A comprehensive collection of write-ups and study materials for the LetsDefend SOC Analyst Learning Path. This repository is designed to document the learning journey, provide clear explanations for various SOC concepts, and offer solutions to practical scenarios encountered during the certification process.
The repository is organized into structured modules, following the SOC Analyst learning path. Each module includes detailed markdown write-ups and supporting visual assets.
.
├── SOC
│ ├── Assets # Visual aids and screenshots used in write-ups
│ │
│ ├── MD Files # Detailed markdown write-ups for each lecture
| | |
│ | ├── 1) SOC Fundamentals
│ | ├── 2) Cyber Kill Chain
│ | ├── 3) MITRE ATT&CK Framework
│ | ├── 4) Introduction to Phishing
| | ├── 5) Detecting Web Attacks
| | ├── 6) Detecting Web Attacks - 2
| | ├── 7) How to Investigate a SIEM Alert
| | ├── 8) Malware Analysis Fundamentals
| | ├── 9) Dynamic Malware Analysis
| | ├── 10) Malicious Document Analysis
| | ├── 11) Security Solutions
| | ├── 12) Network Log Analysis
| | ├── 13) SIEM 101
| | ├── 14) Incident Management 101
| | ├── 15) Splunk
| | ├── 16) Cyber Threat Intelligence
| | ├── 17) VirusTotal for SOC Analysts
| | ├── 18) IT Security Basis for Corporates
| | ├── 19) Detecting Brute Force Attacks
| | └── 20) Building a Malware Analysis Lab
| |
| └── Labs
| |
| ├── 1) SOC282 - Phishing Alert
| ├── 2) 28 - SOC105 - Requested T.I. URL address
| ├── 3) 36 - SOC104 - Malware Detected
| ├── 4) 83 - SOC119 - Proxy - Malicious Executable File Detected
| ├── 5) 85 - SOC109 - Proxy - Emotet Malware Detected
| ├── 6) 84 - SOC104 - Malware Detected
| ├── 7) 92 - SOC145 - Ransomware Detected
| ├── 8) 20 - SOC105 - Requested T.I. URL address
| ├── 9) 14 - SOC104 - Malware Detected
| ├── 10) 75 - SOC105 - Requested T.I. URL address
| ├── 11) 76 - SOC137 - Malicious File Script Download Attempt
| └── 12) 320 - SOC342 - CVE‑2025‑53770 SharePoint ToolShell Auth Bypass and RCE
|
|
├── LICENSE # MIT License
└── README.md # Project overview and structure
- SOC Fundamentals
- Cyber Kill Chain
- MITRE ATT&CK Framework
- Introduction to Phishing
- Detecting Web Attacks
- Detecting Web Attacks - 2
- How to Investigate a SIEM Alert
- Malware Analysis Fundamentals
- Dynamic Malware Analysis
- Malicious Document Analysis
- Security Solutions
- Network Log Analysis
- SIEM 101
- Incident Management 101
- Splunk
- Cyber Threat Intelligence
- VirusTotal for SOC Analysts
- IT Security Basis for Corporates
- Detecting Brute Force Attacks
- Building a Malware Analysis Lab
- 75 - SOC105 - Requested T.I. URL address
- 14 - SOC104 - Malware Detected
- 36 - SOC104 - Malware Detected
- 83 - SOC119 - Proxy - Malicious Executable File Detected
- 85 - SOC109 - Proxy - Emotet Malware Detected
- 84 - SOC104 - Malware Detected
- 92 - SOC145 - Ransomware Detected
- 20 - SOC105 - Requested T.I. URL address
- 28 - SOC105 - Requested T.I. URL address
- 76 - SOC137 - Malicious File Script Download Attempt
- 320 - SOC342 - CVE-2025-53770 SharePoint ToolShell Auth Bypass and RCE
This project is licensed under the MIT License - see the LICENSE file for details.
Disclaimer: These write-ups are for educational purposes and are based on the LetsDefend SOC Analyst Learning Path.
