Go to The DFIR Report . Pick the most recent "Ransomware" write-up. Copy the first IP address listed. Put it into VirusTotal (Relations tab). Find the associated domain. Put that domain into URLhaus . See the malware sample. Ask yourself: How did the initial analyst spot this?
As a Security Operations Center (SOC) analyst, investigating threats is a critical component of your job. With the ever-evolving threat landscape, it's essential to stay up-to-date on the latest techniques and best practices for effective threat investigation. In this article, we'll provide an overview of the key steps and strategies for SOC analysts to conduct thorough and efficient threat investigations. Go to The DFIR Report
: Focuses on investigation-specific challenges, including analyzing PCAP files and forensic data to find a threat's root cause. Put it into VirusTotal (Relations tab)
While SANS courses and vendor certifications can cost thousands of dollars, the core principles of are available right now for free. You just need to know where to look. See the malware sample
: Use tools to correlate data across multiple sources—like comparing firewall logs with endpoint activity—to see the full attack path rather than a single isolated event.