Ransomware attacks are no longer “drive-by” events. Encryption is only one of the problems among a list of others that include operational disruption and data exfiltration for extortion, ransom, sale, and re-sale. Join SANS Senior Instructor Jake Williams, SANS Instructor and BlackBerry Principal Incident Response Consultant Ryan Chapman, and BlackBerry Most Distinguished Threat Researcher Dmitry Bestuzhev as they dissect and anal...

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important fr...

This webinar is a preview of a new report - the updated version of the Top 20 Cyber Attacks on Industrial Control Systems. The attack "ruler" of 20 standard attacks now includes nation-state-grade ransomware, IT-targeted ransomware that triggers "abundance of caution" OT / ICS shutdowns, IT-targeted ransomware that triggers OT shutdowns when IT systems vital to OT networks are impaired, and other timely updates. Cloud-seeded ransomware / supp...

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important fro...

This webcast will provide deeper insight into the threats highlighted during the annual SANS keynote panel discussion at the RSA® Conference 2022. The webcast will include insight from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the dangerous new attacks techniques they see emerging. We will also include actionable advice on the critical skills, processes, and controls needed to protect enterprises...

Regardless of the industry you work in, all large companies have at least a few network segments that are highly sensitive to network probes and scans. Most of the time these are due to legacy systems, especially when those legacy systems are embedded devices not running Windows or Linux. This keynote session will explore the most common issues that cause legacy systems to crash/hang and provide a range of recommendations to configure your sc...

This session will walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? D...

The “cat-and-mouse” game between Attackers and Defenders is as old as the LoveLetter virus. While script-kiddies have matured to become cybercriminals, hacktivists, and state-sponsored adversaries, sometimes it feels like the Defenders are stuck in 1999. We deploy anti-virus solutions, monitor the perimeter, and wait and see. Yes, today’s security technology is “Next Gen,” “2.0,” and “Meta,...

This webcast will showcase the newly developed Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies framework; discuss how FOR578 is one of the seminal trainings available in the market for analysts to develop knowledge, skills, and abilities defined within the framework, and highlight the exact parity via the recently produced SANS blog on the topic. We then speak with a panel of CTI directors on their experience growing up in...

Software supply chain attacks have become a go-to technique for threat actors. But today, most software supply chain attacks target dependencies where threat actors get higher return on investment. After all, why compromise one piece of software when you can compromise every piece of software that uses a given library? Software dependency attacks have been used to deploy Cobalt Strike, steal API keys to compromise assets deployed in AWS, and...