Mark Baggett
FellowChief Technology Officer at The Internet Storm Center
Specialities
Cyber Defense
SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
About Mark Baggett
Mark Baggett’s first foray into information security was on the receiving end of hacking, and he was amazed by the experience. “The hackers made my computer do stuff that I didn't think was possible,” he says. “It was like magic and I had to know how the trick was done.” He immediately became obsessed with understanding all the tricks, how they worked, and how to prevent them from happening again.
Fast forward to today and Mark’s infosec career spans nearly 30 years with 15 of those years spent teaching for SANS. Mark is currently a faculty fellow for SANS and an independent consultant through his company Indepth Defense providing forensics, incident response, and penetration testing services. Mark served as the technical advisor to the DoD for SANS from 2011 until 2024, where he assisted various government organizations in the development of information security capabilities. Today he is the Chief Technology Officer for the Internet Storm Center.
Press & Media
More From Mark
- Meet SANS Senior Instructor: Mark Baggett
- eapmd5crack.py A python implementation of an EAP authentication cracking.
- Freq Server A Web server that integrates with SEIM systems and identifies hosts being used for Command and control by identifying domains being used for Command and Control. The tools uses character frequency analysis to identify random hostnames.
- Domain Stats - A SEIM Integration tool that monitors DNS hostnames used by your network to identify first contact with new domains and contact with new domains that have been established in the last 2 years, effective in identifying malicious actors.
- API-ify A Web server that provides an API that allows network defenders to consume the output of any Linux based command and integrate it into their ELK stack, splunk or other SEIM tools.
- Reassembler A tool that allows network defenders to reassemble and view packets using the 5 widely used fragment reassembly policies commonly found in Intrusion Detection Systems.
- SET-KBLED A Powershell script that will allow you to set the Keyboard LED Color to the color of your Clevo chipset based Keyboard.
- SRUM-DUMP Windows GUI Forensics tool produces XLSX spreadsheet with detailed information on all processes that have run in the last 30 days on Windows computers.
- ESE Analyst Command line based tool that dumps and analyzes databases used on Windows systems that stores various forensics information. Plugins are used to dump different types of data.
- Werejugo A Windows Forensics tool that analyzes the registry, event logs and wireless network configurations to identify physical locations of where the laptop has been used.
Students Say
- Slide 1 of 3Mark's teaching style is very relevant and sets an atmosphere where you are excited to learn.
- Slide 2 of 3Mark is really knowledgeable and knew how to engage us right away by pulling off a PEMDAS 'magic trick'. Some of the material is dry by nature, but he's made it very engaging and has been flexible with the different paces we're working at.
- Slide 3 of 3I'm fairly certain Mark Baggett is a genius, plus he's engaging and illustrative in his examples. I'm not the best coder, but the course challenges build on each other perfectly and illustrate the concepts they're meant to represent.
Slide 1 of 0
(1/0)
Upcoming Training Courses
Here are upcoming opportunities to train with this expert instructor.
SEC573: Automating Information Security with Python
SEC573Cyber Defense
- GIAC Python Coder (GPYC)
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 128 Hours of hands-on instruction
SEC673: Advanced Information Security Automation with Python
SEC673Cyber Defense
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 27 Hours of hands-on instruction
Free Resources
Review relevant educational resources made with contribution from this instructor.