SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Cyber Defense Training
Effective Cyber Defense enables organizations to anticipate, withstand, and recover from cyber-attacks through proactive monitoring, threat detection, and incident response. It combines security operations, automation, and resilient architecture to reduce risk and minimize attack impact.
From Detection to Response: Proven Strategies to Strengthen Your Defenses
Cyber threats are constant—and defenders must be faster, smarter, and more proactive than their adversaries. At SANS, we train cybersecurity teams to detect, respond to, and outmaneuver attacks using real-world tactics, automation, and resilient infrastructure. Our hands-on cyber defense courses equip professionals with the skills and confidence to minimize risk and build lasting defense strategies in a dynamic threat landscape.
What You'll Learn
Security Operations
Skillfully and confidently monitor, detect, and respond to cyber threats.
Defensible Architecture and Engineering
Build resilient systems with security-first design principles that withstand modern attacks.
Security Automation
Streamline detection and response with automation techniques that enhance efficiency and precision.
Student Insights
As usual, SANS courses give incredible insight into the reality of the threats that are present in the cyber world. I have a better understanding of each threat, and the means to mitigate those threats.
Featured Courses
- Slide 1 of 17
SEC275: Foundations: Computers, Technology, & Security
Beginner SEC275Cyber Defense
- GIAC Foundational Cybersecurity Technologies (GFACT)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 80 Hours of hands-on instruction
- Slide 2 of 17
SEC503: Network Monitoring and Threat Detection In-Depth
Intermediate SEC503Cyber Defense
- GIAC Certified Intrusion Analyst (GCIA)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 37 Hours of hands-on instruction
- Slide 3 of 17
SEC501: Advanced Security Essentials - Enterprise Defender
Intermediate SEC501Cyber Defense
- GIAC Certified Enterprise Defender (GCED)
- 6 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 25 Hours of hands-on instruction
- Slide 4 of 17
SEC573: Automating Information Security with Python
Advanced SEC573Cyber Defense
- GIAC Python Coder (GPYC)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 128 Hours of hands-on instruction
- Slide 5 of 17
SEC497: Practical Open-Source Intelligence (OSINT)
Intermediate SEC497Cyber Defense
- GIAC Open Source Intelligence (GOSI)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 29 Hours of hands-on instruction
- Slide 6 of 17
SEC450: Blue Team Fundamentals: Security Operations and Analysis
Beginner SEC450Cyber Defense
- GIAC Security Operations Certified (GSOC)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 7 of 17
SEC401J: Security Essentials - Network, Endpoint, and Cloud (Japanese)
Essentials SEC401JCyber Defense
- GIAC Security Essentials (GSEC)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 8 of 17
SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
Advanced SEC587Cyber Defense
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 28 Hours of hands-on instruction
- Slide 9 of 17
SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring™
Intermediate SEC511Cyber Defense
- GIAC Continuous Monitoring Certification (GMON)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 18 Hours of hands-on instruction
- Slide 10 of 17
SEC555: Detection Engineering and SIEM Analytics
Intermediate SEC555Cyber Defense- GIAC Certified Detection Analyst (GCDA)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 18 Hours of hands-on instruction
- Slide 11 of 17
SEC406: Linux Security for InfoSec Professionals
Essentials SEC406Cyber Defense- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 30 Hours of hands-on instruction
- Slide 12 of 17
SEC401: Security Essentials - Network, Endpoint, and Cloud
Essentials SEC401Cyber Defense
- GIAC Security Essentials (GSEC)
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 20 Hours of hands-on instruction
- Slide 13 of 17
SEC673: Advanced Information Security Automation with Python
newAdvanced SEC673Cyber Defense
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 27 Hours of hands-on instruction
- Slide 14 of 17
SEC547: Defending Product Supply Chains
newIntermediate SEC547Cyber Defense
- 18 CPEs / 18 Hours (Self-Paced)
- Labs: 13 Hours of hands-on instruction
- Slide 15 of 17
SEC301: Introduction to Cyber Security
Beginner SEC301Cyber Defense- GIAC Information Security Fundamentals (GISF)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 14 Hours of hands-on instruction
- Slide 16 of 17
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
Intermediate SEC530Cyber Defense
- GIAC Defensible Security Architecture (GDSA)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 24 Hours of hands-on instruction
- Slide 17 of 17
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
Advanced SEC595Cyber Defense- GIAC Machine Learning Engineer (GMLE)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 30 Hours of hands-on instruction
Meet Your Experts
Mark Baggett
Chief Technology OfficerMark Baggett has revolutionized cybersecurity through his leadership at SANS. His development of tools like Freq Server has strengthened threat detection, while his work in automation has empowered professionals to defend against evolving threats.
