Diving into SOC Skills with John Strand
The other day I was on LinkedIn looking for jobs and reading cyber security news and something came across my feed that made me stop scrolling. It was an opportunity to take a course from Wild West Hacking Fest. Recently I was looking at their courses, and so many of them were very interesting, and the instructors were some of the brightest minds in InfoSec. The only thing that was stopping me was the price. It’s been rough being unemployed, while transitioning my career so paying hundreds of dollars for a course was a barrier to entry for me.
I figured that this would be another one of those classes, so very interesting, but just out of reach due to pricing. I clicked the link and read about the class, and it was and ideal class for me. It was a class on SOC skills, and those are the roles I am currently applying for and working to get into. Best of all it was taught by John Strand, someone that since diving deeper into cyber security, I have read a lot of his work and admired. There was no price on the page when I looked at it, but there was a register button. Being the curious cat that I am I clicked the link and was greeted with a message saying that the course is Pay What You Can.
I was thrilled. I was able to take a course from Wild West Hacking Fest and it was affordable for me. I paid what I could and signed up for the course. I was so excited when I received my confirmation email and the invite to the class discord. I couldn’t wait to start the course on Monday morning. I made sure to watch the discord for when the VM would go up so I could download it and start playing with it. Over the weekend I even listened to the Darknet Diaries episode with John Strand. I was stoked for the class.
Monday morning rolls around I made sure everything is all set up and ready to go. The class started with some small talk. It was fun to listen to them banter back and forth and it really broke the ice before the class started. When class started we started off by going over networking. John went over a lot of things, that over the past couple of months I have become very familiar with like the OSI model, port numbers, and TCP/IP. However the way he reviewed these topics kind of made some concepts click for me and improved my understanding. We finished the networking section with using tcpdump and wireshark. John went over tcpdump and really helped me wrap my head around it and why it is oftentimes a better option in some situations than Wireshark. The lab we did ran really well on the machine and it was a fun and interesting lab. After networking we moved onto Linux. I am familiar with Linux but of course John found a way to keep expanding my knowledge of it. Before I knew it, the day was done and John stuck around to answer a bunch of questions from the group.
That night I went back and watched the class video again (they even gave us a recording of the classes each day) and jotted down some things I missed. I couldn’t wait to continue on Tuesday.
Tuesday came and we started finishing Linux and doing a pretty cool lab with linux that went over created a backdoor using netcat and backpipe. I have seen it done in a couple of courses I have looked at, but never quite understood how it worked, but the explanation he gave for how and why it worked helped me figure out exactly why it works. And to top it all off he showed us how to identify the signs of a compromises like that.
We continued onto Windows, which I was extremely excited for. I am very familiar with Windows, but it seems like every time I take a course that covers Windows, I learn something new, and I love that. I was particluarly excited for this as I knew we would be covering incident response and the beginning stages of threat hunting. The majority of my work thus far has been basics and offensive security, so I was dying to see how it is from the other side.
We started going through what we should do in response to an incident. We went through what we should look for on the network side, and how to dig deeper into any findings. We then went over how to dig into the processes. This was awesome to learn, as I have been using these not to the best of their abilities. However the highlight of the class thus far for me was the final lab we did for the day.
The lab was a cool lab where we created malware with msfvenom and sending it over to the victim windows machine. This is something I have done over a hundred times on random boxes between TryHackMe, Vulnhub, and HackTheBox, but havent really though about how it looks on the other end. The lab walked us through hunting down the meterpreter reverse shell and identifying it from the rest. It was really enlightening and made some gears turn in my head of ways that I can defend against it and as an attacker improve it.
I can’t wait for the next day of class tomorrow. John said we would be getting more in depth on the topics and go deeper into threat hunting and using some more tools. Overall the class has been great, its my first time taking a live course from a convention like Wild West Hacking Fest, so being in the discord with chat helping and getting help has been an awesome experience. I have enjoyed and learned so much, that I even enrolled in the next course in the serious from Wild West Hacking Fest, Getting Into Security.
I am super thankful for this course series offered by Wild West Hacking Fest, Black Hills, and Antisyphon training. It has been such a great resource in learning and to offer it as pay what you can is beyond generous. There are not many industries where you can be taught by someone of John’s pedigree for a reasonable price. I mean can you imagine going to a stock trading course taught by Steve Cohen, or a medical course taught by a brain surgeon. It really gives me hope that this was the right choice in my career. The InfoSec community seems welcoming to those who want to learn and put in the work and I hope to someday be in the shoes of someone like John where i can offer my knowledge to those who really want it, and not just because they can pay a large price.