Tag Archives: SANS

Special Webcast: Purple Teaming: The Pen-Test Grows Up – August 22, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Bryce Galbraith

With 20+ years of experience in the ethical hacking field, and a few million miles, I’ve see a lot. As a consultant, I’ve seen firsthand the inner workings of organizations across the industry sectors. As an instructor, I’ve had the unique privilege of conversing with thousands of professionals from around the world. I’ve seen their faces, I’ve heard their stories, I’ve felt their frustrations.

I’ve spent my entire career studying adversarial Tactics, Techniques, and Procedures (TTPs) to seek understanding, so I can help others understand how adversaries do what they do. I’ve learned many things along the way. Including, not to sugar-coat harsh realities sometimes. So, here goes…

1. If you’re relying on an annual pen-test and traditional static defenses to defend against advanced adversaries – you’re toast.

2. If your Red and Blue Teams see each other as the adversary and measure their success by the other’s failure – you’re toast.

If compliance is the goal – you’re burnt toast.

But, with a few adjustments and a change in alignment, organizations can begin to effectively prevent, detect, and respond to real-world TTPs through adversary emulation and Purple Teaming!

This webcast will cover:

  • Why your annual pen-test is a recipe for disaster, and what you can do about it.
  • Why many Red and Blue Teams are ineffective despite their efforts, and how to turn this around.
  • Several real-world TTPs that adversaries utilize (including demos) to completely dominate organizations, shockingly fast.
  • How to begin to perform adversary emulation and Purple Teaming
  • Several helpful tools and resources you can begin to explore immediately…

As Einstein wisely stated, Insanity is doing the same thing over and over again and expecting different results.

Special Webcast: ICS 612 Practitioner focused Hands on cybersecurity – August 21, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Tim Conway

With the new ICS612 course being released at the Oil and Gas summit in Houston on September 17th, the course authors and instructors will walk through the layout of the course material, labs, learning objectives and future direction as the course progresses through Beta 1 and 2, before a planned release at the ICS Summit in March. Please join us with any questions you may have about the course, prerequisites, materials, whats next, or just to hear from some really excited ICS authors and instructors talk about how this course will help save the world.

Special Webcast: Kerberos & Attacks 101 – August 21, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Tim Medin

Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? If so, then join Tim Medin as he walks you through how to attack Kerberos with ticket attacks and Kerberoasting. Well cover the basics of Kerberos authentication and then show you how the trust model can be exploited for persistence, pivoting, and privilege escalation.

Special Webcast: Leveraging OSINT for Better DFIR Investigations – August 20, 2019 11:00pm US/Eastern

This post was originally published on this site

Speakers: Jeff Lomas and Micah Hoffman

Note: This webcast is free of charge however a SANS portal account is required (see webcast link for details)

SANS Asia-Pacific Webcast Series- Leveraging OSINT for Better DFIR Investigations

Are you a digital forensic examiner or investigator? Do you use OSINT? Are you unsure if you are using OSINT? If you answered yes to any of these questions, this webinar is for you! Nearly all examiners have used OSINT at one point in their work product, but many are not sure if they are maximizing their use of OSINT. SEC487 author and certified SANS instructor Micah Hoffman and law enforcement digital forensic examiner/detective Jeff Lomas will discuss how OSINT techniques can add value to digital forensic investigations, perform a live demo using OSINT in concert with digital forensics, and discuss how digital forensic examiners can improve their OSINT.

Ask The Expert Webcast: Focus On People, Process, and Technology to Take Your SOC to the Next Level – August 20, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: John Pescatore and John Kitchen

Please join us for a webinar featuring John Pescatore, SANS Director of Emerging Technologies and John Kitchen, Anomali Solution Engineering Manager Americas, as they discuss key themes developed through analyzing the results of the SANS Common and Best Practices for Security Operations Centers: 2019 Survey. They will tie real-world SOC experience to the survey findings with an emphasis on people, process and technology. How are SOC managers successfully incorporating SOAR technologies and metrics that show measurable business benefit? And what are SOC organizations doing to tackle the problems associated with staffing and skills gap issues? Take your SOC to the next level with actionable insights.

Special Webcast: Legacy Authentication and Password Spray, Understanding and Stopping Attackers Favorite TTPs in Azure AD – August 19, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Mark Morowczynski and Ramiro Calderon

One of attackers’ favorite techniques today is password spraying. And it should be: in August 2018, 200,000 accounts were compromised using this. Nearly all password spray attacks are targeting legacy authentication protocols. The good news there are several steps you can take to prevent this type of attack. In this session we will focus on what legacy authentication is, how to look for it in your environment and what you need to do to prevent it from compromising your accounts.

Special Webcast: Threat Hunting in the Cloud: Time for a Power-Up? – August 15, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Ben Johnson

Threat hunting is an important weapon in the arsenal of proactive enterprise security. With the shift to the cloud, however, the threat landscape is rapidly evolving. Faced with automated attacks, multiple perimeters to defend, and a growing mobile workforce, threat hunters need to reassess the mission. What is the surface area they need to protect? When does threat hunting stop and incident response start? And whats the difference between threat hunting and detection? In this session, we will discuss these topics and provide guidance for becoming more effective at detection and response in SaaS and IaaS environments.

Special Webcast: The Beginners Guide to Applying Machine Learning to Incident Response – August 15, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Dave Shackelford and Sean McNee

There is a lot of hype around Machine Learning (ML) and its application in infosec. Putting the Machine Learning snake oil aside, according to a recent report conducted by the Ponemon Institute, 49% of security professionals are finding that Machine Learning enhances their ability to prioritize threats and vulnerabilities and 47% say it increases the productivity of security personnel.

In this webinar, join SANS Analyst, Dave Shackleford and Senior Data Scientist, Sean McNee for an introduction to AI and ML, as well as how to identify technologies that actually use ML, and tips for harnessing the power of ML in Incident Response.

In this webinar you will learn:

  • What are AI and ML and how are they different?
  • How can you identify technologies that really use ML and those that just claim to for marketing purposes?
  • Tools and data to help you prioritize threats and vulnerabilities
  • Strategies for applying ML to your Incident Response workflow

Special Webcast: Practical tips to build a successful purple team – August 14, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Erik Van Buggenhout

Purple Team is a hot topic! Many organizations (small to large) are attempting to implement purple team techniques to improve their overall cyber security posture. But what is purple teaming? How can we concretely start doing it? Amongst others, we will try to respond to the following questions:

  • How does purple team compare to red team?
  • How can we improve the “red-blue” feedback loop?
  • What tools are available that can support our purple team efforts?
  • How can we leverage MITRE ATT&CK?
  • What profiles do I need to perform purple teaming?
  • What are some key metrics and KPI’s for your purple team efforts? (or: how to gain management support?)

Analyst Webcast: Stop Letting Security Fail-Identify the True Problem – August 14, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Matt Bromiley and Ian McShane

News headlines could lead us to believe that the problem with cybersecurity is a shortage of skilled professionals. Although many companies could use more staff, the real situation is one of inefficient use of people, processes and technology.

In this new SANS webcast, SANS instructor Matt Bromiley, with Endgame’s Ian McShane, will explore the people, process and technology trifecta to identify weak points. From there, they will discuss how to compensate for deficiencies, maximize the resources you have, and prepare for future security threats. The webcast will also help you improve your company’s security posture with tips on how to empower your employees and help them grow their skills relative to the sophistication of today’s security challenges.

Register now and be among the first to receive the associated white paper written by Matt Bromiley.