04-27, 10:50–11:20 (Europe/London), Sophia Room - Track 2
In the ever-evolving landscape of cybersecurity threats, SOC analysts play a vital role in detecting, investigating, and responding to incidents. To excel in their mission, SOC analysts need to leverage a comprehensive arsenal of tools, along with proven tips and tricks, to conduct efficient and effective investigations.
In this talk, we will dive deep into the SOC analyst's world, exploring the essential tools, invaluable tips, and time-saving tricks that can supercharge investigations. Join us for an engaging session that will empower SOC analysts of all skill levels with the tools, tips, and tricks necessary for effective investigations.
We will begin with an OPSEC warning after which we will explore SOC analyst tools that form the foundation of a SOC analyst's toolkit and highlight the most valuable functionalities. Main areas that will be covered:
- Reputation engines and related info
- Quick sandboxing
- Analysis of EVTX and malware
- Other useful tools
Additionally, we will share battle-tested tips and tricks used by experienced SOC analysts in the field. These insights will cover a range of topics, including:
- OSINT gathering
- Log manipulation and transformation
- Scripting and automation opportunities
Moreover, we will mention the importance of collaboration and knowledge sharing among the SOC analysts and propose ways to leverage gamified tabletop exercise to ignite conversation and teamwork.
We will conclude the session with a few minutes for questions from the audience / suggestions of other tools or tricks they like.
Samuel is a SOC Team Manager at Ontinue, where he leads a team of Analysts providing MDR service for Ontinue’s customers. Samuel has 6 years of experience working in different Security Operation Centres as Analyst and Engineer. He loves all things related to SOC with main interests in SecOps, Threat Hunting and DFIR.