Advice On Becoming a Better Security Analyst. (SoC)

MagnumOpus

New to the field and absolutely love it! For those having made a career of this field, what advice can you give in mastering the art of working in the SoC?

ramrunner800

It's a bit tough to answer this question because a SOC can be very different from one organization to the next. Do you have any specific areas you feel deficient in? I feel that understanding of attacker methodology and knowledge of cutting edge threats go far in any SOC. Practicing your offensive skills in a lab environment while also performing network security monitoring through something like Security Onion helps with this. Other helpful things you can do are reading sites like malware-traffic-analysis.net, the SANS Internet Storm Center, and contagiodump. These will help you in keeping up to date with the latest attacker TTP's.

FillAwful

Thanks for that list ramrunner, I was looking for sites exactly like this.

E Double U

Here you go:

https://www.sans.org/security-resources/

What technology do you have access to?

AnthonyG

A good friend of mine in the security field gave me this, it might be useful for you:

Below are some sites that I frequent for security information -- I hope you find what you need here.

====================================
- SANS and their Internet Storm Center is a great place for in-depth security news/training. I usually check this site several times a week.

http://isc.sans.edu/
SANS Information Security Training | Cyber Certifications | Research

- Vulnerabilities with working exploit code -- I scan through this once a week or so to see if there is something I missed.

http://www.exploit-db.com/

- Purdue's Cassandra: you can input a product name or keyword and it will automatically send you future vulnerability information via e-mail from many different sources matching your product or keywords.

https://cassandra.cerias.purdue.edu/main/index.html

- Vulnerability advisories

Secunia

- Good place with vulnerability information organized well.

CVE security vulnerability database. Security vulnerabilities, exploits, references and more

- This site is good for scanning something that is suspected malware with approximately 50 antivirus products -- sometimes a piece of malware you scan isn't found by any of the 50 products

https://www.virustotal.com/

- General security news. Sometimes ArsTechnica has some good security articles.

Risk Assessment | Ars Technica

- Metasploit Pen testing software

Penetration Testing Software | Metasploit

- Nessus vulnerability scanner. Their newest plugins can reveal additional vulnerabilities.

http://www.tenable.com
Nessus Plugins

- Website site checks

http://sitecheck.sucuri.net
urlquery.net - Free URL scanner
Wepawet » Home

- Malware domains

http://www.malwaredomainlist.com

MagnumOpus

Just wanted to officially reply to this thread as I became tooo busy with my career path. Everything stated here was rock solid, thanks a million guys. I will finally have security onion up and running next week.

Thanks again!

Burnsie

Tagging this for future use. Great info.

B

gespenstern

Know the infrastructure, first and foremost. Windows or Mac or Linux or mobile OS, whatever your users use, know it at least on a sysadmin level.