Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Cybersecurity Webinars and Workshops

Unlock industry insights and hands-on learning with upcoming SANS webcasts and workshops. View archived webcasts here.

Filter by:
Showing 36 of 834

Tech Tuesday Workshop – Building Out a Hands-On Purple Team Stack, Part 2

As a follow-up of our previous workshop, we will continue building our purple team stack by emulating a number of different techniques and looking at different options for detection. In this particular workshop we will focus on the following topics:Stealing Credentials from LSASSCOM Object HijackingOffice Persistence We will introduce the topics using a short lecture and afterwards get our hands dirty with lab exercises! Prerequisites: Familiarity with Linux and Windows is mandatory System Requirements: Prior to the workshop participants should prepare the following -Download and install the workshop VM: https://sansurl.com/purple-team-stack-workshop-vmInstalled 64-bit host operating systems (Windows is recommended)Download and install VM Workstation Pro 15.5 or higher, VMware Fusion 11.5 or higher, or VMware Workstation Player 15.5 or higher versions on your system prior to the start of the workshopAdobe Acrobat or other PDF readerImportant! An AWS account is required to do hands-on exercises during the workshop. The AWS account must be created prior to the workshop.A credit card should be linked to the AWS account that was created. Estimated usage costs for the AWS account during the workshop are a maximum of $10. For detailed instructions on these preparation steps, please refer to the following URL: https://sansurl.com/purple-team-stack-workshop-readme * Please note that this WILL NOT be recorded. Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

WebinarCyber Defense
Man presenting webcast to laptop screen
  • 6 Apr 2021
  • 10:00 UTC
  • Erik Van Buggenhout & Jean-François Maes
View details

