Triaging Suspicious Artifacts

Presented at ShellCon 2020 Virtual, Oct. 10, 2020, 3:30 p.m. (25 minutes).

SOC analysts need to be able to triage suspicious artifacts identified by alerts or while performing threat hunts. It's common for SOC analysts to submit artifacts to public sandboxes which could alert threat actors and allow them to quickly pivot and implement new tactics and techniques or to make minor tweaks that will go undetected.

The ability to triage suspicious artifacts is typically viewed as an advanced topic left for highly technical malware analysts. This talk will provide basic examples and demonstrate how to perform initial triage of suspicious artifacts in a safe and operationally secure manner.


Presenters:

  • ttheveii0x
    Dances with the dark arts • Mischievous Architect • TWVvd1dhcmU= • @ctfjawn • @defconphilly DC☠215 • Blue Team Village • about.me/veii0x • @woprsummit
  • Jonas Eichinger
    Jonas Eichinger currently works as a Sr. Consultant for Security Risk Advisors. His focus is Digital Forensics & Incident Response, malware reverse engineering, defensive tool development, and cloud security. Any time not spent taking apart payloads, investigating security incidents, or knowledge sharing is divvied up between fermenting cabbage, collecting vintage computers, and fixing old Volvo station wagons. Those are normal hobbies, right… right?

Links: