SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Cybersecurity Webinars and Workshops
Unlock industry insights and hands-on learning with upcoming SANS webcasts and workshops. View archived webcasts here.
Memory Forensics Acquisition in the Cloud
As more and more organizations begin moving their resources to the cloud, analysts and responders must be prepared to operate in this new landscape. One aspect of traditional forensics that we must learn to implement in the cloud is memory forensics.
WebinarDigital Forensics and Incident Response
- 10 Apr 2023
- 13:00 UTC
- Mathias Fuchs & Megan Roddie-Fonseca
The Case of the Cloudy Deception: A Sherlock Holmes Story
The evil Professor Moriarty is hunting for a hiding Sherlock Holmes, whose whereabouts are only known to Sherlock’s brother, Mycroft. In this webinar, we will discuss how Moriarty and his gang hacked into Mycroft’s web environment to search for clues, and how Sherlock turned the tables and detected their every step. This webinar is based on a newly released SANS poster that focuses on Cloud Threat Detection, set in the world of modern-day Sherlock Homes.
WebinarCloud Security
- 11 Apr 2023
- 10:00 UTC
- Shaun McCullough
A Journey into the Fields of Digital Forensics and Incident Response with Julia Gately
"Where do I begin?". We will delve into the route taken by veterans and those new to the field alike to try to answer this question. In this webcast, learn about Julia Gately's journey into this exciting career.
WebinarDigital Forensics and Incident Response
- 12 Apr 2023
- 20:00 UTC
- Kevin Ripa
Cloud Security: Does the Endpoint Still Matter?
Today, detection engineers and blue teamers are focused on cloud threat detection. However, are we thinking about these threats holistically?There are many pathways that threat actors utilize to gain access to cloud resources. Among these are endpoints that contain various cloud credential material.This cloud credential material - in the form of various files, tokens and cookies is often overlooked, with little visibility and telemetry generated.
WebinarCloud Security
- 13 Apr 2023
- 10:30 UTC
- Megan Roddie-Fonseca & Anton Ovrutsky
A SANS First Look at Zero Trust-based Access Management and Remote Access for OT-IT-Cloud
Adoption of remote access solutions continues to increase in parallel with internet growth. A rapidly escalating threat landscape in conjunction with Covid-19, skills shortages, increasing complexity, business automation, and need for data, are driving the demand for more robust, identity-based access management, data security, and secure remote access solutions.
WebinarCyber Defense
- 13 Apr 2023
- 13:00 UTC
- Stephen Mathezer & Vishal Gupta
Accelerate Your ASM Journey: Top 10 Attack Surface Management Use Cases
The move to the cloud and increasing remote work have fragmented attack surfaces, making it easy for attackers to find unmanaged assets with critical exposures. Manually finding and remediating these risks is untenable, so security teams need active attack surface management to not just find the unknown exposures but also automatically fix them.
WebinarCyber Defense
- 18 Apr 2023
- 13:00 UTC
- Abhishek "Abhi" Anbazhagan & Giuliana Sturma
SANS Pen Test Austin 2023: Keynote - UP YOUR Security Game
Join SANS Senior Instructor, Tim Medin, as he discusses the dumbest red team tricks and hacks he has encountered over the years. We are taking the A out of APT for this one, because so few attackers actually need to use advanced techniques in the real world. Developing your career in security does not have to be painful. There are a lot of opportunities to find new and interesting things, no matter if you are completely new to the field, junior level, or an experienced practitioner.
WebinarCyber Defense
- 18 Apr 2023
- 20:15 UTC
2023 Survey Event | Threat Hunting: Focusing on the Hunters and How Best to Support Them
As vendors develop new software or tools for threat hunting, we need to remember that threat hunting is predominantly a human-based activity in looking for incidents that our automated tools have not yet found, or cannot yet detect. This year, our survey will focus on the hunters themselves and how their organizations support threat hunting. Are hunters asked to complete multiple tasks at once? How much focus is given to threat hunting compared with other cybersecurity tasks? We look further at the skills that threat hunters must hone as that are just starting out, to skillsets of those who have been hunting for many years. We again will compare year-on-year trends to see how organizations have shifted their perspectives on threat hunting.