Learn more
Eric Conrad
PresidentEric Conrad, a SANS Faculty Fellow and course author, has 28 years of information security experience. Eric is the CTO of Backshore Communications and his specialties include Intrusion Detection, Threat Hunting, and Penetration Testing.
Learn more
Rich Greene
Senior Solutions EngineerRich is a seasoned cybersecurity professional with over two decades of experience in the cyber domain. He has participated in offensive and defensive cyber operations for the Department of Defense (DoD) in more than 17 countries.
Learn more
David Hoelzer
CEODavid Hoelzer has fundamentally advanced cybersecurity by pioneering the GIAC Security Expert (GSE) certification, leading AI-driven threat detection initiatives, and developing MAVIS, an open-source ML tool enhancing code review processes.
Learn more
John Hubbard
ConsultantJohn redefined modern SOC operations by engineering globally adopted blue team strategies and co-creating the GSOC cert. Through the Blueprint podcast and SANS leadership, he’s unified thousands of defenders around real-world detection tactics.
Learn more
Seth Misenar
FounderAs a SANS Fellow and Principal Consultant at Context Security, Seth’s work bridges traditional operations with next-gen AI security practices. His pioneering threat detection strategies have shaped global blue team standards.
Learn moreExplore Careers Within Cyber Defense
Intrusion Detection / (SOC) Analyst
Cyber DefenseSecurity Operations Center (SOC) analysts work alongside security engineers and SOC managers to implement prevention, detection, monitoring, and active response. Working closely with incident response teams, a SOC analyst will address security issues when detected, quickly and effectively. With an eye for detail and anomalies, these analysts see things most others miss.
Explore learning pathIntrusion Detection / (SOC) Analyst
Digital Forensics and Incident ResponseAnalyze network and endpoint data to swiftly detect threats, conduct forensic investigations, and proactively hunt adversaries across diverse platforms including cloud, mobile, and enterprise systems.
Explore learning pathCybersecurity Analyst / Engineer
Cyber DefenseAs this is one of the highest-paid jobs in the field, the skills required to master the responsibilities involved are advanced. You must be highly competent in threat detection, threat analysis, and threat protection. This is a vital role in preserving the security and integrity of an organization’s data.
Explore learning pathSOC Manager
Cyber DefenseSecurity Operations Center (SOC) managers bridge the gap between business processes and the highly technical work that goes on in the SOC. They direct SOC operations and are responsible for hiring and training, creating and executing cybersecurity strategy, and leading the company’s response to major security threats.
Explore learning pathNetwork Operations
NICE: Implementation and OperationResponsible for planning, implementing, and operating network services and systems, including hardware and virtual environments.
Explore learning pathOSINT Investigator/Analyst
Cyber DefenseThese resourceful professionals gather requirements from their customers and then, using open sources and mostly resources on the internet, collect data relevant to their investigation. They may research domains and IP addresses, businesses, people, issues, financial transactions, and other targets in their work. Their goals are to gather, analyze, and report their objective findings to their clients so that the clients might gain insight on a topic or issue prior to acting.
Explore learning pathCyber Incident Responder - ECSF
European Cybersecurity Skills FrameworkMonitor the organisation’s cybersecurity state, handle incidents during cyber-attacks and assure the continued operations of ICT systems.
Explore learning pathCyber Defense Incident Responder (DCWF 531)
DoD 8140: CybersecurityResponds to and investigates network cyber incidents, performing analysis to mitigate threats and maintain cybersecurity in enclave environments.
Explore learning pathUpcoming Events
- Slide 1 of 20
Women in Cybersecurity: A SANS Survey
Today, women are entering and rising through the ranks of cybersecurity experts, with more expected to join these ranks in coming years. By the end of 2019, women are expected to represent 20% of the global cybersecurity workforce, up dramatically from 2013, when only 11% of the workforce was female, according to the most recent statistics from Cybersecurity Ventures.At this webcast, survey author, forensic examiner and SANS instructor Heather Mahalik discusses key results of the survey of successful women in varied roles within the cybersecurity community and draws on experiences of such women to provide practical advice to women all along their career life cycle. Attendees will learn about:Directing your career pathGrowing as a manager/leaderInteracting with othersAs an added bonus, Heather will share the advice successful women have provided to those entering the cybersecurity field today.Register today to be among the first to receive the associated whitepaper written by Heather Mahalik.Click here 'to register for a companion webcast to be held at 1 PM ET on Tuesday, March 24, 2020, a panel discussion with survey author Heather Mahalik and selected sponsors that digs more deeply in to the results.
