The Blue Teamer's Blueprint for Malware Triage

av BLUEPRINT | Publicerades 3/30/2021

Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in this conversation with Ryan Chapman as they discuss how to reverse engineer malware and why you might want to do so.Our Guest - Ryan ChapmanRyan Chapman works as a Principal Incident Response analyst. He also teaches SANS FOR610: Reverse Engineering Malware and is the lead organizer for CactusCon, Arizona's hcaker conference. Ryan has worked in Security Operations Center and Computer Incident Response Team roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through pack captures; analyzing malware; and performing host and network forensics are all things that Ryan loves to do. With Ryan, it's all about the blue team!Follow RyanTwitter: @rj_chapLinkedIn: /in/ryanjchapmanWeb: https://incidentresponse.trainingSponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450  Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn

Om Podcasten

Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!