As a new soc analyst, I found this video very valuable! I got so much insight in such a short amount of time as well as how you should investigate and look into activities. Thanks a ton!

Been an Ent Architect for 25+ yrs and that’s the best clearest, most concise explanation of determining how best to find hidden processes on computers. Thanks.

I felt this 12 minutes like 5 minutes. That's when you can tell it's a good video. Entertaining, informative and educational.

This is great. It is rare to find such a good walkthrough on this stuff. Thanks!

Finally, a real look into the trenches of SOC and IR. Please keep up a good work!

I'm trying to get a job as a SOC Analyst Tier 1. I was told that Exabeam was used in addition to Splunk. I am grateful for these videos as they really give a good demonstration and let the viewer see how this works. The dashboard looks great and user friendly, and the ability to move from the dashboard to investigating the alert is a nice thing to see.

Dang Keatron you break it down like this was a sermon !! This is awesome

This was an amazing video! I recently got a job as a IR team member after a few years of being a network analyst. Although I have the foundations, I am very new to the job itself so this type of video helps me so much! I will definitely be subscribing!

Whew would recommend this video to anyone! Thank you for a value add!

Why does this only have 1.5k views? Great walkthrough sir.

Exactly the kind of content I needed!! Thanks a billion

This is the content I’m looking for earned subscriber 🎉

Thanks Keatron! Subbed to YOUR channel!

thanks a lot for valuable video please keep doing such a videos very informative. thanks again.

This was excellent: short, informative, and clear. Thank you!

Thank you for sharing. I have been trying to get an entry-level job as a SOC, and 😐it's an exciting role.

I’m only 4:18 in and I must say this is an excellent video.

A+ material. i will be ready for my upcoming table top exercise. Thanks a bundle!

Good content! I look forward to part 2.

great job, esp.2prep 4 interviews this was handy, keep it comin, youll get 1m subs

Great video!!

just getting in and this was fun to watch

This was very educative .

Thanks for the great behind the scenes look into SIEM monitoring. It's sad that I have a degree from a technical college, and there were hardly any labs, just all theory. I naturally have an investigative mindset so this really intrigues me and I would love to get back into training. Keatron, where does one start?

Hi, thanks for the video. Although you mentioned it, using the md5 command is a lot better and quicker as it gives you the instant hash which you can copy and paste into VT.

This was an awesome video

awesome video. thanks for the detailed explanation

Great video! Thank you!

Great video

It’s a good video. Thank you for giving us a light on this matter.

Thank you so much for this insightful video.

Absolutely fantastic info

what should be the design or architecture of a SOC Center? Please provide and assist my new SOC Center.

Great video but i tried to download the exabeam but cant. do i have to pay for full download?

Just super cool. This is why its so fun

That was a great video. I learned a lot. Thank you so much for posting this.

Excellent 👍🏾

Great demonstration, thank you!

Amazing video. Thanks so much

Please I have a question. Is security+ course okay for new Comer into cyber security

Wow this was so informative. I really needed it, same question bothered me, how do you know when to dig deeper into an alert. Thanks

Hello. Why we did not see that connections/processes on a victim's machine? Was the rootkit hiding that and only having a dump outside of the victims' machine made the rootkit not interfere the proper outcome of connection/processes?

great video!

Thank you for the video.

Great vid m8! If I may make 2 suggestions (you might already know...): if you first do the RAM memdump be4 using netstat and so on, you wont throw something out of the RAM because you just used two programs. Second, you can also upload a hash of the rootkit to VirusTotal and not the file itself, so not to alert anyone... All in all a great and informative video! Keep up the good work!

Really great. I appreciate honestly

Wow this was so helpful

Awesome Stuff!

You have an alert suggesting there may be an issue, but it was not clear that something was definitively wrong. This is the investigative process for the INV team. Once you know it is a true positive and worthy of time for containment and analysis by a dedicated team (impact to organization) it is then transferred to IR. At least in my experience. This is a good rundown of a tier 2 INV investigation.

Thanks. Very useful.

Sir your videos are great . I am looking for trial version to update my skills . Do you offer free trial version?

Great video thank you

ITS REALLY WORKED LOL THANK YOU DUDE

really useful, thanks bro

I wasn't aware Victor Wooten was into cyber security!

this is a good staff, How to do it on kubernetes?

Outstanding!!!!

fanstatic video please make more video tutorials.

Thank you %100 works

This looks difficult to do all of these steps, what type of position do this type of work

Is RSA security analytics siem tool good?

Trying to get into SOC T1. What if instead of uploading the rootkit executable on VirusTotal, you instead extracted its hash and compared it to the virustotal database? Wouldn't that be safer?

Thanks man

what is the software used @ 7.50 ?

thank you!

Is this open source? I would like to practice

Wanted to check on SOC. Can there be an IT SOC and an OT SOC. Is it right to say so. Or is it just one SOC and have a SIEM separately for IT and OT. In one of our groups we had this endless debate about SOC, each side backed with their own experience and opinions. What do you think is the right approach, any document/whitepaper you can share that you know of.

Hi, if you don't use virustotal to identify malware, what commercial tool do you use? Also, please make more videos. I will support the channel!

How to resolve this one?

dude tNice tutorials is super good! subbed

It looks simple. not too much coding. Finally i have a dreamjob i'm dreaming about.

Can you make more videos like this please

GENIUS

Thank you!

3:45 How do you know info about somebody’s behaviour if they use a VPN?

Thanks sir

Hey I know this guy!! Lol

Thanks for sharing, it’s really interesting. I don’t know much about IT, but isn’t it risky to use any automated system to flag up problems? Such system is only as good as its algorithms and the way the administrator configures it. Re the incident. Maybe this lady works remotely from Ukraine? Last but not least, shouldn’t the company’s IT admin check her activity? Please, tell me that Admins can do that despite the employees using VPN, otherwise the system would be safe-ish from external attacks but totally vulnerable to internal attacks. Thanks.

You gonna jam on that bass or not?

Incident response without a SIEM - is it even possible?

Watching this in 2023 and seeing 3:55 is wild 😭

Is that windows XP?

Didnt work for me

I didn't understand where and why did you got the memory dump?

❤❤❤❤

That damn Barbara!

is that windows 7 :o

Like

why wouldn't u just ask her if she VPN'ed from Ukraine? ":hi, yea were u in ukraine yesterday? no? did u have a VPN on that was pointing to Ukraine? no?" hmmm

It's always the HR lady :(

👆👆👆👆👆HE SAVE MY FILE AND DECRYPT IT.HE’S THE BEST HACKER IN THE WORLD !!!

+

It's Ukraine, not the Ukraine.

SuperCybex can provide a cyber defense services for businesses with 50-5000 employees throughout the US to help identify cyber threats and mitigate the risks. Whether your business needs firewalls, network upgrades, or cyber defense and training, we can provide a complete solution including Incident Response

Great video!!