SOC analysts need to be able to triage suspicious artifacts identified by alerts or while performing threat hunts. It’s common for SOC analysts to submit artifacts to public sandboxes which could alert threat actors and allow them to quickly pivot and implement new tactics and techniques or to make minor tweaks that will go undetected.

The ability to triage suspicious artifacts is typically viewed as an advanced topic left for highly technical malware analysts. This talk will provide basic examples and demonstrate how to perform initial triage of suspicious artifacts in a safe and operationally secure manner.