One month I spent in the Aegis training and certification process probably was the hardest time I have ever had in my life. I’ve seen how psychological factors have an effect on a person’s capabilities and abilities.
For years I have struggled to improve my technical side. I constantly tried to read and absorb everything I could get. However, with the Aegis training, I saw that the information I received could take me so far. Time pressure, team pressure, fear of staying behind, fear of failure, etc. The fears and anxieties I was experiencing prevented me from doing what I knew. I paralyzed many times and couldn’t access any of the data that existed in my brain. My stress level and fears prevented me to achieve my ideal performance state. I had to face everything that I feared and withdrawn while I was in the training. After accepting all this, I felt stronger.
One of the best experience I have had in Aegis training is being a team. I had to hang out individually as a result of years of negative experiences. Trusting someone else, sharing tasks, taking or giving support were things I never did. Aegis training methodology showed me how beautiful a team can be. It made me realize how comfortable it is to trust a teammate and how enjoyable it is to think together. All the difficulties I have experienced for years alone have lost their meaning when I am part of a team.
Tasks were coming for days like crazy. Even if I felt to sink to the bottom, I had to continue. However, I could not gather my mind and stand up. I knew everything would be fine if I rested for a few days, but I didn’t have a few days. It was one of those moments when I was forced to team up. I had fallen, I accepted this and started trusting my team and asking them for support.
Now, I see that besides being a team, I also fought my ego. I trusted my team and they supported me too. It was one of the best experiences I have ever had.
The Aegis training not only helped me get to know myself, but it also gave me a piece of great technical knowledge and skill. I still cannot understand how I learned so much in such a short time as a month. The technical content was so rich and the tasks were so flawless that I was astounded when I took the exam. I could easily solve the questions without understanding how.
During the training, we did not perform any passive learning. We were always in the lead role and our hands were used to everything. We dug it by ourselves for days. None of us had a hard time since we learned all these skills until we took the exam. When I look back now, they actually taught us to move, communicate, adapt and shoot mentality. There are billions of information to learn and new ones come out every day. They didn’t just teach us some of the billions of information, they actually taught us how to access and use what we need out of that information. The effect of pressure on me, my fears, the feeling of being a team, technical support and dozens of experiences I have had that I cannot think of… Those are the memories I will never forget.
Everything was so wonderful and worth living. I feel so great that I came across cyber struggle and was able to get such great training. I think that the memories I experienced in this training cannot be explained in sentences but can be experienced. Very proud to have Aegis Certification!
I had a chance to try AEGIS Certification for SOC Analyst and Threat Hunters developed by Cyber Struggle, whom I know from their outstanding RANGER training and certification.
I can break down this certification into three parts. The first part is the monitoring, threat detection, and incident handling activities going on 7/24. There is IBM Qradar as the SIEM of the CSOC network, and more integrations are on the way, such as Splunk, Alienvault, etc. I properly experimented with most of the MITRE ATT&CK vectors and TTP’s in the lab such as obfuscated commands, pivoting techniques, PowerShell payloads, and many more real-world scenarios
The second part is studying attack vectors by conducting them in the offensive labs. There you can practice AD-specific attack techniques and many more. They also provide you test machines where you can observe your own activity from logs while performing the attacks. You can use these to test and optimize your SIEM rules.
The last part is the soft skills improvement. You have a portal like a project management system of a corporation. You have weekly tasks, backlogs, daily standups, weekly retrospectives, weekly sprints, and so on. There are also random incidents that you may encounter. You are asked to detect, analyze and report them in a timely manner.
It was an education process in which we were completely prepared for the sector and the skills of learning and teaching information. It is a versatile program where we can develop defensive aspects such as aegis process, malware analysis, log management, SIEM rule writing, threat hunting as well as offensive aspects such as web exploitation, windows and Linux attack methodologies, pivoting and privilege escalation. After a short adaptation process in real-life lab environments, we have the opportunity to simulate every subject that comes to mind, except the tasks that are given without sleeping for days. Of course, a wide learning range awaits us with our instructors who are always ready with us day and night in case of any mishaps that may occur during these trial stages. In this process, I realized how long I could stay awake, how long I could perform productively, and how I could add value to myself in any way. I had heard the comfort zone conversation before, but I did not realize that it is so important in human life. In the Training and Certification process, I was surprised that we have people besides cybersecurity and psychology training, we could talk about every subject we could think of, and listen to us carefully and give us advice. Frankly, I did not expect such care. As a result, it has been a process that I can recommend without thinking and that will have an important place in my life where we can improve both cybersecurity and our soft skills.
