homepage
Open menu
Go one level top
  • Train and Certify
    Train and Certify

    Immediately apply the skills and techniques learned in SANS courses, ranges, and summits

    • Overview
    • Courses
      • Overview
      • Full Course List
      • By Focus Areas
        • Cloud Security
        • Cyber Defense
        • Cybersecurity and IT Essentials
        • DFIR
        • Industrial Control Systems
        • Offensive Operations
        • Management, Legal, and Audit
      • By Skill Levels
        • New to Cyber
        • Essentials
        • Advanced
        • Expert
      • Training Formats
        • OnDemand
        • In-Person
        • Live Online
      • Course Demos
    • Training Roadmaps
      • Skills Roadmap
      • Focus Area Job Roles
        • Cyber Defence Job Roles
        • Offensive Operations Job Roles
        • DFIR Job Roles
        • Cloud Job Roles
        • ICS Job Roles
        • Leadership Job Roles
      • NICE Framework
        • Security Provisionals
        • Operate and Maintain
        • Oversee and Govern
        • Protect and Defend
        • Analyze
        • Collect and Operate
        • Investigate
        • Industrial Control Systems
    • GIAC Certifications
    • Training Events & Summits
      • Events Overview
      • Event Locations
        • Asia
        • Australia & New Zealand
        • Latin America
        • Mainland Europe
        • Middle East & Africa
        • Scandinavia
        • United Kingdom & Ireland
        • United States & Canada
      • Summits
    • OnDemand
    • Get Started in Cyber
      • Overview
      • Degree and Certificate Programs
      • Scholarships
    • Cyber Ranges
  • Manage Your Team
    Manage Your Team

    Build a world-class cyber team with our workforce development programs

    • Overview
    • Why Work with SANS
    • Group Purchasing
    • Build Your Team
      • Team Development
      • Assessments
      • Private Training
      • Hire Cyber Professionals
      • By Industry
        • Health Care
        • Industrial Control Systems Security
        • Military
    • Leadership Training
  • Security Awareness
    Security Awareness

    Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk

    • Overview
    • Products & Services
      • Security Awareness Training
        • EndUser Training
        • Phishing Platform
      • Specialized
        • Developer Training
        • ICS Engineer Training
        • NERC CIP Training
        • IT Administrator
      • Risk Assessments
        • Knowledge Assessment
        • Culture Assessment
        • Behavioral Risk Assessment
    • OUCH! Newsletter
    • Career Development
      • Overview
      • Training & Courses
      • Professional Credential
    • Blog
    • Partners
    • Reports & Case Studies
  • Resources
    Resources

    Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis

    • Overview
    • Webcasts
    • Free Cybersecurity Events
      • Free Events Overview
      • Summits
      • Solutions Forums
      • Community Nights
    • Content
      • Newsletters
        • NewsBites
        • @RISK
        • OUCH! Newsletter
      • Blog
      • Podcasts
      • Summit Presentations
      • Posters & Cheat Sheets
    • Research
      • White Papers
      • Security Policies
    • Tools
    • Focus Areas
      • Cyber Defense
      • Cloud Security
      • Digital Forensics & Incident Response
      • Industrial Control Systems
      • Cyber Security Leadership
      • Offensive Operations
  • Get Involved
    Get Involved

    Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.

    • Overview
    • Join the Community
    • Work Study
    • Teach for SANS
    • CISO Network
    • Partnerships
    • Sponsorship Opportunities
  • About
    About

    Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills

    • SANS
      • Overview
      • Our Founder
      • Awards
    • Instructors
      • Our Instructors
      • Full Instructor List
    • Mission
      • Our Mission
      • Diversity
      • Scholarships
    • Contact
      • Contact Customer Service
      • Contact Sales
      • Press & Media Enquiries
    • Frequent Asked Questions
    • Customer Reviews
    • Press
    • Careers
  • Contact Sales
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  • Log In
  • Join
    • Account Dashboard
    • Log Out
  1. Home >
  2. Blog >
  3. Executives and Ransomware: Stop, Collaborate, and Listen! Webcast Q&A
370x370_ryan-chapman.jpg
Ryan Chapman

Executives and Ransomware: Stop, Collaborate, and Listen! Webcast Q&A

James Shank of Team Cymru and Ryan Chapman of SANS answer questions on the top themes for ransomware preparedness.

