cHM6Ly9nb29nbGUuY29tLz9xPWludGl0bGUlM0ElMjJoYWNrZWQrYnklMjIraW51cmwlM0F1cGxvYWQr==
2. Networking
Questions for this assignment
Trace the route then research and explain how the internet sang the song of Bad Horse. How did the administrator configure each hop for this to work?
3. Malware
theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and safe way. theZoo was born by Yuval tisf Nativ and is now maintained by Shahak Shalev.
theZoo’s purpose is to allow the study of malware and enable people who are interested in malware analysis (or maybe even as a part of their job) to have access to live malware, analyze the ways they operate, and maybe even enable advanced and savvy people to block specific malware within their own environment.
Please remember that these are live and dangerous malware! They come encrypted and locked for a reason! Do NOT run them unless you are absolutely sure of what you are doing! They are to be used only for educational purposes
Warning! You are about to handle live malware and if you are unsure how to safely handle malware, please conduct research prior to continuing.
Instructions for this assignment
- Visit the Live Malware Repository at https://github.com/ytisf/theZoo
- Upload malware samples to Virus Total at https://www.virustotal.com/gui/home/upload
- Calculate the file hash of malware samples and search Virus Total for it at https://www.virustotal.com/gui/home/search
- Execute the sample interactively in a sandbox (any of them will work but I enjoy https://app.any.run or https://hybrid-analysis.com)
- Compile a list of Indicators of Compromise (IoCs) from the malware execution and search google for them.
Questions for this assignment
- How does Virus Total know that these files are malware?
- How would an attacker take malware like this and make it undetectable?
- What is the difference between behavioral antivirus and traditional antivirus?
- What is the difference between antivirus and modern endpoint detection and response tools?
- Did googling the Indicators of Compromise (IoCs) lead you to any interesting threat intelligence about the malware?
- Why aren’t IP addresses considered ‘good threat intelligence?’
- What are the various levels of ‘good threat intelligence’ and how might you be able to identify malicious behavior?
Other articles in this series:
Tyler Wall is the founder of Cyber NOW Education by night and works full time in the cybersecurity industry as his day job. He creates cybersecurity training material in his free time, often after feeling the need to shout what he’s just learned and also because a little bit of passive income never hurt anyone.
He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications
You can connect with him on LinkedIn.
Get 20% off all courses in our On-Demand catalog with coupon code “MEDIUMFRIENDS”
For a limited of time get a free copy of Jump-start Your SOC Analyst Career eBook that was published June 1, 2024, in exchange for a review on Amazon. Email tyler@cybernoweducation.com
