Interview with Threat Bounty Developer: Shelly Raban
Meet a fresh and hot newscast highlighting the power of our community! Today we want to introduce you to Shelly Raban, a keen developer contributing to SOC Prime’s Threat Bounty Program since November 2020. Shelly swiftly became a prolific SOC content creator, concentrating her efforts on YARA rules. You can refer to Shelly’s detections of the highest quality and value in Threat Detection Marketplace:
Could you please tell us a bit about yourself and how you decided to engage in threat hunting activities?
My work consists of hunting for threats and improving our team’s hunting and detection mechanisms. At the moment, I don’t have formal education, however, I plan to study data science in the upcoming years. I majored in computer science at high school and was then drawn by the challenges of cybersecurity. I’m passionate about finding and creating new detections and automating the detection and analysis processes to make them as efficient as possible.
What are your top points of interest among threat types? Which types of threats are the most complicated to detect?
I find APT malware very interesting and challenging to detect, especially when new variants differ significantly from previous ones. Threats that are the most complicated to detect are ones that combine different evasion techniques, such as string obfuscation, anti-disassembly, hiding stealthy malicious code inside a long legitimate code, etc. I enjoyed analyzing APT1 (Comment Crew) threat actor’s binaries, learning how they evolved over time, and creating code-based YARA rules to detect various samples.
Why do you choose YARA rules among other content types to contribute to Threat Bounty?
As a malware analyst, I face various challenges in detecting sophisticated malicious binaries. YARA rules are very powerful at detecting such threats, as well as hunting for new, unknown ones. They can be easily integrated into automated analysis frameworks, which can improve the organization’s detection rate tremendously and play an important role both in early detection and in deeper analysis processes.
What motivates you to share your content with the community?
I think SOC Prime is a great platform for sharing detection content and helping organizations around the world mitigate cyber threats. It’s also an opportunity to get feedback on my rules from experts in the field and master my skills.
Pandemic is another challenge for a cybersecurity practitioner since many threat actors have increased their activities. Tell us how it influenced your everyday work.
The pandemic didn’t influence my everyday work. I always aim to find new ways to detect threats and automate the process as much as possible.
How did you learn about the SOC Prime Threat Bounty Program? Why decided to join?
I learned about it through LinkedIn and decided to join to expand my knowledge and get better at writing different kinds of detections while helping companies secure their networks.
What do you think is the biggest benefit of the SOC Prime Threat Bounty Program?
I think it’s amazing that companies from all around the world can ask for rules for specific techniques they want to detect. Developers can choose the rules they want to create, create them from the comfort of their homes, get feedback on their work, and get rewarded as well. It’s a win-win!
Keeping a close eye on the latest cybersecurity trends and want to participate in threat hunting activities? Take the chance to boost your cybersecurity skills, contribute to the world’s safety, and receive repeated payouts. SOC Prime Threat Bounty pays rewards for SOC content aimed at threat detection, threat hunting, and incident response – like SIGMA, Yara, Snort, Log Parsers, and Native SIEM Content. Submit detections to address Wanted List requests and double your profits while helping the Threat Detection Marketplace community to withstand emerging cyber threats.
Also, you can explore the Cyber Library to master your SIEM hard skills, watch deep-dive educational videos, and catch up with how-to guides on threat hunting.