WebinarCyber Defense
- 17 Mar 2020
- 13:00 UTC
- Slide 2 of 20
SANS Top New Attacks and Threat Report
As we move into 2020, news reports have been filled with reports of deepfakes, attacks against election systems, quantum computing advances and more. SANS instructors Heather Mahalik, Ed Skoudis and Johannes Ullrich present their analysis of the new attack techniques currently in use that will affect you and share their projections for future exploits in a highly rated keynote presentation moderated by Alan Paller at the annual RSA Conference in San Francisco.In this webcast, SANS Director of Emerging Security Trends John Pescatore will highlight key themes from that report and other sources to provide:Coverage of the top new attacks and threats as defined in that presentationDeeper insight into overall cybersecurity trends on both the offensive and defensive sidesAdvice from SANS on the steps enterprises must take to evolve critical skills, processes and controls to mitigate current and future risksBe among the first to receive the associated whitepaper written by John Pescatore, SANS Director of Emerging Security Trends.
WebinarCyber Defense
- 28 Apr 2020
- 13:00 UTC
- Slide 3 of 20
How Are Remote Workers Working? A SANS Poll
Remote work has quickly become the \new normal" with the COVID-19 pandemic. Organizations have been forced to rethink how they will get work done with their employees mandated to stay home. 'How are organizations handling working from home? How well were companies prepared for remote work? How have technological needs changed with this shift? How are teams communicating? How are devices and communications being secured? When a time like this does not allow for the mission to halt, employees and employers have scrambled to keep the work going. 'Ensuring that teams are equipped, communicating, and are safe at home is key during this time.'this webinar, led by Heather Mahalik SANS Senior Instructor, Author and Senior Director of Digital Intelligence at Cellebrite, covers how companies have adjusted to this new landscape as a workforce. How have things changed and how are we coping and keeping the ball rolling forward from home.
WebinarCyber Defense- 4 Jun 2020
- 15:30 UTC
- Slide 4 of 20
Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Survey Results
Any successful security operations center (SOC) will combine skilled people, effective processes and efficient technology. Previous SANS surveys have shown that the skills of the people are the prime prerequisite to enable organizations to define critical SOC processes; create use cases, hypotheses and plans; architect effective security solutions; and efficiently deploy, operate and maintain security systems. From that skills base, sophisticated technology and tools can be used as a force multiplier. CISOs and SOC managers who can reduce or close their critical skills gaps have the highest probability of minimizing business impact from cyberattacks when budgets and staffing are constrained. Webcast attendees will learn:Where hiring managers turn when sourcing potential new hiresWhich skill areas are most sought afterWhat technologies employers wish new hires had hands-on experience usingWhich security technologies are perceived as enabling organizations to delay or mitigate the need for additional staff Register today to be among the first to receive the associated whitepaper written by SANS Director of Emerging Security Trends, John Pescatore. Click here'to register for a companion webcast to be held at 1 PM ET on Thursday, July 30, 2020 ' a panel discussion with survey author John Pescatore and selected sponsors that digs more deeply in to the results.
WebinarCyber Defense- 29 Jul 2020
- 13:00 UTC
- Slide 5 of 20
Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Panel Discussion
In this webcast, sponsor representatives and survey author and SANS Director of Emerging Security Trends John Pescatore will discuss results from our 2020 SOC Skills Survey. Register today to be among the first to receive the associated whitepaper written by John Pescatore. Click here to register for survey results webcast to be held at 1 PM ET on Wednesday, July 29, 2020, with survey author John Pescatore.
WebinarCyber Defense- 30 Jul 2020
- 13:00 UTC
- Slide 6 of 20
The Great Reboot: How Infosec Professionals Can Come Out of This (Extended) Mess Even Better Than Before SANS@Mic
Of course, there are serious problems we are confronting now, and some people and businesses are not doing well. Yet some people and businesses are doing alright, and some are actually thriving.While luck certainly does play a role, what can we do to maximize the probability of coming out of this better than before? Obviously sitting on the couch, watching TV and lamenting what is happening doesn't help, and saying "take care of yourself, stay healthy" and other platitudes only goes so far.This talk covers concrete things you can do to weather the pandemic and thrive, both during and afterwards. Included is a planning template along with the slides so you can make your plan along with Ted.Some of us are taking this as an opportunity to reboot ourselves and our careers and come back better than ever. You should too!
