Digital Forensics and Incident Response Training

A DFIRerent View of Web CMS Breaches - Learning from Real Attacks to Build Real Defences

In this session, we take a DFIRerent approach to CMS security. Instead of starting with theory, we’ll walk through real-life breach cases which we responded to (WordPress in both cases), where attackers successfully compromised the sites, achieved their actions on objectives, and left system administrators and defenders playing catch-up.

Save Time with Modern Search Techniques

In Digital Forensics, Incident Response, and other Cyber Security topics, we're frequently tasked with consuming HUGE amounts of data and finding the "interesting" parts quickly. We've had great tools to do this for decades. But, those tools we're optimized for old computing hardware. In our modern day we have setups with multiple CPU cores and flash storage. This talk will present some techniques to speed up those old techniques fully utilizing modern hardware.

Living in the Bubble - Cyber Threat Intelligence: Organic or Artificial?

This talk will highlight pitfalls of incorporating artificial intelligence into analytical workflows, explore areas where it may add value, and aim to provide a somewhat-sceptical, somewhat-optimistic outlook on where CTI may go in the age of AI.

SANS DFIRCON Miami 2025: Keynote - Code, Community, and the Calling: Building Tools That Serve the Mission

Eric shares the power of open-source development, how community collaboration drives innovation, and the value of creating tools that help defenders stay ahead.

Every Move You Make, Every App You Play I'll Be Watching You

Modern smartphones collect an extensive array of data that offers insights into a user's daily behavior, often without them being fully aware of it. This presentation will delve into how digital forensics can analyze such data to reconstruct an individual's actions, routines, and habits.

SANS 2025 Detection and Response Survey Webcast & Forum

The SANS 2025 Detection and Response Survey webcast will delve into the current state of cybersecurity operations, questioning whether the heavy emphasis on endpoint detection is creating new blind spots.

2026 SANS State of Identity Threats & Defenses Survey Insights Event: How Identity Became the New Security Perimeter—And What’s Next

Overview Identity has become the new battleground. From SaaS to cloud to legacy Active Directory, it is now the central control point—and attackers know it.