July 6, 2021

In this discussion, James Shank of Team Cymru and Ryan Chapman of SANS presented the top themes for ransomware preparedness. They were unable to answer all the questions live and have summarized them.

Listen to the full webcast here.


Question:

Yes. Secondary attacks are very common. They already KNOW you will pay to protect yourself. Are some of the Ransomware-as-a-service groups looking for cybersecurity insurance holders?

Answer:

Ryan Chapman: Groups have been found to be targeting insurance agency underwritten orgs. Yes. But overall, it’s not a major piece of the “who they target” puzzle.

James Shank: With the supply chain attacks I have been seeing lately, I doubt it will be long before insurance companies get targeted for the purposes of knowing the policies and determining lucrative parties. No, I have not seen this happening yet, but it could become a strategy for some actors in the future, whether they target the insurance data directly or just happen upon it as part of a data leak.


Question:

Paying the ransom isn't always a guarantee. We hear that quite a bit. Are you aware of any polls that have been done to see how often ransom is paid and the decryption key doesn't work or only works on "some" of the assets?

Answer:

Ryan Chapman: MANY polls are available, yet they all seem to point in different directions. It’s a visibility thing. I recommend checking out CoveWare’s blog. They have some solid resources, yet they also claim in their graphics that basically 100% of clients recover data, which is for sure not true.

James Shank: Remember that ransomware actors care about customer service, to an extent. If they develop a reputation of payment not resulting in decryption, this will influence future victim’s decision on whether to pay or not.

Question:

What do law enforcement do when you notify them? Is it just more people to keep informed and ask difficult questions, or do they actually help?

Answer:

Ryan Chapman: Oftentimes, the LE that will eventually take over is the FBI in the US at least. They open cases. They take them seriously. And if you look around at the rest of the world, look at what’s happened with Emotet. And with cl0p. LE is tracking these groups. The more intel they have, the better job they can do!

James Shank: Fully agree with Ryan! I would also add that the metrics and information they gather can result in a more informed coordinated government response. No one knows the true extent of the problem because there isn’t a central clearing house that will be certain to receive this data.


Question:

What are your thoughts on going after the actual payment vector in terms of Ransomware...ie... Banks/Bitcoin?

Answer:

Ryan Chapman: I believe that crypto is just an easy button for the ransomware actors right now. If that’s tossed out of the picture, then what? Bank xfers? What about physical money drops? Ooph. Going after the crypto payments right now is a great way to identify, associate, and shut down. But within X years, that will morph into something else. Most likely something even uglier. “Ship us physical gold bars, to this address, in this foreign nation…”


Question:

When you talk about relationships with law enforcement, should you contact local law enforcement, FBI, or others?

Answer:

James Shank: Both, but for different reasons. In the US, the FBI will be the right contact for most situations. Know your field agents in your local office. They are likely very friendly!


Question:

What's the view on Office 365s protection against ransomware e.g. Sharepoint etc?

Answer:

Ryan Chapman: Helpful. Not an “answer” though. And oftentimes, ransomware detection is detection for the actual encryption events. By that point, data has already been exfil’d, services have fallen over, systems are down, and then you’re alerted. “Hey. You’re already pwn’d.”


Question:

Any suggestions on offline backup solutions and what the architecture of such a solution looks like?

Answer:

Ryan Chapman: I tend to avoid specifying vendors. However, I recommend ensuring that the offline backup solution provider has a few things that could help immensely with ransomware. 1) Immutable storage that has a fast write time and isn’t super expensive. This storage method is sometimes referred to as Write-Once, Read Many (WORM) storage. The idea here is that your backups cannot be destroyed by the ransomware operator, as they cannot be overwritten. 2) PIN-based operations. As an example, Azure Blobs have a feature in which a PIN must be entered for administrative functionality. Should a ransomware operator attempt to delete backup data, they must know the PIN in order to enact the functionality.


Question:

How about a SaaS solution backing us up in case of an AD down scenario? Provided, the SaaS solution gives us least limited access to the critical systems?