WebinarCyber Defense
- 14 Oct 2020
- 19:30 UTC
- Ted Demopoulos
- Slide 7 of 20
Building Your Own Kickass Home Lab - SANS@Mic
Building your own home lab is a great way to keep up with the ever-changing IT world. Well, how does one actually go about building a home lab? That's the part that gets more complicated. Do you really need a whole rack full of off-lease servers and some enterprise-grade switches? No! New-ish high-end servers and workstations are surprisingly powerful, capable of mocking up a pretty complicated network, including attacker systems and even incorporating wireless communications. In this talk, Jeff will walk through both the hardware and software stacks he uses and recommends, including a number of ways to incorporate Microsoft software without paying exorbitant licensing fees. Jeff will also outline several lab designs that can be used for a number of scenarios, including defense, offense, and forensics.
WebinarCyber Defense
- 10 Dec 2020
- 19:30 CST
- Jeff McJunkin
- Slide 8 of 20
Rekt Casino Hack Assessment Transformational Series Weak Security Program, Unprotected Systems, and Poor Detection & Response Part 2 of 4
The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach. The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. It's as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. ' If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees ' approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. It's not enough to acknowledge that security requires more attention, you also have to act on that knowledge. In this Part 2 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to a security program built to protect data, systems, networks. We will dive into topics such as:Building a strong security programHow best to protect networks, systems, and dataLeading Modern Security InitiativesDetecting and Responding to Attacks Don't wait! Register now for the other webcasts in the series!Part 1: Business Security Strategy, Policies, and Leadership Gone WrongPart 3: Feeble Security Culture Disconnected from Business ObjectivesPart 4: Rekt Casino Hack Assessment Transformational Series: Pulling It All Together
WebinarCyber Defense- 10 Feb 2021
- 11:59 UTC
- Kevin Garvey
- Slide 9 of 20
Unpacking the Hype - What You Can (and Can't) Do to Prevent/Detect Software Supply Chain Attacks
It's been almost two months since the software supply chain attack on SolarWinds was discovered. Now that the dust has settled, let's take a look at what happened, what can('t) be done to prevent future software supply chain attacks, and how to detect a supply chain attack in your environment. There will be no snake oil here, just down-to-earth recommendations for increasing security in your environment. Technology will help with the process, but process matters more for detecting these attacks.This webcast and whitepaper will be valuable collateral for those with recalcitrant leadership teams. If you're battling objections such as \we can't just spend our way into software supply chain security by buying another widget," this webcast is for you. Join us to learn industry leading strategies and get your questions answered.Be among the first to receive the associated whitepaper written by Jake Williams.
WebinarCyber Defense
- 26 Feb 2021
- 10:30 UTC
- Jake Williams
- Slide 10 of 20
An Interactive Pentest Experience
Finding value in security operations is a primary goal for organizations. Consistent testing of security controls is one way to ensure that solutions are delivering on expectations. However, penetration testing is thought of as an \external" or "hands-off" service performed, often reducing impact and findings to a final report. What if organizations could turn external testing into an interactive experience, they could use to regularly evaluate and increase their security posture? In this webcast, SANS instructor Matt Bromiley describes how Cobalt's "pentest as a service" platform provides a unique, hands-on approach to this traditional security capability. Specifically, Bromiley shares his experiences using Cobalt to:Define assets and schedule penetration tests to achieve results within a matter of days, not weeks.Gain insights into current and previous operations by using detailed key metrics.Work one-on-one with Cobalt's live testers, providing an impactful, interactive experience.Evaluate the results of penetration tests via up-to-date reports purposed for compliance.Create and prioritize actionable steps to quickly remediate vulnerabilities. Register today to be among the first to receive the associated whitepaper written by Matt Bromiley.