SANS Attack Surface Management Virtual Conference

You will earn 6 CPE credits for attending this virtual event. Forum Format: Virtual - US Eastern Event Overview Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Virtual Conference will take place on April 14, 2021 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with work-from-home transitions, cloud migrations, M&A, shadow IT and the rise of ransomware attacks. Attendees will gain valuable lessons on how to operationalize attack surface management in order to improve their threat intelligence, vulnerability management and offensive security programs.Agenda 10:30 - 10:35 AM EDT - Event Welcome Dave Cowen, @HECFBlog, Forum Chair, SANS Institute, @SANSInstitute 10:35 - 11:05 AM EDT - Defending Forward in Today's Exposed World David "Moose" Wolpoff, @HexadeciMoose, CTO, CO-Founder, Randori, @RandoriSecurity Dan MacDonnell, Retired Rear Admiral, Former Deputy Chief NSA/CSS, Randori, @RandoriSecurity Whether we like it or not, organizations today are on the front lines of an ongoing and growing geopolitical cyberwar. We need look no further than Solarwinds for proof. In this session, former Deputy NSA Chief Rear Admiral Dan MacDonnell and Randori Co-Founder & CTO David Wolpoff will take attendees on a behind the scenes'look into forces driving today's cyber landscape and what they tell us about the future of security. Attendees will leave with a firm understanding of the macro-forces driving today's cyberwar, clarity into why today's approaches won't cut it tomorrow, and why it's essential organizations defend forward - adopting proactive strategies that leverage the attacker's perspective to anticipate threats and test resiliency. 11:05 - 11:35 AM EDT - Getting on Target: Looking at Your Attack Surface Like An Attacker Aaron Portnoy, @aaronportnoy, Principal Scientist, Randori, @RandoriSecurity Fundamental to the rise of attack surface management is a growing recognition that attackers see the world differently. In this session, Aaron Portnoy, Principal Scientist at Randori will break down why that is the case and how red teams, like the Randori Attack Team, can often come to dramatically different conclusions than security teams about an asset - even when both are looking at the same information. He will look at real examples taken from customer environments and break down some of the ways he's see security teams adopting the attacker's perspective to reduce noise, prioritize risk and get on target faster. 11:35 AM - 12:05 PM EDT - Hunting Threat Actors with Attack Surface Management Kyle Howson, Cyber Security Operations Centre Specialist, Air Canada, @AirCanada Dan Pistelli, Security Solutions Engineer, LogicHub, @Logichubhq With a third of successful breaches now originating with unmanaged or unknown assets, understanding your attack surface and being able to prioritize new risks as they emerge has never been more essential. In this session, Air Canada's Kyle Howson and LogicHub's Dan Pistelli will break down how Air Canada is 'integrating the attacker's perspective into their asset, vulnerability, and threat management workflows through LogicHub to hunt for APTs and quickly find, prioritize, and act upon issues as they are discovered. In this session, Kyle and Dan will walk through tangible examples and break down how attendees can replicate these actions in their organization, by:Establishing an external source of truth for threat prioritization between Security and ITIncreasing the efficiency of remediation efforts by combining threat intelligence with real time visibility into their attack surfaceIdentifying process failures and shadow IT that poses categorical risks.Leveraging the attacker's perspective to turn threat data into actionable narratives both executives and practitioners can agree-on.Saving time and money by focusing teams on the specific threats that pose the greatest risk to Air Canada. 12:05 - 12:15 PM EDT - Randori Attack Platform See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations. 12:15 - 12:45 PM EDT - Evaluating Attack Surface Management Tools Pierre Lidome, @texaquila, SANS Instructor and Cyber Hunter, SANS Institute, @SANSInstitute Attack surface management (ASM) is an emerging category that aims to help organizations address these challenges by providing a continuous perspective of an organization's external attack surface. In this session, SANS course author Pierre Lidome will provide an overview of Attack Surface Management, the key use-cases and 'benefits and limitations of today's solutions. Based off his research developing the SANS Guide to Evaluating Attack Surface Management, Pierre will also provide attendees with 'actionable guidance they can use 'when crafting RFPs and PoCs for ASM projects. 12:45 - 12:55 PM EDT - Randori Attack Platform See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations. 12:55 - 1:25 PM EDT - Top IOT/OT Security Attack Vectors Eric McIntyre, @pwnpnw, Director of Research and Development, Randori, @RandoriSecurity Phil Neray, Director of Azure IoT & Industrial Cybersecurity, Microsoft, @Microsoft IoT and OT devices are now everywhere, helping individuals and businesses collect real-time data and automate tasks for greater productivity and efficiency. This is increasingly true in enterprises, as workers rely on a diverse set of smart devices to get their work done. These devices are often unpatched, unmanaged, and invisible to IT and OT teams ' making them soft targets for adversaries seeking to gain access to corporate networks in order to steal sensitive intellectual property or deploy ransomware. In this talk, join Phil Neray from Microsoft and Randori's Eric McIntyre for a look into the top IT and OT Attack Vectors and how organizations are using ASM to reduce their exposure. 1:25 - 2:15 PM EDT - Fireside Chat: Exchanging Zero Days - Where Do We Go From Here? Moderator - Joseph Menn Panelists: Window Snyder, @window, former CISO at Square, Square, @Square Richard Puckett, CISO, SAP, @SAP Stewart Baker, Former General Counsel of NSA David "Moose" Wolpoff, @HexadeciMoose, CTO and CO-Founder, Randori, @RandoriSecurity SolarWinds and Microsoft Exchange were not the first, and they won't be the last, major cyber attacks to leverage zero days to infect tens of thousands of organizations. In this session - attendees will hear from a panel of leading experts from the commercial and public sector on how they see our approaches to security evolving post these two seismic supply chain attacks. Topics discussed will include - what role policies/regulations can play in reducing cyber risk? How can we as a society work together to build more resilient systems? And what role active defense, or "Defending Forward," has in the future of security. 2:15 - 2:25 PM EDT - Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World Joseph Menn, Reuters Cybersecurity Journalist and author Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. 2:25 - 2:30 PM EDT - Wrap-up

WebinarCybersecurity Leadership
Man presenting webcast to laptop screen
  • 14 Apr 2021
  • 10:30 UTC
View details

Tech Tuesday Workshop Cobalt Strike Detection via Log Analysis

Cobalt Strike has become the attack tool of choice among enlightened global threat actors, making an appearance in almost every recent major hack. Cobalt Strike is an extremely capable and stealthy tool suite, but log analysis can level the playing field, providing many opportunities for detection. This workshop will leverage data sourced from SANS FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics to provide insight into how Cobalt Strike operates and how to detect many of its characteristics via endpoint logs. Whether you are just starting out in threat hunting or a FOR508 alumni, there will be something for everyone in this new workshop! Prerequisites: Participants will need a system running the Windows operating system to perform Windows event log analysis (virtual machines are okay).While logs will be provided in CSV format for attendees without access to Windows, your experience will be greatly diminished without native access to Windows logging libraries. Some familiarity with Windows event log is desirable. System Requirements: Prior to the workshop, participants should prepare the following:A host or virtual machine running a Windows 64-bit operating system (Win7-Win10)Download and install Event Log Explorer 'https://eventlogxp.com/download.phpDownload and install Microsoft Sysinternals Sysmon: 'https://docs.microsoft.com/en-us/sysinternals/downloads/sysmonInstall a tool capable of viewing and filtering CSV files (this is particularly important for attendees who do not have a system running the Windows OS) Lab materials should be downloaded here: https://sansurl.com/cobalt-strike-workshop-labs/ An optional final part of the workshop will include working with Cobalt Strike beacon malware. Examples will be given using SANS Linux-based SIFT virtual machine available here: https://digital-forensics.sans.org/community/downloads *Please note: Due to the nature of these workshops, many have a capacity limit, so to help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