Answer:

Ryan Chapman: SaaS can be useful when it comes to accessing critical systems, but the general issue with AD being down is that most functions and services somehow rely on AD being up and available. While a SaaS solution may provide access to products X, Y, or Z, general system availability and access will most likely not be available should AD still remain down. Ransomware actors are also reaching out to AzureAD and implementing their attacks in this space, especially when orgs are running a hybrid AD/AzureAD environment.


Question:

Does the industry find that if you pay the ransom, that you are a more likely target in the future because you are now known as a company that will pay?

Answer:

Ryan Chapman: We do see this, yes. We see clients also being hit by the same group that hit them previously. But most ransomware groups out now pride themselves on their reputations. The number of repeat victims is all over the place depending on where you obtain your stats. For example, ZDNet recently published this article: https://www.zdnet.com/google-amp/article/most-firms-face-second-ransomware-attack-after-paying-off-first/. No way 80% of businesses that paid the ransom experienced another ransomware attack. This number is very, very off from what myself and others in the industry are seeing. Sadly, it’s difficult to get actual percentages on these things due to visibility problems… let alone odd reporting such as this.


Question:

What should be more concentrated in IRP? Should it talk about different phases of response or how, when, and whom we are going to get involved during an active attack?

Answer:

Ryan Chapman: How, when, and whom is far more important in an IRP than the general phases of the attack! By far! Make sure to identify the WHO. Cannot stress that more :). And have backups. And better yet a pool of people for each role.


Question:

It is possible to negotiate with some ransom gangs. What is a good strategy for that? Can I expect to reduce the payment?

Answer:

Ryan Chapman: Absolutely! Ransomware negotiation is just that - Negotiation. Many ransomware groups will perform analysis of an organization’s financials. So they’ll know what can and cannot be paid. Oftentimes they’ll use this as a differentiator. For example, if they request 5 million, but your group is flush with 3.7 million, they may know this. So when you try to drop down below 3.7 million, it may not work.


Question:

Remediation is adding some IOC's to the firewall and updating the AV sig's, correct?

Answer:

Ryan Chapman: Most of the time IOCs are different between attacks. For example, here’s an article that discusses how most REvil attacks are unique: https://www.infosecurity-magazine.com/news/no-two-revil-attacks-are-the-same/. Adding IOCs to a firewall should not be viewed as an outright remediation. The same goes for AV signatures. Those signatures that you add will become obsolete fairly quickly. Rather, I recommend identifying the exact infection vector and patching the software, locking down the RDP resource, or disabling admin on the user’s host that was hit with phishing. Make that locking down all users from being admins on their boxes. True remediation involves knowing exactly how the ransomware attack began and addressing each and every item that could allow that particular event to occur in the future.


Question:

With Agile builds (Azure) how do you streamline the security reviews so that we are not the hindrance and holding up new app deployment?

Answer:

Ryan Chapman: Unfortunately, I’m not familiar enough with Agile builds in Azure. That is, if this is a platform specific question. If the question simply refers to agile builds and how security can be involved, I recommend having a few software developers dedicated to DevSecOps. Have these folks be a part of the code commit review crew. The big thing with agile is, well, being agile! Hah! But honestly it’s all about getting software out that works over bureaucracy. And what is security review anyhow? Yup! Bureaucracy! So the trick is to integrate security review into the general code review.

Any SDLC being followed, including agile, should include code review before pushing to production. Ensuring that someone with eyes on the code has a proper understanding of secure coding practices could do wonders for such groups. One example I often give involves user input sanitization. Should an agile group have a review process in which folks don’t care about input being sanitized, you’re going to have a bad day. But even when in a quick turnaround sprint, a general code review by someone who recognizes the importance of input sanitization could be a huge boon for the security of the resulting product.


Question:

If I understand correctly we should define which payment is okay and document that. But if I'm a victim of an attack the attacker could find this document and know what I'm willing to pay.

Answer:

Ryan Chapman: That is an astute observation!! Our point was more about where the payment would come from, but in order to determine that, you're right: You’d need to review potential payment amounts. We’ve seen plenty of ransomware actors who review financial info and respond with something akin to, “You say you cannot pay X, but we KNOW you can pay X, and here are the documents to prove it.” Imagine if those documents were our recommended documentation!! In this case, perhaps the trick is to ensure that the document itself is triple-encrypted on disk… or perhaps the real trick is to avoid spelling out the actual dollar value in such a vital document.