WebinarCyber Defense- 16 Mar 2021
- 10:30 UTC
- Slide 11 of 20
Artificial Intelligence Solutions Forum
You will earn 4 CPE credits for attending this virtual event. Forum Format: Virtual Event Overview There is little doubt that we have entered the information age. In recent years, the human race has generated more information than in all previous human history - and the pace of information generation is accelerating. The security industry is no different, our data processing requirements are increasing on a near daily basis. As one example, consider Windows event logs. In Windows Server 2003, there were three event logs: System, Application, and Security. While those event logs remain today, the event log folder now looks like an extended family reunion with 337 total event logs in place. Whatever processes organizations were using to successfully process security related data previously clearly wont scale for today. Organizations need tools that can distill meaning from large data sets that are constantly increasing in size. Organizations that suffer data breaches typically don't suffer from a lack of data, they simply struggle to discover actionable findings in the data. To that end, Artificial Intelligence (AI) and Machine Learning (ML) can help. Example uses for AI/ML include:Discovering anomalous activity (e.g. UBA/UEBA, IDS, etc.)Identifying malicious content (e.g. phishing detection)Discovering previously unseen patterns (e.g. correlating observed network traffic with apparently unrelated service account usage) Renewed focus on supply chain security suggests that organizations will be storing their security data for longer periods as well. The SolarWinds breach was not discovered until victims had been infected for as long as nine months. Simply searching nine months of data for known indicators doesn't require AI or ML. But if you already have the data, why not do more with it? AI and ML hold the keys to unlocking the potential of this data. As the quantity of security data continues to increase, AI and ML solutions hold the promise of delivering actionable recommendations to security professionals. Come learn from our featured vendors how their solutions deliver on the promises of increased security through this fascinating technology.
WebinarCyber Defense- 19 Mar 2021
- 10:30 UTC
- Slide 12 of 20
Tech Tuesday Workshop – Building Out a Hands-On Purple Team Stack, Part 2
As a follow-up of our previous workshop, we will continue building our purple team stack by emulating a number of different techniques and looking at different options for detection. In this particular workshop we will focus on the following topics:Stealing Credentials from LSASSCOM Object HijackingOffice Persistence We will introduce the topics using a short lecture and afterwards get our hands dirty with lab exercises! Prerequisites: Familiarity with Linux and Windows is mandatory System Requirements: Prior to the workshop participants should prepare the following -Download and install the workshop VM: https://sansurl.com/purple-team-stack-workshop-vmInstalled 64-bit host operating systems (Windows is recommended)Download and install VM Workstation Pro 15.5 or higher, VMware Fusion 11.5 or higher, or VMware Workstation Player 15.5 or higher versions on your system prior to the start of the workshopAdobe Acrobat or other PDF readerImportant! An AWS account is required to do hands-on exercises during the workshop. The AWS account must be created prior to the workshop.A credit card should be linked to the AWS account that was created. Estimated usage costs for the AWS account during the workshop are a maximum of $10. For detailed instructions on these preparation steps, please refer to the following URL: https://sansurl.com/purple-team-stack-workshop-readme * Please note that this WILL NOT be recorded. Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.
WebinarCyber Defense- 6 Apr 2021
- 10:00 UTC
- Erik Van Buggenhout & Jean-François Maes
- Slide 13 of 20
Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience
Calling everyone who wants to join the amazing cyber security industry. In this webinar, we are going to tackle what you can do outside of your normal day to day work responsibilities to gain experience that future cyber security employers love. We will also cover some ways for you to gain some foundational experience to help build your future cyber chops. The resources are there for you and Kevin will walk through examples to get yourself prime for your next cyber dream role.Don't wait! Register now for the other webcasts in the HR + Cybersecurity! Skilling the Gap: Creative Ways to Recruit Top Cyber TalentKnowing Your Applicants: How to Stay Current to Best Assess Your Cyber ApplicantsSlow the Revolving Door of Talent: Creative Ways to Keep Your Existing Cyber Talent in Your OrganizationTransition to Cyber Security From a Non-Cyber Role: Creative Ways to Impress to Land Your Dream Cyber Role
WebinarCyber Defense- 13 May 2021
- 15:30 UTC
- Kevin Garvey
- Slide 14 of 20
Roses are Red, Violets are Blue, PenTera is Purple and We're Here to Hack You
We are all aware of the age old Blue Team vs Red Team blame game. We provide a solution that allows these frenemies to finally unite. Introducing your new best friend, PenTera, the award winning security validation platform supplying unity and bringing these teams together, operating as independent entities to run assessments, validate detections and allow Purple Teams an efficient roadmap to remediation.Purple Team Summit & Training 2021 - Live Online Free Summit: May 24-25 | Courses: May 17-22 & May 26-28 Summit Chairs: Jorge Orchilles & Erik Van Buggenhout | Summit CPE Credits: 12 Red Teams emulate real-world attacks that help an organization understand where vulnerabilities exist, while Blue Teams are responsible for identifying and mitigating vulnerabilities, as well as improving detection and prevention. Effective collaboration between these two teams, who have traditionally worked in separate silos, is essential for any security program looking to strengthen its security posture. To stay ahead of attacks and maximize the value of Red and Blue Teams, high-impact organizations utilize purple team tactics and adversary emulation.