WebinarDigital Forensics and Incident Response
- 19 Apr 2023
- 10:30 UTC
- Mathias Fuchs, John Gamble, Chris Hall + 2 more
Tactical Tripwires
“I am inevitable.” – ThanosIt isn’t a question of “if” but “when”. Your environment will be compromised. It’s inevitable, like Thanos. The adversary has an unlimited set of tools at their disposal. Your perimeter: porous. Your users: gullible. Getting in isn’t as challenging you’d like to think.While you can’t prevent the inevitable, you can nearly always detect it. The adversary must take action once they’re in. They must change their position and move in order to achieve their objective. Sitting still is of no advantage. Is this game over? Nope, it’s game on.They’re on your turf and you have home team advantage! Tactical Tripwires give you the upper hand. Deploying specific, intentional tripwires is like deploying a minefield that the adversary can’t navigate without tipping their hand. If the adversary can’t move unnoticed, then you win! Tactical advantage: yours!Join Gene & Scott as they discuss tripwires and techniques that are easy to deploy and use.
WebinarCyber Defense
- 19 Apr 2023
- 13:30 UTC
- Scott Lynch
SANS Pen Test Austin 2023: Workshop - Building Azure Security Labs using Terraform
The increased importance of the cloud and identity is not lost on attackers. To simulate adversary tradecraft, Red teams must be able to evolve offensive techniques against cloud identity systems. Cloud defenders must adapt quickly to understand these same attacks and instrument defenses. In this SANS Workshop, students will be introduced to the PurpleCloud open-source Azure lab creation tool. Students will learn how to use Terraform to automatically create an Azure Active Directory security lab which can be used for your own security simulations. After automatically creating Azure AD users, Applications, and RBAC role assignments, participants will have hands-on exercises to perform reconnaissance and a specific attack pathway that abuses mis-configured roles and permissions. This workshop is intended for Cloud Architects, Security Engineers, Penetration Testers, Defenders, and anyone looking to learn a little more Azure and Terraform. Prerequisites: • An active Azure subscription (https://portal.azure.com) • An Azure account with Global Administrator permissions Prior to the workshop: 1. Download the Building Azure Security Labs using Terraform virtual machine. Double-click on the OVA file to import the VM with VMware. Boot the VM after import, then login with the username sec588 and the password slingshot. https://sansurl.com/building-azure-labsPassword: jaJDY8hu44b32. Launch Firefox browser and navigate to home (it should auto-launch). 3. Follow the lab 0 instructions to ensure that you have an Azure account and active subscription.4. The Workshop instructions are also available at https://lab.purplecloud.network with the following credentials sec588:sec588 Please note – we will not be able to troubleshoot or support local VM issues or Azure account subscription issues. It is highly encouraged that you download and verify login to the VM before the workshop and that you follow all steps in lab 0 for Azure account and subscription setup. System Requirements: • VMware to launch a customized Slingshot Linux distribution (VMware Workstation Pro, VMware Workstation Player, or VMware Fusion for macOS; trial versions of all three are available, and VMware Workstation Player is available for free for non-commercial use. • 30 GB free hard drive space • At least 8 GB RAM
WebinarCyber Defense
- 19 Apr 2023
- 20:15 UTC
- Jason Ostrom
Managing Apps on BYO and Managed Devices: How to Enforce Policies to Protect Your Data
The number of organizations banning applications due to surveillance and spyware concerns on employee devices continues to grow In 2020, the average smartphone user had 40 apps installed on their mobile phone (source). And Zimperium’s zLab Research team found last year (2022) that 23% of all Android samples and 24% of the iOS apps in the public record are malicious, meaning mobile apps represent a major attack surface.
WebinarCloud Security
- 20 Apr 2023
- 13:00 UTC
- Domenica Lee Crognale, JT Keating & Kern Smith
ターゲット環境に侵入するために用いられるマルウェア技術の変遷
サイバー攻撃の最初の目的はターゲット環境への侵入に成功することです。最初の攻撃ペイロードは境界防御を突破し、ターゲットユーザーの操作を促し、感染させるものが多いでしょう。攻撃者が悪用するテクニックは時代とともに変化してきていますが、この分野では特に顕著なトレンドが見られます。このWebcastでは近年のマルウェアが悪用しているテクニックのトレンドを紹介します。
WebinarCyber Defense
- 26 Apr 2023
- 18:00 JST