The increasing reliance on cloud computing has driven the need for efficient and secure IT environments, necessitating the development of robust engineering skills across various domains. This keynote speech will explore the world of cloud investigations, focusing on the critical intersection of data engineering, infrastructure as code (IaC), and Continuous Integration/Continuous Deployment (CI/CD) pipelines. Attendees will learn about the lat...

As business applications have moved from monolithic blocks of code to distributed collaborations across multiple services, new forms of vulnerabilities have emerged and attackers have taken advantage of them. To explore this topic, SANS conducted a survey to collect information around industry practices in application security, focusing on Application Programming Interface (API) security awareness, processes, and controls. This webcast present...

Learn real-world cyber security skills from top industry experts during SANSFIRE 2023 (July 10-15). Join us In-Person in Washington, DC or Live Online to experience interactive training with hands-on labs, practice your skills during NetWars Tournaments, and network with your peers in real-time. Find the course that best suits your needs today! SANSFIRE 2023 Features: Hands-on labs in a virtual environment Courses include electronic and printe...

In this series, Dean Parsons will review observed ICS attacks in the Oil & Gas, Electric and Water sectors and map them to the MITRE ATT&CK ICS framework. Throughout this series, Dean will review the most common attacker tactics and techniques used across commonly targeted critical infrastructure sectors. In this first part of the series, Dean will specifically speak to the Oil & Gas sector. This webcast will dive into Initial Acce...

The Rise of Public Cloud Providers such as Amazon Web Services (AWS), Google Cloud (GCP), and Microsoft's Azure which serves the computing needs for small, medium and large businesses all over the world and there is no sign of any slowing the move to the “cloud”. These same Public Cloud providers have had at the same time become more complicated each day as we are creating more complex security holes with new cloud services, offeri...

Salt brightens food flavors and balances tastes such as sweetness, acidity, and bitterness. And like water, it is a necessity for life. However, if you went to a restaurant and they brought out your meal with a huge pile of salt on the side, it wouldn't be a great experience; especially if you had to eat all the salt at once. The salt would be unpleasant in and of itself leaving the actual meal bland and unappetising. Delicious food has the ri...

The Internet Storm Center is all about "coloring your logs". Finding out what matters and doesn't matter by adding context to otherwise abstract datapoints like IP addresses and domain names. This free data is made available via our website and easy to use APIs. During this session, we will talk about some of the changes we have made to make the data more useful and more available. We will also illustrate how you can learn about ongoing trends...

Sliver is rising in popularity and is thought to be taking significant market share off other well known C2 frameworks. Corelight Content can better power your Sliver detections highlighting what's on your network to build a strategic data reserve when you need to investigate an incident. Come learn about Corelight Content, insightful community developed detections, and an open NDR that puts the power in your hands.

This webcast takes a deep dive into the threats highlighted during the annual SANS keynote panel discussion at the RSA® Conference 2023. This webcast will include insight from SANS instructors Ed Skoudis, Heather Mahalik, Dr. Johannes Ullrich, and Katie Nickels on the dangerous new attacks techniques they see emerging. You’ll get actionable advice on the critical skills, processes, and controls needed to protect enterprises from thes...

Operational technology (OT) cyber threats have evolved over the past decade. Combined with increased connectivity from digital transformation projects, it is more critical than ever to implement industrial control system (ICS)-specific visibility capabilities to quickly detect, respond, and recover from potential cyber incidents.To explore this topic, SANS conducted a survey to collect information around industry practices. In this webcast, Ce...