VirusTotal Academy - 9 video course
Welcome to our VirusTotal SOC & IR training.
In this first video we will discuss how to use VirusTotal to analyze malware, how to interpret the provided information and identify malicious files, and how to double-check your findings.
Our second chapter focuses on understanding what are the most relevant signals we get from VirusTotal and, specially, relationships between indicators.
Video 3 discusses the best practices to consider when analyzing AntiVirus and Crowdsourced rules verdicts for any suspicious activity, specially when exploits and actors are involved, in order to properly prioritize alerts.
In Video 4 of VirusTotal SOC & IR training series we analyze what is the potential impact of an attack, assets affected, attacker’s dwell time, and the role played by different artefacts used in the attack.
The fifth video of VirusTotal SOC & IR training series provides several methods on how to identify and understand the threat infrastructure related to an attack, including finding any potential kill switches.
Video 6 of VirusTotal SOC & IR training series. Today we discuss what options we have to fully contextualize an attack, including any threat campaigns it belongs to or malware toolkits used. It also helps understanding what is the role of actors in any threat activity and how to use VT Graph to have all context in a single place
The seventh video of VirusTotal SOC & IR training series discusses what actions can be taken to proactively prevent security incidents by identifying and monitoring suspicious sets of activity, including pivoting to additional artefacts to uncover the full set of suspicious indicators, understanding attacker’s TTPs and motivations, and building monitoring and defenses around this knowledge.
Video 8 of VirusTotal SOC & IR training. This session provides all options available for investigators when samples are not available in VirusTotal, or it is not possible to upload them to the platform for any reason. Even when we miss the IOcs, we can explore malware detection label searching, toolkit cards, similarity searches or Private scanning.
In the final video VirusTotal SOC & IR training we explore all the different options we have to use VirusTotal through third parties using multiple integrations, VirusTotal API, and additional ways to interact with VirusTotal other than the web GUI, including VT client, VT4Browsers and VT Augment.