WebinarDigital Forensics and Incident Response
Webcast Abstract Image
  • 11 May 2021
  • 13:00 UTC
  • Chad Tilbury
View details

Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience

Calling everyone who wants to join the amazing cyber security industry. In this webinar, we are going to tackle what you can do outside of your normal day to day work responsibilities to gain experience that future cyber security employers love. We will also cover some ways for you to gain some foundational experience to help build your future cyber chops. The resources are there for you and Kevin will walk through examples to get yourself prime for your next cyber dream role.Don't wait! Register now for the other webcasts in the HR + Cybersecurity! Skilling the Gap: Creative Ways to Recruit Top Cyber TalentKnowing Your Applicants: How to Stay Current to Best Assess Your Cyber ApplicantsSlow the Revolving Door of Talent: Creative Ways to Keep Your Existing Cyber Talent in Your OrganizationTransition to Cyber Security From a Non-Cyber Role: Creative Ways to Impress to Land Your Dream Cyber Role

WebinarCyber Defense
Man presenting webcast
  • 13 May 2021
  • 15:30 UTC
  • Kevin Garvey
View details

Ransoming Critical Infrastructure - Emergency Webcast

As ransomware attacks continue to impact organizations around the world, and with recent events like the colonial pipeline impacts, we are seeing more and more attacks that have an adjacent or direct impact on Operational Technology environments. As ransomware attacks continue to rise, how should companies think about the cyber to physical impacts to their OT environments? Organizations responsible for operating and maintaining critical infrastructure environments need to consider the steps they should be pursuing right now before a potential attack occurs, establish and implement procedures on how or if they should operate their systems during an attack, and what actions need to be taken after an attack. Tim Conway & Jeff Shearer will discuss how organizations responsible for operating & maintaining critical infrastructure environments need to consider the following: Steps to pursue before a potential attack Procedures to implement during an attack Actions necessary to take after an attack

WebinarIndustrial Control Systems Security
Webcast Abstract Image
  • 13 May 2021
  • 11:00 UTC
  • Tim Conway & Jeffrey Shearer
View details

Roses are Red, Violets are Blue, PenTera is Purple and We're Here to Hack You

We are all aware of the age old Blue Team vs Red Team blame game. We provide a solution that allows these frenemies to finally unite. Introducing your new best friend, PenTera, the award winning security validation platform supplying unity and bringing these teams together, operating as independent entities to run assessments, validate detections and allow Purple Teams an efficient roadmap to remediation.Purple Team Summit & Training 2021 - Live Online Free Summit: May 24-25 | Courses: May 17-22 & May 26-28 Summit Chairs: Jorge Orchilles & Erik Van Buggenhout | Summit CPE Credits: 12 Red Teams emulate real-world attacks that help an organization understand where vulnerabilities exist, while Blue Teams are responsible for identifying and mitigating vulnerabilities, as well as improving detection and prevention. Effective collaboration between these two teams, who have traditionally worked in separate silos, is essential for any security program looking to strengthen its security posture. To stay ahead of attacks and maximize the value of Red and Blue Teams, high-impact organizations utilize purple team tactics and adversary emulation.

WebinarCyber Defense
Two people presenting a webcast
  • 24 May 2021
  • 13:15 UTC
View details

Secure the Sauce Scavenger Hunt

Planning for Cybersecurity Awareness Month with the Secure the Sauce Scavenger Hunt.

WebinarSecurity Awareness
Webcast Abstract Image
  • 15 Jun 2021
  • 10:00 UTC
  • Neaka Balloge
View details

What's New with the CIS Controls v8

This session will describe the differences between version 7.1 and version 8 of the Center for Internet Security Twenty Critical Security Controls. This major rewrite of the twenty CSCs reflects core changes in today\'s computing and infrastructure environments.

