SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Cybersecurity Webinars and Workshops
Unlock industry insights and hands-on learning with upcoming SANS webcasts and workshops. View archived webcasts here.
2023 Report: The State of MDR
As more organizations today struggle to keep up with the threat landscape, detection and response capabilities can suffer, too. This is often due to a lack of expertise on-staff, or a lack of staff altogether. Increasingly, many security teams are turning to managed detection and response (MDR) providers to help shore up their defenses. In the past several years, the breadth and capabilities of MDR providers have expanded considerably, often including threat intelligence, threat hunting, advanced malware analysis, and many more services than in the past. More solutions are also capable of integrating with other security controls and platforms running in customer environments, and automation for response workflows is another major consideration for most organizations, as well. In this webcast, we’ll explore the landscape of what security teams should be looking for in a mature, capable MDR offering, and also discuss emerging and evolving trends that will affect the industry now and in the future.Register for this webcast now and be among the first to receive the companion report by author and SANS Senior Instructor Dave Shackleford.
WebinarSecurity Awareness
- 22 Mar 2023
- 13:00 UTC
- Dave Shackleford
Breach and Attack Simulation & Security Team Success
Many companies test to see if malicious actors can gain access into their environment or steal their valuable information, however, most security professionals don’t know if they would be able to detect adversaries once they are already inside. In fact, only 20% of common attack behaviors are caught by out-of-the-box EDR, MSSP and SEIM solutions.
WebinarCyber Defense
- 23 Mar 2023
- 10:30 UTC
- John Pescatore & Scott Sutherland
Community Night – SANS Secure Australia 2023
SANS Community Nights are a great way to stay in touch with your local InfoSec community and to hear the latest in technical wizardry, industry intelligence, and thought leadership from our amazing instructors.
WebinarCyber Defense
- 23 Mar 2023
- 18:00 AEDT
- Lenny Zeltser & Nick Mitropoulos
変化するセキュリティリーダーの役割と考えるべきこと
情報技術の世界が変化し続ける中、セキュリティリーダーの役割も変化しています。CISOやセキュリティに関する管理職、またはそのようなキャリアを目指している方にとって、ITとビジネスの現在のトレンドがキャリアパスにどのような影響を与えるかを考える必要があります。
WebinarCyber Defense
- 23 Mar 2023
- 18:00 AEDT
- Lenny Zeltser
ICS Summit Solutions Track Test
This is a test for the upcoming ICS Summit Solutions Track on May 1-2 in Orlando FL.
WebinarCyber Defense
- 28 Mar 2023
- 09:00 UTC
意外と簡単なランサムウェア運用ツールの検出と駆逐
今回のCommunity Nightでは、SANSの「FOR528: Ransomware for Incident Responders」の開発者であるRyan Chapmanが、ランサムウェアの運用に活用されているツールについて紹介します。ランサムウェアの運用については様々なバリエーションが存在しますが、活用されているツールには重複している点も少なくありません。
WebinarDigital Forensics and Incident Response
- 29 Mar 2023
- 18:00 AEDT
- Ryan Chapman
Community Night SANS Secure Australia 2023 - Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!
Join us in this Community Night talk as Ryan Chapman, author of SANS FOR528: Ransomware for Incident Responders, provides an overview of tools leveraged often by ransomware operators. Though a multitude of ransomware operations and affiliate groups exist, we see a great deal of overlap between the tools leveraged by these groups (and that's an understatement!).
WebinarDigital Forensics and Incident Response
- 29 Mar 2023
- 18:00 AEDT
- Ryan Chapman
SANS 2023 - Featured Keynote: ChatGPT, GANs, and Deep Learning: Pulling Back the Curtain
ChatGPT and other GAN technologies are dominating the news, but can you tell what’s hype and what’s not? How do these AI tools work? Are there security applications or concerns? How difficult is it to use these tools for red/blue/purple team accelerators? In our Featured Keynote, SANS Fellow David Hoelzer will discuss potential risks that advanced AI poses to cybersecurity, and what steps are being taken to address these challenges. He will also demonstrate and explore the ways in which AI can be used to improve cybersecurity and protect against cyber threats. If you want to be in the know on AI, join David for this comprehensive overview and its potential impact on cybersecurity and society.
WebinarArtificial Intelligence
- 3 Apr 2023
- 18:30 UTC
- David Hoelzer
SANS 2023: Hands-On Cloud Security Workshop: Building Detections in AWS
As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be:Establish proper logging to detect the adversarial activityPerform the attack to generate the appropriate artifactsReview the log event dataCreate an automated process to quickly discover this activityTest that the automated process is working effectively by “re-attacking” the AWS accountPrerequisites: An AWS account with administrator accessSystem Requirements: A modern web browser
WebinarCloud Security
- 3 Apr 2023
- 19:15 UTC
- Ryan Nicholson
SOC Visibility Triad, Why You Need NDR Alongside EDR
Defenders face numerous challenges in their complex, ever-expanding environments. Good data or network truth shouldn't be one of them. As Corelight is the standard in the NDR market, we will explore how to pivot from NDR to several EDR tools. The demo will showcase popular tools and give analyst workflow examples and use cases.
WebinarCyber Defense
- 4 Apr 2023
- 12:30 UTC
- Steven Swaim
SANS 2023 - @Night: Best Practices and Lessons Learned from Starting Up Multiple OSINT Teams
Over the course of his career, SEC497: Practical Open-Source Intelligence (OSINT) Course Author Matt Edmondson has started up multiple OSINT teams within the U.S. government and worked with private sector cyber threat intelligence teams ranging from Fortune 100 businesses to small startups. In this talk, Matt will explain how the OSINT landscape is changing and most importantly, he’ll discuss some crucial decisions that organizations can make which can severely hinder the effectiveness of their OSINT operations. He’ll also talk about what really matters with operational security (OPSEC) and how we can improve our OPSEC with minimal cost.
WebinarOpen-Source Intelligence
- 4 Apr 2023
- 19:15 UTC
- Matt Edmondson
Managed Detection and Response: Optimizing External Expertise
As outsourcing and external management of MDR becomes more common, organizations need to know and understand what best practices look like. They also need to understand how to keep the human analysts engaged at the organization and within the MSSP. It’s enough of a challenge to establish then sustain technical interchange between two organizations. How will you maintain trusted professional interchange in a 24x7 operational environment?
WebinarCyber Defense
- 5 Apr 2023
- 10:30 UTC
- Christopher Crowley, Adrian Chambers & Patrick Slattery