SOC-200 — Foundational Defensive Operations & Analysis (OSDA)

Section 01

01. At a Glance

About the course

SOC-200 trains defenders the way OSCP trains attackers — fully hands-on, with a 24-hour practical exam. Macksofy's bootcamp covers Splunk, Elastic, Sysmon and EDR triage in real-world scenarios.

Section 02

02. Who Is This Course For

• SOC analysts (Tier-2/3)
• Threat hunters
• Incident responders

Prerequisites

• Basic Windows/Linux administration
• Networking fundamentals

Section 03

03. What You Will Be Able To Do

• Detect attacker TTPs across Windows, Linux and AD
• Use EDRs and SIEMs to investigate live incidents
• Pass the 24-hour OSDA (SOC-200) exam

Section 04

04. Curriculum — 19 Modules

Module structure and topic coverage authored by Macksofy Technologies based on the publicly-published vendor syllabus, current as of the issue date of this brochure. Vendor reserves the right to revise content; Macksofy keeps cohort material aligned to the latest release.

1. Module 01

   Module 01 · Attacker Methodology Introduction

   3 topics
   • Cyber Kill Chain & MITRE ATT&CK alignment
   • Pyramid of Pain
   • Common attacker tradecraft overview
2. Module 02

   Module 02 · Windows Endpoint Introduction

   3 topics
   • Windows architecture for defenders
   • Sysmon configuration (industry-standard ruleset)
   • Key event IDs (4624, 4625, 4688, 4720, 7045, 4732)
3. Module 03

   Module 03 · Windows Server-Side Attacks

   3 topics
   • Detecting brute-force & password spraying
   • RDP / SMB / WinRM abuse detection
   • Service-creation indicators
4. Module 04

   Module 04 · Windows Client-Side Attacks

   3 topics
   • Office macro detection
   • PowerShell-based attack indicators
   • ScriptBlock & Module logging
5. Module 05

   Module 05 · Windows Privilege Escalation

   3 topics
   • Token-impersonation indicators
   • Service-misconfiguration abuse signals
   • UAC bypass detection
6. Module 06

   Module 06 · Windows Persistence

   3 topics
   • Run-keys, scheduled tasks, services
   • WMI subscriptions
   • DLL search-order hijacking detection
7. Module 07

   Module 07 · Windows Credentials

   3 topics
   • LSASS access detection
   • Mimikatz indicators
   • DPAPI / Credential Guard considerations
8. Module 08

   Module 08 · Windows Lateral Movement

   3 topics
   • WinRM, WMI, PsExec, smbexec, dcomexec indicators
   • Pass-the-hash detection
   • Remote-service-creation signals
9. Module 09

   Module 09 · Active Directory Enumeration & Attacks

   3 topics
   • BloodHound query indicators
   • Kerberoast / AS-REP roast detection
   • DCSync detection
10. Module 10

    Module 10 · Linux Endpoint Introduction

    3 topics
    • auditd configuration
    • syslog & journald analysis
    • Bash-history forensics
11. Module 11

    Module 11 · Linux Server-Side Attacks

    3 topics
    • SSH brute-force & key-abuse detection
    • Web-app attack signals on Linux
    • Container runtime indicators
12. Module 12

    Module 12 · Linux Privilege Escalation

    3 topics
    • SUID / sudo abuse detection
    • Cron-job tampering signals
    • Kernel-exploit indicators
13. Module 13

    Module 13 · Network Detections

    3 topics
    • IDS / IPS — Suricata & Zeek
    • Network-flow analysis
    • Beaconing detection
14. Module 14

    Module 14 · Antivirus Alerts and Evasion

    3 topics
    • Triaging EDR alerts
    • Detecting AMSI / ETW patching
    • Custom-payload identification
15. Module 15

    Module 15 · Active Directory Persistence

    3 topics
    • Golden / silver tickets
    • DCShadow detection
    • AdminSDHolder modifications
16. Module 16

    Module 16 · SIEM Part One — Intro to ELK

    3 topics
    • Logstash filter writing
    • Elasticsearch index design
    • Kibana visualisation & dashboards
17. Module 17

    Module 17 · SIEM Part Two — Combining the Logs

    3 topics
    • Cross-source correlation
    • Sigma rule writing
    • Alert tuning workflow
18. Module 18

    Module 18 · Trying Harder — The Labs

    3 topics
    • End-to-end OSDA-style investigation
    • 24-hour exam strategy
    • Reporting per OffSec defensive standards
19. Module 19

    Macksofy bootcamp · Real-world IR playbooks

    3 topics
    • Phishing IR (Macksofy case)
    • Ransomware IR (Macksofy case)
    • Cloud incident IR (AWS / Azure)

Section 05

05. Tools You Will Operate

Section 06

06. Career Outcomes

Section 07

07. Placement Support

Macksofy's placement desk works directly with 80+ hiring partners across India and the UAE. Resume coaching, mock interviews and direct intros included.

• 1:1 resume + LinkedIn rewrite with our hiring desk
• Mock interviews with active practitioners
• Direct intros to BFSI, fintech and Big-4 partners
• UAE placement support (Dubai, Abu Dhabi)

Section 08

08. Why Macksofy

• Vendor-true delivery — Macksofy is a hands-on cybersecurity training provider delivering practitioner-led bootcamps with exam-prep support.
• Practitioner-led delivery — every Macksofy instructor is a working OSCP / OSWE / OSEP / CISA-certified consultant on real client engagements during the week.
• Mentor support until you pass — extended access to mentor office hours and exam-day prep at no additional cost.
• Placement desk — Macksofy works with 80+ hiring partners across India and the UAE; your post-course resume, portfolio review and mock interviews are included.
• Indian classroom + online cohorts — onsite delivery in Mumbai BKC and Hyderabad HITEC City; live virtual cohorts pan-India with recordings.

Section 09

09. How to Enrol

1. Submit the enquiry form at macksofy.com/contact or call +91 99308 24239.
2. A Macksofy advisor will respond within 4 business hours with the next batch dates, payment terms and invoice.
3. Confirm enrolment via NEFT / RTGS / corporate card. EMI options available for select courses.
4. Receive welcome kit, lab credentials and the cohort calendar within 24 hours of confirmation.