It’s typical for defenders to learn about the latest adversary tactics, techniques, and procedures (TTPs) from a defense perspective – meaning TTPs are viewed from the lens of “how to mitigate this or prevent it from happening again.” Unfortunately, adversaries are smart problem solvers and can quickly adapt to changes made in enterprise security defenses, and even countermeasures. What is it like to view TTPs through t...

An attacker needs very little other than open source intelligence (OSINT) to profile an organization or individual successfully. But OSINT can also be used to protect against social engineering. In this webcast, SANS Instructor Jeff Lomas and Picnic’s CEO Matt Polak take a look at how enterprises can neutralize vulnerabilities, reduce their attack surface, and automate continuous risk detection. Register today and be among the first to...

Join SANS Certified Instructor Jean-François Maes as he previews new material directly from the updated SANS SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection. Once attackers have gained initial access, they do not want to get caught by the suite of security tools on modern Windows systems. To stay under the radar, attackers leverage Living Off the Land Binaries and Scripts (LOLBAS). These are signe...

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important fro...

There are many business challenges affecting Network Operations and Security teams. CIOs and CISOs alike are finding it more and more difficult to keep up with the sophistication and increasing frequency of modern-day and zero-day threats, while also building a highly collaborative and effective IT team. As businesses today focus more and more on security, there is a need to think outside the box in order to properly mitigate risks and drive n...

This webcast will provide deeper insight into the threats highlighted during the annual SANS keynote panel discussion at the RSA® Conference 2022. The webcast will include insight from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the dangerous new attacks techniques they see emerging. We will also include actionable advice on the critical skills, processes, and controls needed to protect enterprises...

Regardless of the industry you work in, all large companies have at least a few network segments that are highly sensitive to network probes and scans. Most of the time these are due to legacy systems, especially when those legacy systems are embedded devices not running Windows or Linux. This keynote session will explore the most common issues that cause legacy systems to crash/hang and provide a range of recommendations to configure your sc...

This webcast will showcase the newly developed Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies framework; discuss how FOR578 is one of the seminal trainings available in the market for analysts to develop knowledge, skills, and abilities defined within the framework, and highlight the exact parity via the recently produced SANS blog on the topic. We then speak with a panel of CTI directors on their experience growing up in...

Implementing a continuous monitoring strategy is critical for improving system visibility and security. However, there are challenges in achieving visibility with widely diverse environments and endpoints. Additionally, using a disparate set of tools – in on-premises and cloud environments and with remote clients – has proven enormously difficult in the past several years. Fortunately, there are many more options available today th...

Why are ransomware attacks so prevalent?It's because they're effective and profitable for adversaries. We have all heard the horror stories of bad actors gaining access and deploying ransomware on an organization's network, encrypting their data, and then demanding payment to regain access to their systems. The victim organizations are often unprepared and unable to deal with a ransomware attack, leading to severe financial and operational dam...