WebinarCyber Defense
- 24 May 2021
- 13:15 UTC
- Slide 15 of 20
What's New with the CIS Controls v8
This session will describe the differences between version 7.1 and version 8 of the Center for Internet Security Twenty Critical Security Controls. This major rewrite of the twenty CSCs reflects core changes in today\'s computing and infrastructure environments.
WebinarCyber Defense
- 18 Jun 2021
- 11:59 UTC
- Randy Marchany
- Slide 16 of 20
Expanding the Security Toolkit
Attackers and defenders both have vast toolboxes. In observing thousands upon thousands of breaches, we have seen threat actors use their toolkits extensively to achieve their objectives. Meanwhile, however, defenders tend to become dependent on only one tool or source of telemetry, seldom using everything available to them. Detecting today's threats cannot be done with a single source of evidence. Furthermore, threat actors are increasingly defense-aware, employing evasive countermeasures when necessary. The security industry has turned to MITRE's ATT&CK Matrix to quantify and catalog threat actors and their TTPs. Used by SOCs and toolsets worldwide, ATT&CK provides a way to share threat data and test defenses. However, when mapping to techniques in ATT&CK, visibility is crucial, and more than one data source is necessary. Becoming effective at detecting and stopping threats requires SOCs to expand their understanding of their environment. In this webcast, SANS instructor and IR expert Matt Bromiley and Elastic's Principal Product Marketing Manager James Spiteri look at bringing multiple data sets together to build better detections. Using MITRE ATT&CK as your library, learn how to document threat actor techniques and create a taxonomy for implementing effective detections. Be among the first to receive the associated whitepaper (https://www.sans.org/reading-room/whitepapers/analyst/expanding-security-toolbox-40350) written by Matt Bromiley.
WebinarCyber Defense- 23 Jun 2021
- 15:30 UTC
- Slide 17 of 20
Core NetWars Tournament 7 - Walmart Oct. 2021
Once you have signed up, you will need to proceed to your Account Dashboard in order to complete registration for the game.
WebinarCyber Defense- 12 Oct 2021
- 09:00 CST
- Slide 18 of 20
緊急Webcast:ウクライナにおけるロシアからの サイバー攻撃の拡大について 知っておくべきこと!
2月22日(火)に米国国土安全保障省は、あらゆる組織がロシアからのサイバーリスクにさらされていると警告しました。この警告は、ロシアによるウクライナの侵攻がエスカレートしていることを受けて発表されたもので、サイバー攻撃だけではなく地上での攻撃も含まれます
WebinarCyber Defense- 25 Feb 2022
- 12:00 UTC
- Rob Lee, Tim Conway & Jake Williams
- Slide 19 of 20
Urgent Webcast: Russian Cyber Attack Escalation in Ukraine - What You Need To Know!
This urgent webcast will give an overview of current Russian Threat Actor capabilities, discuss critical infrastructure attacks on Ukraine, and possible escalation spillover into the EU and/or the United States.
WebinarCyber Defense- 25 Feb 2022
- 12:00 UTC
- Rob Lee, Tim Conway & Jake Williams
- Slide 20 of 20
2021 ICS/OT Year in Review Executive Briefing
The ICS/OT community has long suffered from a lack of insight into cyber threats, vulnerabilities, and incident response observations. The annual Dragos ICS/OT Year in Review reports on how the community is performing and surfaces areas of improvement needed to provide safe and reliable operations.
WebinarCyber Defense- 1 Mar 2022
- 15:30 UTC
- Rob M. Lee
Cyber Defense Insights From The Experts
SEC540: Cloud Native Security and DevSecOps Automation
Gain the skills and methodology to secure modern Cloud Native, DevSecOps, and Kubernetes environments through hands-on labs using security controls in CI/CD pipelines for cloud systems.
Course
Authored byBen Allen, Eric Johnson & Frank Kim
- Slide 1 of 3
- Slide 2 of 3
- Slide 3 of 3