Question:

What are your thoughts on the future of cyber security insurance fraud, and cyber ransomware tax deductions? Does this not encourage nefarious behavior?

Answer:

Ryan Chapman: Oh 100%. To be dead honest, I’m personally very worried about the possibility of cyber insurance fraud. Think of it this way: Look at ANY type of insurance in existence right now. Is there not some form of fraud relating to X insurance? Of course there is. So what happens when a tax dedication incentives such fraud? The thought makes me shudder, and I don’t have a solid “here’s the fix.” I wish I did, but I don’t.


Question:

How did they recover the bitcoin, since it was not supposed to be traceable?

Answer:

Ryan Chapman: Bitcoin was designed to be public. That’s one of the funny things about the fact that ransomware operators use this particular crypto for payment. The bitcoin “ledger,” as it’s called, allows any entity (like me and you!) to trace transactions. For info, see https://support.blockchain.com/hc/en-us/articles/211160663-How-can-I-look-up-a-transaction-on-the-blockchain-. The trick for recovering bitcoin is usually taking over the infrastructure used by the threat actor on which the bitcoin is stored. Digital wallets for example. Or passwords to cloud-based wallets. One very large ransomware group in fact offered 10% discounts for using Monero, as this particular cryptocurrency is more difficult to trace: https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/.


Question:

Do you think that memory forensics is faster in getting to the bottom of the issue than disk forensics?

Answer:

Ryan Chapman: I think disk forensics is far more common for starters. Most consulting groups like us at BlackBerry don’t get memory images often. The client has usually done something to destroy the memory. That being said, disk forensics allows for review of the file system metadata intact. For example, the full $NTFS and $J files from a Windows box. Those aren’t always contained fully in memory.

Memory can often point to the ransomware itself, but the real issue is that the TAs have been in the environment for hours, days, or weeks. Trying to pull and analyze memory for every system to trace the path and identify what has been done, overall, does not scale well. But collected artifacts with a tool like CyLR or KAPE from all devices. That’s doable. So my money is in disk forensics in terms of “how did this start?

Check out Ryan Chapman's biography and upcoming courses here!
Share:
TwitterLinkedInFacebook
Copy url Url was copied to clipboard
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Tags:
  • Digital Forensics and Incident Response

Related Content

Blog
FOR577.png
Digital Forensics and Incident Response
September 22, 2022
NEW SANS DFIR COURSE IN DEVELOPMENT | FOR577: LINUX Incident Response & Analysis
FOR577: Linux Incident Response & Analysis course teaches how Linux systems work and how to respond and investigate attacks effectively.
Viv_Ross_370x370.png
Viviana Ross
read more
Blog
SANS DFIR FOR478 Survey logo
Digital Forensics and Incident Response
August 12, 2022
NEW DFIR COURSE DEVELPOMENT SURVEY | FOR478
We are seeking input on level of interest, topical coverage, & course duration with an emphasis on the underpinning elements of cyber threat analysis
Viv_Ross_370x370.png
Viviana Ross
read more
Blog
DFIR Summit Promotion
Digital Forensics and Incident Response
August 9, 2022
A Visual Summary of SANS DFIR Summit 2022
On August 15-16, attendees joined us in Austin, TX or tuned in Live Online for the SANS DFIR Summit for its 15th anniversary! We invited Ashton Rodenhiser of Mind's Eye Creative to create graphic recordings of our Summit presentations. If you missed a talk or are looking to view the Summit through...
370x370-person-placeholder.png
Alison Kim
read more
  • Register to Learn
  • Courses
  • Certifications
  • Degree Programs
  • Cyber Ranges
  • Job Tools
  • Security Policy Project
  • Posters & Cheat Sheets
  • White Papers
  • Focus Areas
  • Cyber Defense
  • Cloud Security
  • Cybersecurity Leadership
  • Digital Forensics
  • Industrial Control Systems
  • Offensive Operations
Subscribe to SANS Newsletters
Receive curated news, vulnerabilities, & security awareness tips
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Swaziland
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Yugoslavia
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • © 2023 SANS™ Institute
  • Privacy Policy
  • Contact
  • Careers
  • Twitter
  • Facebook
  • Youtube
  • LinkedIn