FOR509 Course Update - Introducing Google Workspace, the Multi-Cloud Intrusion Challenge, and more

We are excited to announce that the SANS Institute FOR509 Enterprise Cloud Forensics and Incident Response transitioned from a 4-day course to a 6-day course in May 2022. With this release comes new content, updates to existing content, and a multi-cloud capstone challenge that will test your knowledge at the end of the week.

In summary, the major FOR509 enhancements include:

• New Multi-Cloud Intrusion Challenge
• An entire day of new slides and labs on Google Workspace
• New slides on Kubernetes
• New lab on Google Cloud Platform log collection
• New lab involving privilege escalation using the Microsoft Graph API

In order to expand the class to 6 days and include a frequently requested topic, an entire day of content has been added to cover Google Workspace, Google’s SaaS solution for businesses. The new material provides details on the most common Google Workspace attacks and how to investigate such attacks using the logs provided by the platform, with multiple hands-on labs to put the knowledge learned into practice. Other new content includes a section on Kubernetes Forensics and IR, a lab on privilege escalation using the Microsoft Graph API, and a lab on collecting logs from GCP via the CLI.

Along with these major content additions and updates, our new release ensures that, with the ever-evolving nature of the cloud, the material has been updated to reflect the most recent state of the platforms at the time of writing.

In this livestream listen to course author David Cowen explain each section of the course, what to expect, and learn about the latest Cloud DFIR trends