Author: David Biser (DFIR Analyst, Solis Security)
The general thrust of this paper is to introduce entry-level cybersecurity analysts to a scenario that they might have to deal with in a real-world job. We will start with a broad overview of the many skills that a cybersecurity analyst should possess and then cover the actual investigation. Our scenario is an APT threat that was discovered while reviewing alerts received from a SIEM. It details the indicators of compromise (IOCs) and how an analyst would go about investigating such an alert utilizing a variety of tools….