SANS Community Nights are a great way to stay in touch with your local InfoSec community and to hear the latest in technical wizardry, industry intelligence, and thought leadership from our amazing presenters. Join us at the Grand Copthorne Waterfront Hotel for three upcoming Community Nights in Singapore!
View the agenda below:
6:00pm – 7:00pm
7:00pm - 8:00pm
Tuesday 11th October – Tim Medin
Simple High Impact Attacks
Tim Medin discusses the dumbest red team tricks and hacks encountered over the years. We are going to take the A out of APT (again), because so few attackers really need to use advanced techniques. The simple attacks, not the advanced ones, are often the way organizations are compromised.
Thursday 13th October – Carlos Cajigas
Rapid DFIR Tooling
During a suspected breach or threat hunt, when time is of the essence, interrogating and collecting data from a remote host to discover the cause of an incident, is priority number one. Collecting data from one host may not be a new thing, but what about scaling that collection to one hundred, one thousand hosts or more? During our talk we will discuss tools and techniques that will allow you to quickly and efficiently get that much needed visibility on the suspected compromised hosts. You will learn to use techniques to query for any process or service as well as collect anything from one or all of those hosts remotely and concurrently. Join me as we go over the DFIR tool called Velociraptor for quick and scalable triaging and data collection during an incident.
Tuesday 18th October – Pieter Danhieux
Are you living in AppSec “Groundhog Day”? It’s time to uplift developer security maturity and erase common mistakes
Imagine pouring your heart and soul into a software build, crafting a new piece of our digital world with all the features, functionality, and user experience that has made modern life so darn convenient. Your work is the envy of your peers, and the code shipped without a hitch. Excellent.
… and then, the gloomy presence of a security specialist tears it all down. They’ve found an exploitable security bug, you won’t be shipping your code, and their suggestions on remediation are at odds with everything in your tech stack.
For many developers, this is the harsh reality of their experience not just with the AppSec team, but with cybersecurity in general. “Security” has negative connotations for them, and it really isn’t a priority when feature-building at speed must take center stage.
Developers are key to stemming the flow of common vulnerabilities, and this tension must dissipate if a true DevSecOps environment is to flourish. This session will detail data collected from the results of 100,000 developers playing code-based security challenges, showcasing the current landscape of developers and their security skills, as well as where there is room for significant improvement.
Elevating developers to become not just security-aware, but security-skilled, has been a hot topic for many years, but if the amount of breaches is any indication, the current approach is failing. To understand the right approach to ignite their security fire is to understand the developer, and bring the knowledge to their playground, not the other way around. Pieter Danhieux will leave attendees with a viable direction on where their security program can make developers the star of the show, and save time and money in the long run.
Thursday 20th October – Eric Johnson
Architecting Modern Cloud Systems in Highly Regulated Environments
Building and deploying modern systems in a highly regulated cloud environment is challenging. Regulators impose requirements that are meant to be applied in a traditional on-premise environment, which requires unique design decisions in cloud native environments. In this session, we will explore the key lessons learned building a regulated cloud environment, automating deployments, securing networks, and configuring compliance services. Attendees will leave with an understanding of the key regulatory requirements, and the cloud native security controls for meeting those requirements.