WebinarCyber Defense
Webcast Abstract Image
  • 18 Jun 2021
  • 11:59 UTC
  • Randy Marchany
View details

Expanding the Security Toolkit

Attackers and defenders both have vast toolboxes. In observing thousands upon thousands of breaches, we have seen threat actors use their toolkits extensively to achieve their objectives. Meanwhile, however, defenders tend to become dependent on only one tool or source of telemetry, seldom using everything available to them. Detecting today's threats cannot be done with a single source of evidence. Furthermore, threat actors are increasingly defense-aware, employing evasive countermeasures when necessary. The security industry has turned to MITRE's ATT&CK Matrix to quantify and catalog threat actors and their TTPs. Used by SOCs and toolsets worldwide, ATT&CK provides a way to share threat data and test defenses. However, when mapping to techniques in ATT&CK, visibility is crucial, and more than one data source is necessary. Becoming effective at detecting and stopping threats requires SOCs to expand their understanding of their environment. In this webcast, SANS instructor and IR expert Matt Bromiley and Elastic's Principal Product Marketing Manager James Spiteri look at bringing multiple data sets together to build better detections. Using MITRE ATT&CK as your library, learn how to document threat actor techniques and create a taxonomy for implementing effective detections. Be among the first to receive the associated whitepaper (https://www.sans.org/reading-room/whitepapers/analyst/expanding-security-toolbox-40350) written by Matt Bromiley.

WebinarCyber Defense
Man presenting webcast to laptop screen
  • 23 Jun 2021
  • 15:30 UTC
View details

OT Network Visibility and Detective Controls in a NERC CIP World

NERC CIP is complicated. Integrating solutions into your CIP program is complex. Demonstrating compliance in a zero-deficiency regulatory sector is challenging. Going beyond compliance in pursuit of expanded cybersecurity capabilities and innovative emerging solutions in ICS environments can be confusing. How do you determine the most appropriate operation technology solutions for your NERC CIP program? Are there unique operating models that make certain solutions better than others? In this webcast, SANS Instructor Tim Conway and Dragos Cyber Risk Advisor Jason Christopher look at the NERC CIP standards and explore how to balance technology implementations for resilient operations, cybersecurity, and compliance benefits. Attendees will learn how to integrate solutions into their CIP programs that help drive detection and incident response actions. Be among the first to receive the associated whitepaper written by Tim Conway.

WebinarIndustrial Control Systems Security
Webcast Abstract Image
  • 24 Jun 2021
  • 15:30 UTC
  • Tim Conway
View details

ICS Threat Landscape Update: Active Cyber Defense for Industrial Control Systems

The presentation draws attention to practical threat detection and incident response in industrial control system environments, by dissecting advanced ICS adversary threat capabilities in recent attack campaigns. A focus of the webcast is on ICS adversary Tactics Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs). Dean will illustrate why the cyber weapons and the techniques used in modern attacks may be more important than adversary attribution for tactical ICS incident response. 개요 이 프레젠테이션은 최근 공격 유형들(campaigns)중에서 고급 산업 제어 시스템 (ICS)의 적대적 위협 가능성들(adversary threat capabilities)을 심층 분석하여 산업제어시스템 환경 속에서 일어날 실질적 위협을 감지하고 발생한 사고에 대응하는 것에 초점을 맞추고 있습니다. 이 웹 캐스트에서는 산업 제어 시스템의 공격자 전략과 전술, 그리고 그 과정(Adversary TTPs) 및 침해 지표 (IoCs)에 집중하여 설명 할 것입니다. 강사 Dean은 전술적 산업제어시스템의 사고 대응을 위해 왜 최근 공격에 활용되는 사이버 무기와 기술들이 적대적 속성(adversary attribute)보다 더 중요한지 그 이유를 설명 할 것입니다.

WebinarIndustrial Control Systems Security
Webcast Abstract Image
  • 8 Jul 2021
  • 09:00 UTC
  • Dean Parsons
View details

Cyber42 Game Day: Industrial Edition

Cyber42: Industrial Edition will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Unlike traditional IT networks, industrial equipment is designed to impact the physical world and require special considerations when deploying security technologies. As threats continue to rise targeting these networks, many of which are vital for critical infrastructure (like power, water, and energy), it is more important than ever to understand the impacts on ICS due to a cyber security event and to invest in resilience and security that promotes both reliability and safety. Players will step into the world of Cyber42: Industrial Edition, which is being developed for the upcoming ICS418: ICS Security Essentials for Managers, and address real-world industrial cyber threats from the comfort of their own home! This Game Day will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program. In this simulation, you will compete for the high score across other ICS managers facing the same dilemma: How to protect industrial equipment from shut downs, failure, damage, or worse! Do you have what it takes? Find out by playing the game with us! Important Notes: Cyber42 Game Days utilize three platforms:Webcast to view presenters slides throughout the gameLog into the webcast via your SANS Portal AccountSlack to interact with other players, leaders, and SANS Staff for supportLog in information and directions to be provided a week before Game Day (and at Game Day)Cyber42 Web App online gameDirections to join will be provided at Game Day

WebinarIndustrial Control Systems Security
Man presenting webcast
  • 27 Jul 2021
  • 10:30 UTC
  • Dean Parsons
View details