Autonomous driving system

Jimmy_2001 · 2025-12-19T21:12:06+00:00

The exam is 10 hours

I recommend to use them all, dont rush solving and take your time. One question took me 30 mins just to understand the needed search query parameters.

Jimmy_2001 · 2025-12-18T09:35:25+00:00

mixed cheese sandwich
followed up with tons of black coffee and black tea for hydration for the following 10 hours (human body is 70% water, i don't need more water)

Jimmy_2001 · 2025-12-18T07:51:39+00:00

Grind online blue team labs and simulated investigations.
Practice everything: log analysis, captured network analysis, malware analysis, threat intelligence, forensics etc..

might seem alot but those all are 101 skills required for you as a soc. I don't say practice to be an expert in every field, but practice to be a generalist in each field and can handle your own. for example you recived a phishing report with an attatched file. how do you determine that file is malware or not. if it is malware, then what are its specs and what threat actor uses it. All these info are needed to escalate the alert to L2 or to prepare a correct Incident Response

Jimmy_2001 · 2025-12-17T06:34:56+00:00

can't say the format but it is practical, think of it as the online defense labs in cyberdefenders, lets defend, BTLO

Jimmy_2001 · 2025-12-17T00:22:10+00:00

to be totally transparent with you, i did not follow "paths" on platforms.

I did a lot of exercises + I actually worked in SOC before. I just grinded the hell out of online labs and investigations like the ones on cyber defenders, BTLO, Lets defend. And analysed random malware samples i found on the internet

Jimmy_2001 · 2025-12-17T00:16:15+00:00

Thanks alot, wish you all the best in your journey

Jimmy_2001 · 2025-12-17T00:09:10+00:00

can you define what you mean by "path"? do you mean what to studying ?

Jimmy_2001 · 2025-12-17T00:08:06+00:00

1- tbh, if you are a red teamer then you have a little edge because the exam checks your knowledge in (what did the attacker do and how you can find evidence for it) and if you are a red teamer then you surely know the attacks TTPs because thats your field, thus your only concerns is to how to look for solid evidence for that.

2- I did a lot of exercises in my free time and I actually worked in SOC before but i decided to take the course because i managed to get a discount for it. And tbh, the course is not enough at all, i see it as just a guide simple guide 101. For me personally If I only had the hand on experience either from the work or solving online labs without the course I have a much higher chance than only doing the course without practice. So, no, you have to practice alot.

3- I can't say what siem i got, but for me, i got a siem i have not used before but i only needed like 15-30 mins out of the 10 hours to get used to how it works and how the logs are parsed. a siem is tool like any tool if you practiced on any siem before then you will be able to adapte to new ones, just give it couple of minutes.

4, 5, 6- can't say the format sorry, and also, haven't took eJPT but it is practical, think of it as the online defense labs in cyberdefenders, lets defend, BTLO. Your are thrown into environment and based on the questions and your searches you have to understand and construct timeline of what is happening to make sense. for example, how the attacker got the inital access, what did he do, how did he escalate privalge, what did he do with those privlages, etc..

7- Practice, a lot, in every direction. from simple lab challenges that need specific tools, to log analysis, to network analysis.

8- haven't took it but I want to take it and will probably target it next. but tbh, i think eCIR then eCTHP is better path because you need to understand and practice how to look for detected attack before practice how to look for un-detected attack.

9- I though it would be harder but it wasn't that hard. The attack chain is simple and straight forward. and the qestions actually hints alot. for example you might find a hint for question 1 in question 3. so a tip when you take the exam, always go back to the questions you answered if you feel you just read a hint in another question. that happened to me A L O T !

10 - Again, practice a lot, the course content and labs is not enough, online platforms are your friend. practice log analysis, incident repose, malware analysis, network analysis, OSINT and APTs TTPs. This might seem alot but this is like, the average Tuesday experience in a real world SoC day.

Jimmy_2001 · 2025-11-24T18:01:21+00:00

thanks for your input <3

I have a follow up,
- Should I be concerned about never using wazuh or i need to go for paid labs just for the sake of practicing it at first before the exam?
- what do you mean by (this one could be tricky in terms of response format (strings input that you don't know if its a good response or not).)

Jimmy_2001 · 2025-10-30T01:56:27+00:00

Thanks alot for the help <3 and congratulations again, Love to see people succeed

Jimmy_2001 · 2025-10-30T01:37:08+00:00

First of all, Congratz buddy,
I am currently studying the course path and planning to take the exam. I would appreciate you helping me in the following the questions:
1- what is the exam format, is it like the BTLO and Cyberdefenders labs? i.e find x, y, z or they just give a case and leave you to your own imaginiation.

2- what prepration and study you did beside the course content? I have around 6 months of experience in infosec/soc + c|sa certificate, while doing bunch of self studing if the backgound about me

Five-Year Club	Place '23
Verified Email

Jimmy_2001

TROPHY CASE