This workshop is structured around teaching students how to construct access to shared datasets in S3 and more broadly, cementing in their minds the threats to consider when using cloud-native storage. Students will dive headlong into a case study where they will serve as the Cloud Security Architect Consultant for a fictional company undergoing the growing pains of a nascent cloud migration. Tasks in this workshop challenge the student to fir...

An organized, full-coverage risk register can maximize your cybersecurity resources while improving organizational security. Without including third-party risks, however, even the best risk register can fail to stop security incidents. Your risk framework needs to map to internal and external gaps to identify weaknesses and ensure complete coverage. In this webinar, you will learn how to: Create a strong foundation for your cyber and third-par...

Now more than ever, decision makers need actionable and contextualized threat intelligence to increase cyber resilience and to enable mission or business objectives. How can contextual threat intelligence (CTI) allow heads of cybersecurity departments, security strategists, CISOs, SOC managers, threat detection engineers, analysts, hunters, and responders, to make better strategic, operational, and tactical decisions? How can CTI allow organiz...

Connect with the crew behind the annual SANS Holiday Hack Challenge for this special webcast to wrap up another year and name the big winners. Plus, get a sneak peek and a few tips for next year’s challenge, already well under development. Chief creator Ed Skoudis will be joined by members of his team to offer an exclusive behind-the-scenes look at the 2022 event, share how the various challenges came together, cover how players performe...

Metadata is a vital part of digital forensics work but is often glanced over for OSINT. In this workshop, we'll discuss why metadata is far more useful than most analysts give it credit for. We'll cover why many people miss metadata and how it could potentially reveal hidden information. We'll even set up some hands-on exercises so you can practice your skills. Prerequisites: None Prior to the workshop: Please install ExifTool before the works...

In “The 2021 State of Enterprise Breaches,” Forrester found that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach. Ensure your team is prepared for advanced threat actors. Forrester recommends that security leaders must advocate for investment in efforts like digital transformation to help the organization be more adaptable and focus on data and metrics to uncover prevalent attack v...

DNS provides one of the best methods for command and control, covert tunneling, and blind data exfiltration. Burp Collaborator provides a great way to both confirm blind injection, and also exfiltrate data. Penetration testers may prepend names to each DNS request, allowing data exfiltration subject to DNS's length limitations (63 characters per label, 255 characters total name) and character limitations. This webcast will describe methods for...

In today’s world of enterprise security, many technology options are available—perhaps too many. Despite all the options available, security teams still ask the same questions: What is the “right” telemetry? How do we best integrate, and where can we find the best return on our investment? In response to these questions, and the need to disrupt adversary TTPs, eXtended Detection and Response (XDR) technologies have emer...

Enterprise security is a multi-billion-dollar industry, with multiple products and services available to help customers protect their networks. However, do the same types of protections, services, and security exist for personal users and/or employees within enterprises? After all – individuals are most at risk from attacks like account takeover and ID theft, which can also compromise enterprise networks. Unfortunately, most security mon...

Today, most organizations would consider themselves “hybrid”, possessing vast on-premises and cloud footprints. Statistics clearly show that cloud adoption continues to grow, and while businesses love the growth and agility provided by cloud providers, there continue to be challenges in the need to secure these various footprints. IT security teams struggle to keep up with complex product stacks, an ever-growing skills shortage gap...