Want to see Live Online in action? SANS is launching a new series of free workshops available in the Live Online platform, held every other Tuesday with our top instructors. These workshops are two-hour hands-on virtual environments that give you the opportunity to dive into the material and start trying out tools and techniques that are useful and relevant in focus areas across cybersecurity.
The upcoming workshops are listed out below and will feature the same platform, TA support, and Slack channel benefits that you would get in a Live Online environment. We recommend bookmarking this page and checking back frequently, as we'll be adding more in the days and weeks to come.
Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.
Free Upcoming Live Online Workshops
Building Out a Hands-On Purple Team Stack
Tuesday, February 2nd, 2021 at 10:00am - 12:00pm EST (15:00 UTC)
Duration: 2 Hours
Erik Van Buggenhout
We will start the workshop by laying the foundations that are required to perform successful adversary emulation and purple teaming. We will explain core concepts and tooling required to start doing purple teaming. In true purple team fashion, this includes both tools aimed at blue and red teaming;
- Elastic and SIGMA for detection and visibility
- Covenant as a C2 tool
- Caldera as an automated adversary emulation tool
- VECTR as a purple team tracking tool
Once the introduction is done, we will “get our hands dirty” and spin up an environment to run through some practical exercises using the above tools!
Prerequisites: Familiarity with Linux and Windows is mandatory.
System Requirements: Prior to the workshop participants should prepare the following –
- Download and install the workshop VM: https://sansurl.com/purple-team-stack-workshop-vm
- Installed 64-bit host operating systems (Windows is recommended)
- Download and install VM Workstation Pro 15.5 or higher, VMware Fusion 11.5 or higher, or VMware Workstation Player 15.5 or higher versions on your system prior to the start of the workshop
- Adobe Acrobat or other PDF reader application
- IMPORTANT! An AWS account is required to do hands-on exercises during the workshop. The AWS account must be created prior to the workshop.
- A credit card should be linked to the AWS account that was created. Estimated usage costs for the AWS account during the workshop are a maximum of $10.
- For detailed instructions on these preparation steps, please refer to the following URL: https://sansurl.com/purple-team-stack-workshop-readme
So. Much. Data. How to Correctly Interpret Evidence from Smartphone Data
Tuesday, February 16th, 2021 at 1:00pm - 3:00pm EST (18:00 UTC)
Duration: 2 Hours
Heather Mahalik and Domenica Crognale
Smartphone data can be confusing. There are so many locations, timestamps and synced data that it may be more difficult than you think to put a person at the scene of a crime or behind an activity. For this Tech Tuesday Workshop well walk you through a scenario where the data is confusing. Well show you how to create your own test data, extract it and, most importantly - validate it!
System Requirements: A Mac or PC with permissions to install software. Please join the workshop promptly as we'll be downloading a small tool set at the very beginning.
What is Live Online Training?
Instructor-led, remote delivery of SANS courses & more. SANS Live Online events provide interactive training with all the same additional learning opportunities as in-person events. Choose your course, network with peers, and attend bonus sessions and cyber ranges.
Benefits of Live Online
- Live, interactive sessions with SANS instructors
- Flexible options to complete courses in 1, 2, 3, or 6 weeks
- Hands-on labs in a virtual environment
- Four months of online access to the archive of your course
- Extended access to your course MP3 archive
- Electronic courseware and materials