Welcome to OffSec SOC-200! We are delighted to offer a customized learning plan designed to support your learning journey and ultimately enhance your preparedness for the OffSec Defense Analyst (OSDA) certification.
The Learning Plan comprises a week-by-week journey, which includes a recommended study approach, estimated learning hours, course topics to focus on, topic labs and challenge labs to complete, as well as supplemental materials to reinforce your learning (if you so choose).
NOTE: A downloadable PDF version of the plan can be found at the end of this article.
Active OffSec SOC-200 holders can also access the OffSec Academy: OSA-SOC-200 recorded videos, which offer comprehensive guidance and lab concept demonstrations from our Academy Instructors to reinforce the learning objectives. These videos serve as a valuable resource to gain a deeper understanding of the material and enhance preparedness for the OSDA exam or to reinforce your learning. You can locate the recorded videos in the OffSec Learning Platform (OLP).
Our OffSec Mentors also play a valuable role in providing guidance and support to you by facilitating dedicated OffSec Discord channels. Through these channels, you will have the opportunity to collaborate with other learners, ask questions, and build relationships to gain a deeper understanding of the SOC-200 material and methodology. We strongly encourage you to take advantage of this resource and actively engage with our Mentors throughout your learning journey.
Click here to join the OffSec Discord server and find answers to most frequently asked questions (FAQs).
Should you encounter technical issues or have questions about VPN connections, lab access, navigating the OffSec Learning Platform, or any other related matters, our 24/7 OffSec Technical Service Team is available to assist you. Please click here to contact us.
Getting Ready
To help you prepare for SOC-200, please see the quick reference guide that will assist you in getting started with the OffSec Learning Platform (OLP) and enhance your learning experience.
Please see our Course Start Guide for further onboarding details.
Learning Plan - 12 Week
Jump to week 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
Week 1
Overview and Study Approach |
This week will focus on helping learners understand: 1) the enterprise network and its configurations |
||||
Learning Module |
Attacker Methodology Introduction |
||||
Learning Units |
Attacker Methodology Introduction: 2.1 - 2.4 |
||||
Videos for Reinforcement |
Linux Endpoint Introduction: 5.1 - 5.2 |
||||
Labs |
8.1.2 Logging on Linux and the Syslog Framework |
||||
Challenges |
None |
||||
Estimate Time (Hours) | 20 | ||||
Supplemental Learning* |
SOC-100: Enterprise Network Architecture |
Week 2
Overview and Study Approach |
This week will focus on helping learners: 1) Understand Credential Abuse on Linux |
|||
Learning Module |
Linux Server Side Attacks |
|||
Learning Units |
Linux Server Side Attacks: 9.1 - 9.3 |
|||
Videos for Reinforcement |
Linux Server Side Attacks: 5.1 - 5.14 |
|||
Labs |
9.1.1. Suspicious Logins |
|||
Challenges |
None |
|||
Estimate Time (Hours) | 20 | |||
Supplemental Learning* | None |
Week 3
Overview and Study Approach |
This week will focus on helping learners: 1) Understand Log Management |
|||
Learning Module |
SIEM Part One: Intro to ELK |
|||
Learning Units |
SIEM Part One: Intro to ELK: 17.1 - 17.3 |
|||
Videos for Reinforcement |
SIEM Part One: Intro to ELK: 15.1 - 15.2 |
|||
Labs |
17.1.2. Elastic Stack (ELK) |
|||
Challenges |
SOC-200 Labs: Challenge 1 |
|||
Estimate Time (Hours) | 20 | |||
Supplemental Learning* |
Videos: |
Week 4
Overview and Study Approach |
This week will focus on helping learners understand: 1) Windows Processes and Registry |
|||
Learning Module |
Windows Endpoint Introduction |
|||
Learning Units |
Windows Endpoint Introduction: 3.1-3.7 |
|||
Videos for Reinforcement |
Windows Endpoint Introduction: 1.1-1.3 |
|||
Labs |
3.3.1 Command Prompt |
|||
Challenges |
None |
|||
Estimate Time (Hours) | 20 | |||
Supplemental Learning* | None |
Week 5
Overview and Study Approach |
This week will focus on helping learners understand: 1) Client-Side attacks leveraging Microsoft Office |
|||
Learning Module |
Windows Client-Side Attacks |
