Categories
Cyber Security Detection Malware SOC Analyst

Book Recommendations for SOC Analysts

SOC analysts need a lot of theoretical and practical knowledge when detecting threats in their work routines. One of the best sources they can obtain this information is books. We will talk about 3 different books in this article:

  1. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
  2. Blue Team Field Manual (BTFM)
  3. Applied Network Security Monitoring: Collection, Detection, and Analysis

Title: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Target Audience: SOC Analysts(Tier 1,2), Malware Analysts

Level: Beginner – Medium

Authors: Andrew Honig and Michael Sikorski

About the book: The first part of the book describes what malware analysis is. The following sections explain the use of tools required for malware analysis, the establishment of a secure analysis environment, and malware analysis with practical examples. The importance of virtual machines in malware analysis is also mentioned in the book. The book covers static, dynamic, and advanced static analysis topics. After reading this book, the reader will have learned the foundations of malware analysis, how to conduct it in a fundamental sense, and the stages of malware analysis by setting up the analysis environment. In addition, the fact that the book works with practical examples for gaining practice is one of the advantages of the book to the reader. Some of the tools included in the book are as follows:

  • IDA Pro
  • OllyDbg
  • WinDbg
  • PEiD
  • Dependency Walker
  • PEview
  • Procmon
  • Process Explorer

You can follow the SOC Analyst career path on LetsDefend, if you do not know how to start.

Title: Blue Team Field Manual (BTFM)

Target Audience: SOC Analysts(Tier 1,2,3)

Level: Beginner

Authors: Ben Clark and Ajan J. White

About the book: It is a reference book that covers the tactical steps and details to be taken in cyber security incident response. This book covers the main topics for carrying out blue team operations. Topics around the 5 core functions of Incident Response Steps (Identify, Protect, Detect, Respond, and Recover) are included in the book.

Title: Applied Network Security Monitoring: Collection, Detection, and Analysis

Target Audience: SOC Analysts (Tier 1,2,3)

Level: Medium

Authors: Chris Sanders and Jason Smith

About the book: The book covers the concepts of Network Security Monitoring (NSM) firstly. The book is around three general topics:

  • Collection
  • Detection
  • Analysis

Details of each subject are explained under these general topics. “SecurityOnion” as an operating system is described in the book. The book uses real-life examples to convey the concept of NSM and its components to the reader. Some of the tools described in the book are as follows:

  • Snort
  • Suricata
  • Bro-IDS
  • SiLK
  • PRADS
  • Wireshark
  • Tshark
  • Tcpdump
Share on social media

Related Posts

Book Recommendations for SOC Analyst Candidates

SOC Analyst candidates and students who would like to sharpen their Blue Team skills can…