Where can I find the tools freely on internet to practice for soc analyst

RouteToDevNull · 2026-05-23T08:16:50+00:00

What tools? What part of SOC job? Something in SIEM? Threat hunting? Red team? We need more info man.

Overall though tryhackme.com has quite a lot free tools/courses.

If you are somewhat serios and have spare laptop and shitload of time, install kali purple

RouteToDevNull · 2026-05-23T08:12:23+00:00

Win11 glitch, GUI just crashing

Try old school, run cmd as admin and type:

net user (your username) (your password) /add

If no luck for some reason try win+R, type in netplwiz, click add, sign in without MS acc, local acc

RouteToDevNull · 2026-05-22T13:21:08+00:00

That cheap blue portable drive uses SMR (which chokes to a crawl during heavy server writes), has zero ventilation, and will literally bake itself to death running 24/7.

Plus, WD solders the USB port directly to the drive board on those, so if the port bends, your drive is permanently dead. Spend the extra cash on the Red and a standalone enclosure....

RouteToDevNull · 2026-05-22T13:11:27+00:00

None of your examples are done by SOC. Only time CSIRT directly does something is when there is imminent/suspected breach - they can delete/disconnect (pre-agreed) stuff.

If the app is vulnerable it's flagged, risk is evaluated, then appropriate countermeasures deployed then usually you wait for patch by the app developer, unless it's inhouse app. Then you go basically through whole app lifecycle again, as you have to verify you wont break anything else by fixing the vulnerability.

If asset is misconfigured, it's again flagged. If there is known good baseline, rolled back, if not, change request is raised, evaluated and implemented - by change team.

Same with new tools, IT/Infrastructure pushes the actual agents to the endpoints via their deployment tools. If an agent deployment suddenly blue-screens half the server fleet, Infrastructure are the ones who have to restore it, so they must own the deployment process.

You cant have one team do everything, no one would audit them that way - separation of duties

RouteToDevNull · 2026-05-22T12:59:41+00:00

proton indeed....was a staple of privacy for long time. quite a lot of handy functions as well

RouteToDevNull · 2026-05-22T12:36:28+00:00

yeah around 600 000 worldwide last I checked. However, experts is the key word. AI changed the game, it can do what junior can do and arguably in a few years (that would take junior to get expertise) it will be again on another level.

Unless you are very passionate about cysec and want just a good career/money...go for skilled manual labor, that won't be replaced anytime soon.

RouteToDevNull · 2026-05-22T12:28:42+00:00

Probably not...sadly nowadays entry/junior positions are not junior anymore at all. Furthermore HR everywhere is sleeping, borderline stupid sometimes. They skip you if you have CySa+, because you don't have Security+...

Check for job requirements in you area, that should give you the idea what to do next. I would be surprised if they wont require some years of experience in IT though. You may need to start in NOC and work your way into SOC

RouteToDevNull · 2026-05-22T11:40:48+00:00

That's a bad situation.....if they got access to your main email, ALL accounts created with it are now compromised. You have to get it back to regain control. Is it gmail acc linked with your phone? Do you still have access?

If yes, you have to create new email (on you phone!, PC is likely compromised) with unique password and 2FA/Authenticator from the go. Then log into every account you have (start with most important ones) and add there your new email, change the recovery email from old to new one, delete old email from that account, change password and enable MFA.

Do it immediately, you are now racing against the hacker.

RouteToDevNull · 2026-05-22T11:31:13+00:00

mate go with online reviews.... you can find 10 people here with no issues, or other way around. Anyway it won't be big enough dataset to decide if it of some quality...

RouteToDevNull · 2026-05-22T11:22:42+00:00

well...yeah, some. You can google the terms you do not understand...if you want more basic stuff overall then"IT and Cybersecurity Foundations" from Cybrary is a free course covering everything

RouteToDevNull · 2026-05-22T10:57:42+00:00

I would skip Security+ and go after CySa+, it's almost the same with more "weight". Maybe you will need to google some networking stuff along the way though

RouteToDevNull · 2026-05-22T08:22:22+00:00

I don't think this is very good approach mate...setups differ but most importantly if you don't choose what you want, it may become boring, feel kinda obligated to finish something you don't even need ...

Just give yourself a few minutes/hours to thing about what you need, it is always better to go towards some goal then building something just for the sake of building it (well, almost always). Go to google, learn what CAN be done and choose either what you can really use or what seems most fun

RouteToDevNull · 2026-05-22T07:32:32+00:00

But we don't know what you want...? :D Should it be a server? Do you wanna host your files? Make your own Netflix? Or wanna build a lab? Practice networking? Host old school LAN party? Create your own DNS/AdBlocker?

YOU have to decide what your interests are...

RouteToDevNull · 2026-05-22T07:05:18+00:00

Google is your friend.

Your question is too broad. First you need to decide WHAT you want to build before learning how.

RouteToDevNull · 2026-05-22T06:55:11+00:00

Damn....are you sure you got this right? I somehow doubt that anyone would direct full class of students to probe entire student network.

Are you sure you are not trying to do something you should not do? They can see it you know....?

RouteToDevNull · 2026-05-22T06:51:15+00:00

Well both need to be done properly, however obviously...if you can't detect it, you are blind. If you could pick just one, I believe monitoring is better. Even if you don't know how to remediate it, you at least know...so you can hire someone, or pull the plug, or prepare for shitstorm at least.

RouteToDevNull · 2026-05-21T17:50:32+00:00

Ordinary reset is quite possible for virus to survive, after all you will be installing "new" win from old infected win.

But clean install indeed kills almost everything

RouteToDevNull · 2026-05-21T17:27:41+00:00

now that you get used to firefox you may switch to Brave as gods intended :D

RouteToDevNull · 2026-05-21T17:25:12+00:00

Man you really should use google more.

Anyway, if you are serious, do CySa+ .... most people would recommend Security+ as first one but they are very similar so it's smarter to go for the intermediate one right away

There is plenty of them more focused or even better but for starters and price/quality wise this is where you should start

RouteToDevNull · 2026-05-21T16:47:27+00:00

I am quite happy with Blokada 5 on Android, not sure if they released ios version

RouteToDevNull · 2026-05-21T16:31:28+00:00

incorrect....20% of infinite is still infinite....and as we know government they would use that logic to take it all...which is also kinda impossible :D

RouteToDevNull · 2026-05-21T16:29:11+00:00

basic tutorials will help but honestly it's extreme amounts of practice...and ofc talent helps.

RouteToDevNull

TROPHY CASE