|||
Learning Units | Windows Client-Side Attacks: 5.1-5.3 Windows Privilege Escalation: 6.1-6.3 |
|||
Videos for Reinforcement | Windows Client-Side Attacks: 3.1-3.2 Windows Privilege Escalation: 4.1-4.2 |
|||
Labs |
5.1.3 Using Macros |
|||
Challenges |
None |
|||
Estimate Time (Hours) | 20 | |||
Supplemental Learning* | None |
Week 6
Overview and Study Approach |
This week will focus on helping learners understand: 1) disk based Persistence |
|||
Learning Module |
Windows Persistence |
|||
Learning Units |
Windows Persistence: 7.1-7.3 |
|||
Videos for Reinforcement |
Windows Persistence: 9.1-9.2 |
|||
Labs |
7.1.1 Persisting via Windows Service |
|||
Challenges |
SOC-200 Labs: Challenge 3 |
|||
Estimate Time (Hours) | 20 | |||
Supplemental Learning* |
Videos:
|
Week 7
Overview and Study Approach |
This week will focus on helping learners understand: 1) Intrusion Detection Systems |
|||
Learning Module |
Network Detections |
|||
Learning Units | Network Detections: 11.1-11.4 Antivirus Alerts and Evasion: 12.1-12.3 Network Evasion and Tunneling: 13.1-13.4 |
|||
Videos for Reinforcement | Network Detections: 8.1-8.3 Antivirus Alerts and Evasion: 10.1-10.2 Network Evasion and Tunneling: 12.1-12.2 |
|||
Labs | 11.1.2 Foundations of IDS and Rule Crafting 11.2.1 Known Vulnerabilities 11.2.2 Extra Mile I 11.2.3 Novel Vulnerabilities 11.3.1 C2 Infrastructure 11.3.2 Extra Mile II 11.3.3 Network Communications 12.1.2 Signature-Based Detection 12.1.3 Real-time Heuristic and Behavioral-Based Detection 12.2.2 Bypassing AMSI 13.2.1 Detecting Egress Busting 13.3.2 Port Forwarding and Tunneling in Practice |
|||
Challenges |
None |
|||
Estimate Time (Hours) | 25 | |||
Supplemental Learning* | None |
Week 8
Overview and Study Approach |
This week will focus on helping learners: 1) Learn how attackers abuse the Lightweight Directory Access Protocol |
|||
Learning Module |
Active Directory Enumeration |
|||
Learning Units | Active Directory Enumeration: 14.1-14.3 Active Directory Persistence: 16.1-16.2 |
|||
Videos for Reinforcement | Active Directory Enumeration: 11.1-11.2 Active Directory Persistence: 14.1 |
|||
Labs | 14.1.1 Understanding LDAP 14.1.2 Interacting with LDAP 14.1.3 Enumerating Active Directory with PowerView 14.2.1 Auditing Object Access 14.2.2 Baseline Monitoring 14.2.3 Using Honey Tokens 16.1.1 Domain Group Memberships 16.1.2 Domain User Modifications 16.1.3 Golden Tickets |
|||
Challenges |
SOC-200 Labs: Challenge 5 |
|||
Estimate Time (Hours) | 20 | |||
Supplemental Learning* |
Videos:
|
Week 9
Overview and Study Approach |
In this week learners will practice the skills they have learnt so far against the SOC-200 Challenge Labs. |
|||
Learning Module | None | |||
Learning Units | None | |||
Videos for Reinforcement | OSA-SOC-200: Week 6 - Challenge 8 Demo: 6.1 | |||
Labs | None | |||
Challenges |
SOC-200 Labs: Challenge 7 |
|||
Estimate Time (Hours) | 10 | |||
Supplemental Learning* | None |
Week 10
Overview and Study Approach |
In this week learners will practice the skills they have learnt so far against the SOC-200 Challenge Labs. |
|||
Learning Module | None | |||
Learning Units | None | |||
Videos for Reinforcement | ||||
Labs | None | |||
Challenges |
SOC-200 Labs: Challenge 9 |
|||
Estimate Time (Hours) | 10 | |||
Supplemental Learning* | None |
Week 11
Overview and Study Approach |
In this week learners will practice the skills they have learnt so far against the SOC-200 Challenge Labs. |
|||
Learning Module | None | |||
Learning Units | None | |||
Videos for Reinforcement | ||||
Labs | None | |||
Challenges |
SOC-200 Labs: Challenge 11 |
|||
Estimate Time (Hours) | 10 | |||
Supplemental Learning* | None |
Week 12
Overview and Study Approach |
In this week learners will practice the skills they have learnt so far against the SOC-200 Challenge Labs. |
|||
Learning Module | None | |||
Learning Units | None | |||
Videos for Reinforcement |
None |
|||
Labs | None | |||
Challenges |
SOC-200 Labs: Challenge 13 |
|||
Estimate Time (Hours) | 10 | |||
Supplemental Learning* | None |
*Note: The Supplemental Learning section described above offers an opportunity to enhance your understanding of the specific topics covered during the assigned week. They are Supplemental Learning and are not required.