Even though I approached education with prejudice with words like “what kind of methodology is this? it is too hard”. This training and examination process has been one of the turning points in my business and career life and even in my daily life. Before that, I left aside all the skills I gained in my education and training life from primary school to university. Because during this time, they opened a book or slide in front of us and asked the same things in the exam, and they determined our success or future. Along with this Cyber Struggle methodology, I realized that there really are somethings wrong with our classical trainings and schools. the feeling of that sweet pain of being in a simulation by yourself is completely different. With this training, people discover what they can do on their own and most importantly, their ability to work and understand. In some missions, I was incredibly angry and cursed. It was a pleasure for me to learn about my human relations and, most importantly, team spirit besides going a lot in technical terms with this training. Sometimes I was late, my friends helped me, my friends were late, I helped them. There is a lot more to write here. There is a phrase determining the mentality of Cyber Struggle “We appreciate and love technology, but we believe in people”. This phrase impressed me very much and will always remain in my mind and in a corner of my heart. First of all, I would like to thank the Cyber Struggle family and all my teammates. It was a very nice and meaningful process for me.
The Cyber Struggle Aegis certification program creates a simulation environment that simulates real-life cases for SOC Analysts. In the Aegis certification program, where I fully felt the concept of having a hybrid cybersecurity approach including attack methodologies/labs and SOC methodologies with corporate labs, there were many tasks such as writing SIEM rules, incident investigations, threat hunting, log analysis and malware analysis. On the other hand, applying many attack vectors and observing the logs in SIEM changed my perspective. Offensive labs, especially Active Directory labs, were very instructive and well designed. I highly recommend the Aegis certification program.
AEGIS is a new certification created by Cyber Struggle. Cyber Struggle is well known in the infosec community for unorthodox trainings they have brought before, not only other trainings but also some great research and blog posts. You can find additional information about trainings, certifications and articles on their website. I will break down the review into 3 sections: the materials, the labs, and the exam itself. I was part of the first batch of students when the course was created so I won’t dive too deep into specific techniques taught as the course is very up to date, therefore when you are reading this it may be very different from when I took it.
Overall I really enjoyed the material, the labs, and the exam too. There were some hiccups here and there, but that’s kind of what I expected being an early adopter. This course is aimed to equip SOC T1-T2 analysts to be able to adapt to every different topics of infosec when it’s needed, under a lot of pressure and limited time (which we call chaos). For the current price, I personally think that the value for this certification totally worths when considering other usual certifications.
The materials delivered as guides. Guides are broken down into different modules and each module contains different topics like malware analysis, digital forensics, SIEM to be used etc. Personally, I felt like the certification content has to be one of my favorites from all the certs/courses I’ve seen so far.
Keep in mind this is a beginner to intermediate course, therefore it does not dive into extremely deep technical details on each topic. However it does give you the necessary skills to adapt to every infosec topic during the lab in a limited time. Additionally guides are useful to get through the lab environment.
The whole process is followed via a “Portal” web application, which tells you what your missions are for the lab. I won’t spoil it, but I liked this model because it feels like I’m a SOC analyst getting appointed lots of tasks by my team leader or the customer. The lab network environment was built like a real live network with users, applications, servers, different subnets, and etc. There isn’t 1000+ machines to monitor like real corporate network, but there are at least one unique machine for most-used applications every corporation usually has. As a blue teamer, you will need to master each assets on your network to be able to fully monitor and defend your assets against real-life attack simulations.
The main SOC lab is given with 30 days of countdown while the offensive labs have 14 days. The analyst is responsible for constantly improving corporate security posture while responding to security incidents and other security-related demands of the simulated corporation. Missions are divided into SOC monitoring and offensive labs:
AEGIS SOC Lab
Building Attack Detection Methods
Forensics and Malware Investigations
Side missions like secure code development etc.
AEGIS Offensive Labs (Differ from the main lab, the analyst needs to pwn all machines and write reports)
The most important thing that distinguishes this certification from others and also the main mission of analysts is, it has real-life simulated incidents/attacks happening anytime of the day. From phishing attacks to full system compromise incidents, the analysts is expected to detect and report all kinds of attacks. Scenarios include also waking up in the middle of the night.
Similar to the lab process, but the analyst has limited time to get prepared for the war while pwning couple of vulnerable machines in a context of offensive labs. The exam was a time limited challenge that really required analysts to have a good grasp of the certification mindset. I can’t give too much details, but rest assured if you take your time in the lab, and make sure that you are familiar with all the topics given through the course, you will be fine for the exam. I actually think the lab itself was harder than the exam, which was great because it does a great job preparing you for the exam.
In conclusion, I would highly recommend the AEGIS certification, because it prepares analysts for the biggest trouble of SOC: Working miracles in a limited time under a great pressure. Cyber Struggle seems to be committed for delivering a good user experience. The content was great, the lab was fun, and the exam was challenging. If you are willing to take the certificate, you really need to be dedicated on it, focused, highly motivated and also ready to sacrifice from your sleep time.