Analysis | Techniques | Tools
Similar Posts
Cyber Analysis 101
To look for hashes in your environment, you should check devices using an enterprise EDR or a similar solution with visibility into each connected device. But first, it is recommended to research the hash via a reputation tool such as VirusTotal – Home. To find IP addresses in your environment, use an enterprise SIEM solution…
The Triple Punch
Standard Endpoint Investigation Workflow Objective: To determine if a file is safe or malicious, find out who has it, and confirm if security controls (Antivirus) took action. Punch 1: The Inventory Hunt (Scope & Presence) Punch 2: The Reputation Check (Global Intel) Punch 3: The Log Audit (Security Action) Investigation Summary Checklist
DomainTools — Tool Overview
What is DomainTools? DomainTools is a domain and DNS-based cyber threat intelligence platform used by security teams to investigate suspicious domains, IP addresses, and internet infrastructure. It enables security practitioners to stop threats before they happen using internet intelligence data, detection and monitoring tools, and predictive risk scoring. For SOC analysts, DomainTools is primarily used…
VirusTotal — Tool Overview
What is VirusTotal? VirusTotal is a free, web-based threat intelligence service that aggregates results from over 70 antivirus engines, URL scanners, and security vendors to analyze suspicious files, hashes, URLs, IP addresses, and domains. It is widely used across the security community as a quick and reliable reference point during threat investigations. No account or…
Cyber Analysis 102
Endpoint Analysis & Asset Investigation — L1 SOC Analyst Guide Overview This guide covers the initial steps for investigating endpoint alerts for the L1 Analyst onboarding. The focus is on determining whether a known malicious hash exists in the environment and identifying the affected device and its user. By the end of this section you…
Endpoint Analysis 101
Endpoint Analysis & Asset Investigation — L1 SOC Analyst Guide Overview This guide covers the initial steps for investigating endpoint alerts for the L1 Analyst onboarding. The focus is on determining whether a known malicious hash exists in the environment and identifying the affected device and its user. By the end of this section you…