AEGIS is a new certification created by Cyber Struggle. Cyber Struggle is well known in the infosec community for unorthodox trainings they have brought before, not only other trainings but also some great research and blog posts. You can find additional information about trainings, certifications and articles on their website. I will break down the review into 3 sections: the materials, the labs, and the exam itself. I was part of the first batch of students when the course was created so I won’t dive too deep into specific techniques taught as the course is very up to date, therefore when you are reading this it may be very different from when I took it.
Overall I really enjoyed the material, the labs, and the exam too. There were some hiccups here and there, but that’s kind of what I expected being an early adopter. This course is aimed to equip SOC T1-T2 analysts to be able to adapt to every different topics of infosec when it’s needed, under a lot of pressure and limited time (which we call chaos). For the current price, I personally think that the value for this certification totally worths when considering other usual certifications.
Materials
The materials delivered as guides. Guides are broken down into different modules and each module contains different topics like malware analysis, digital forensics, SIEM to be used etc. Personally, I felt like the certification content has to be one of my favorites from all the certs/courses I’ve seen so far.
Keep in mind this is a beginner to intermediate course, therefore it does not dive into extremely deep technical details on each topic. However it does give you the necessary skills to adapt to every infosec topic during the lab in a limited time. Additionally guides are useful to get through the lab environment.
Lab
The whole process is followed via a “Portal” web application, which tells you what your missions are for the lab. I won’t spoil it, but I liked this model because it feels like I’m a SOC analyst getting appointed lots of tasks by my team leader or the customer. The lab network environment was built like a real live network with users, applications, servers, different subnets, and etc. There isn’t 1000+ machines to monitor like real corporate network, but there are at least one unique machine for most-used applications every corporation usually has. As a blue teamer, you will need to master each assets on your network to be able to fully monitor and defend your assets against real-life attack simulations.
The main SOC lab is given with 30 days of countdown while the offensive labs have 14 days. The analyst is responsible for constantly improving corporate security posture while responding to security incidents and other security-related demands of the simulated corporation. Missions are divided into SOC monitoring and offensive labs:
AEGIS SOC Lab
Decision Making
Prioritization
Planning
Asset Management
Building Attack Detection Methods
Tier1/Tier2 Analysis
Reporting
Forensics and Malware Investigations
Side missions like secure code development etc.
AEGIS Offensive Labs (Differ from the main lab, the analyst needs to pwn all machines and write reports)
Windows Machines
Linux Machines
The most important thing that distinguishes this certification from others and also the main mission of analysts is, it has real-life simulated incidents/attacks happening anytime of the day. From phishing attacks to full system compromise incidents, the analysts is expected to detect and report all kinds of attacks. Scenarios include also waking up in the middle of the night.
Exam
Similar to the lab process, but the analyst has limited time to get prepared for the war while pwning couple of vulnerable machines in a context of offensive labs. The exam was a time limited challenge that really required analysts to have a good grasp of the certification mindset. I can’t give too much details, but rest assured if you take your time in the lab, and make sure that you are familiar with all the topics given through the course, you will be fine for the exam. I actually think the lab itself was harder than the exam, which was great because it does a great job preparing you for the exam.
Additional Thoughts
In conclusion, I would highly recommend the AEGIS certification, because it prepares analysts for the biggest trouble of SOC: Working miracles in a limited time under a great pressure. Cyber Struggle seems to be committed for delivering a good user experience. The content was great, the lab was fun, and the exam was challenging. If you are willing to take the certificate, you really need to be dedicated on it, focused, highly motivated and also ready to sacrifice from your sleep time.