All times are in Pacific Daylight Time (UTC-0700).
SOC analysts need to be able to triage suspicious artifacts identified by alerts or while performing threat hunts. It’s common for SOC analysts to submit artifacts to public sandboxes which could alert threat actors and allow them to quickly pivot and implement new tactics and techniques or to make minor tweaks that will go undetected.
The ability to triage suspicious artifacts is typically viewed as an advanced topic left for highly technical malware analysts. This talk will provide basic examples and demonstrate how to perform initial triage of suspicious artifacts in a safe and operationally secure manner.
Dances with the dark arts • Mischievous Architect • TWVvd1dhcmU= • @ctfjawn • @defconphilly DC☠215 • Blue Team Village • about.me/veii0x • @woprsummit
Read MoreJonas Eichinger currently works as a Sr. Consultant for Security Risk Advisors. His focus is Digital Forensics & Incident Response, malware reverse engineering, defensive tool development, and cloud security. Any time not spent taking apart payloads, investigating security incidents, or knowledge sharing is divvied up between fermenting cabbage, collecting vintage computers,...
Read More© 2024 ShellCon