The SOC Age Or, A Young SOC Analyst's Illustrated Primer | John Strand | 1 Hour
Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Learn SOC Core Skills with John Strand From Antisyphon
Training: www.antisyphontraining.com/so...
0:00:00 - PreShow Banter™ - A Weird Flex
0:12:24 - FEATURE PRESENTATION: SOC Analyst Key Skills
0:16:53 - Server Analysis
0:20:13 - There’s A Guide For That
0:26:54 - Memory Forensics
0:34:16 - Egress Traffic Analysis
0:43:39 - Logs Are Better Than Bad, They’re a Train Wreck
0:48:40 - “False Positives”
0:52:16 - Endpoint Analysis
0:55:36 - Overlapping Fields of View
1:01:33 - Lateral Movement
1:06:07 - Vulnerability Management
1:09:58 - Things That Make You Go ARRRGHGHGHH!
1:13:42 - Sticking A Fork In This Thing
Description: Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst needs in order to be successful.
Slides:s1hb.sharepoint.com/:b:/g/Con...
Referenced Links:
Windows Live Forensics
• Windows Live Forensics
Investigating Malware Using Memory Forensics - A Practical Approach
• Investigating Malware ...
BHIS | Elk
www.blackhillsinfosec.com/tag...
Let’s Talk About ELK Baby, Let’s Talk About You and AD
• Let’s Talk About ELK B...
Attack Tactics 7: The logs you are looking for
• Attack Tactics 7: The ...
BHIS | Rainy Day Windows
www.blackhillsinfosec.com/rai...
SANS Cheat Sheets
www.sans.org/blog/the-ultimat...
Live Forensics & Memory Analysis
• Live Forensics & Memor...
Linux Command Line Dojo II - Return of the Sensei
• Linux Command Line Doj...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest KZread: / wildwesthackinfest
Active Countermeasures KZread: / activecountermeasures
Antisyphon Training KZread: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
Пікірлер: 33
'scuse the hyperbole, but this is the kinda talk that can change someone's life. john is always so ON POINT.
John Strand - I love that you have pointed out how essential it still is to RTFM. So many questions can be answered simply by reading the documentation. This video is another excellent resource and I'm grateful for it.
Sending all my students your way for the December class; thanks so much for all y'all do!
Thank you very much John for sharing this!
Thanks for this great video. I've watched it twice to make a checklist for me and my team to review so we can work on strengthening our understanding of the fundamentals. Hopefully some of us can attend the 4-day class in December.
May the force be with yah!
loved this! ty!
Really good talk, more actionable than so many you find online! The cybersecurity/IT field is so vast, as a beginner it's very very easy to get overwhelmed - there's literally an infinite amount to learn. So thank you for the specific recommendations. Although to run the latest version of Security Onion you basically need a dedicated device :(
I just stumbled across this video. I just started watching it but you hit it right on the head at the begining about SOC analyst missing core skills. I been working in a SOC as a SOC analyst for last 5 years. I came into this job straight from getting my AS in CIS which was concentrated in Networking Administration. I landed this job and fell in love with security. I no longer wanted to do networking but focus on sharpening my security skills but feel the networking gave me a solid foundation to build upon. I totaly understand about missing some skills as security was not my background but I have since come a long way and I am continuing to learn. I now want to get away from Blue Team and want to transition to Red Team eventually but I have a lot to learn before I can do that. I feel like I am at the bottom of Mt. Everest looking up even with 5years under my belt. I will not give up though and will continue to work at sharpening my skills.
Inspiring Presentation!
Liked the comment "Because the spice must flow" from an infosec IR graybeard. Known-knowns, known-unknowns, unknown-knowns, and unknown-unknowns are primarily where your getting breached. Know normal to identify anomalous. Keep it up BHIS. Your sucking less at capitalism everyday.
This is so cool!
As a security analyst. I approve this message.
this help me a lot , thanks
Preach John Preach! I'm Ready!
Funny and informative!
I would like to thank you, Black Hills team for sharing your knowledge, I really appreciated that webcast the most. I was looking for advice how is it to be an analyst because I feel what I do as an analyst is not enough. I see all those mistakes in the company where I work. As an analyst I don't understand that some things you teach about it are not implemented. They are basic things and when I ask questions about that at work I just receive that our company is different and we can't implement that. Now I know those are common mistakes companies do.
1:12:57 that really Hit Home 👍 so true
I can listen to John all day man lol
Great tips at 20:28
Can we still find these slides somewhere? This was an awesome webcast and I'm really excited to follow those links!
Im literally taking notes on this video. Stuck in a govt agency position where I'm not using my University degree and practices of applications is scarce with amount of work time
extrahop was pretty slick.. .not gonna lie. but that was 2 years ago when I was working with it.. That was visibility for sure..
This resonates with me so much. I'm drowning right now and can't spell "syber".
Are the slides not available to the public?
when the video opened and the music played, I don't know why but I was waiting for someone to say " I'm BatMaN..."
Gamer machine in the background !
I understand the reference
Where are all the cybersecurity jobs at though? He said they were pulling people off the streets yet i cant seem to find an entry level job😭
probably worth mentioning to new analysts that sigma rule autotranslate doesn’t work well for kql, and you’ll wanna actually understand what’s IN a sigma rule, and how to write kql queries, to translate the rules yourself. not a big ask, but bears knowing
BHIS = value add
Mr. Strand appreciate the Dune reference. Just don't hear those anymore.
I read about you(J.S) in "tribe of hackers: red teaming" I watched a few videos and I gotta say I am impressed by your insight, experience and methods. I love learning and love your channel!