SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Cybersecurity Webinars and Workshops
Unlock industry insights and hands-on learning with upcoming SANS webcasts and workshops. View archived webcasts here.
エンタープライズ クラウド セキュリティ アーキテクチャ パターン: パネル ディスカッション
クラウドはオンプレミス環境よりも本質的に安全というわけではありませんが、そもそも一般的に組織がクラウドに移行する理由はセキュリティではありません。
WebinarCloud Security
- 2 Nov 2023
- 10:00 JST
- David Hazar
A Pragmatic Approach to Conduct OT Penetration
Penetration tests and red team exercises in OT environments are distinct from their IT counterparts. Due to the increased risks associated with OT, it is essential to exercise a much greater degree of caution. This presentation will offer guidance on appropriate actions to take in OT production environments and advise on how to match the level of risk in your test to that of the target environment.
WebinarCyber Defense
- 6 Nov 2023
- 18:00 GST
- Justin Searle
Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes
The evolution of hybrid cloud environments demands innovative solutions to unify on-premise and cloud-based resources seamlessly. This talk, titled "Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes," illuminates the integration challenges and visibility capabilities provided by Entra ID for reconciling identity and access management in hybrid cloud landscapes.
WebinarCloud Security
- 7 Nov 2023
- 09:00 UTC
- Simon Vernon
Looking Ahead to the National Cybersecurity Strategy Implementation Plan
In July 2023, SANS partnered with Carahsoft for the 2023 Government Security Solutions Forum, where cybersecurity preparedness went back to basics. In this webcast, SANS Director of Emerging Security Trends John Pescatore will review the top trends that emerged during the forum. John also uncovers how organizations can prepare for the National Cybersecurity Strategy Implementation Plan, or NCSIP, released by the White House in March 2023. His focus on preparation aims squarely at technology:• What technologies and capabilities exist for me to begin considering?• How do EO 14028 and NCSIP tie into each other?• What technologies put me ahead of the curve?Register for this webcast now, and be among the first to receive the associated white paper written by SANS Certified Instructor Matt Bromiley.
WebinarSecurity Awareness
- 8 Nov 2023
- 13:00 UTC
- John Pescatore, Frank Briguglio, Joye Purser + 1 more
Building a New Cyber Security Alert Matrix
There is a common tug-of-war between SOC staff, detection engineers and CSIRT/DFIR professionals when determining how important or severe an alert or detection is. Detection engineers are continually pushed to find new and creative ways of catching threat actors, whereas SOC and CSIRT staff are on the receiving end of triaging alerts and actioning them.
WebinarDigital Forensics and Incident Response
- 8 Nov 2023
- 18:00 AEDT
- Josh Lemon
The Registry Hives You May be MSIX-ING: Registry Redirection with MS MSIX
In Digital Forensics we use the registry hives to help paint the picture of what a threat actor may have done while in the network. These registry hives can tell us things like what documents were opened, what folders were traversed into and what files may have been opened or saved on the computer.
WebinarDigital Forensics and Incident Response
- 9 Nov 2023
- 13:00 UTC
- Mari DeGrazia
Frameworks, Tools and Techniques: The Journey to Operational Security Effectiveness and Maturity
Just how effective or mature is your security program? Given the multitude of assessment, rating, and cybersecurity frameworks, it can be challenging to determine security operations readiness and resilience through a single measurement or framework. Is effectiveness based on defending against an attack or the ability to mitigate attacks in the first place? Should compliance drive our security strategy, or should our security strategy enable compliance?
WebinarSecurity Awareness
- 9 Nov 2023
- 13:00 UTC
- Dave Shackleford & Greg Notch
Zero Trust Solutions Forum 2023: Use Cases, Adoption Trends, and Prioritization
Zero Trust remains one of the main topics in the cybersecurity industry. But what is Zero Trust really about? The broad theme of Zero Trust is about reducing implicit trust throughout the enterprise. The goal is to take an organization from an old non-defensible architecture based on compliance, controls, and a static protection oriented mindset, to a defensible security architecture based on continuous dynamic threat informed defense, and risk-based adaptive trust.Join our upcoming Solutions Forum on Zero Trust and learn about the latest use cases, adoption trends, and recommendations for prioritizing your Zero Trust projects and initiatives for 2024. Our presenters, led by Matt Bromiley, will cover the key challenges and opportunities in implementing a Zero Trust approach, and share their insights on best practices for securing your digital assets in today's rapidly evolving threat landscape.Whether you are new to Zero Trust or an experienced practitioner, this forum is a must-attend event to understand the policies, procedures and technologies required to enable a zero-trust strategy. Register now and join us for an engaging and informative discussion!
WebinarCyber Defense
- 10 Nov 2023
- 10:30 UTC
- Matt Bromiley
Exploring the Link Between Corruption and Cybercrime
We are confronted by so many cyber threat actors, with the primary focus being on external threats, and when it comes to internal threats, the focus is often on internal negligence. But the reality is we are seeing in more and more cases that external threat actors are actually simply corrupting internal staff members, often in trusted IT and security positions, to overcome even the most sophisticated cyber security systems.
WebinarCyber Defense
- 13 Nov 2023
- 17:30 GST
- Jason Jordaan
GridEx VII 2023
Welcome to GridEx VII 2023 Training Registration Page* Note – this is not for NERC Certified System Operator Continuing Education HoursNERC will be conducting its seventh sector-wide grid security exercise, GridEx VII, in November 2023. GridEx VII is designed to exercise the resilience of the North American electricity system in the face of a coordinated attack from a nation-state adversary. The first grid security exercise took place in November 2011, and has continued to occur every other year providing an opportunity for asset owners and operators across North America to test their incident response plans and operational preparedness. These geographically distributed exercises were designed to execute the electricity sector's crisis response to simulated coordinated cybersecurity and physical security threats and incidents, to strengthen utilities' crisis response functions, and to provide input for lessons learned. GridEx VII is scheduled for November 14-15, 2023.
WebinarIndustrial Control Systems Security
- 14 Nov 2023
- 10:00 UTC
Safeguard Your Business-Critical Web Apps and APIs with a WAF
As more organizations shift application access to the cloud, which minimizes the need for the data center to act as a hub for access and controls, they are realizing the benefits of cloud-brokering solutions that offer strong security capabilities. Nowhere is this more true than application protection, ranging from traditional WAF controls to API protection, bot detection and prevention, and more.
WebinarCloud Security
- 14 Nov 2023
- 13:00 UTC
- Dave Shackleford & Srija Allam
Software Supply Chain Security: Hunting Hidden Threats Before They Strike
Software supply chains are an exploding target for cyberattacks. Software is the largest under-addressed attack surface. Yet plays a significant role in value creation for enterprises and large organizations. 90% of companies have had a security issue with their supply chain, according to a ReversingLabs May 2023 survey. The level of sophistication and capabilities for damage seen during the attacks on 3CX, SolarWinds, and others has evolved to a point where organizations should examine their ability to detect these active threats.
WebinarCloud Security
- 15 Nov 2023
- 13:00 UTC
- Dave Shackleford, Jasmine Noel & Saša Zdjelar