Training
Featured CourseView All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Inside the Most Dangerous New Attack Techniques

A SANS and RSAC™ collaboration revealing how the world’s most dangerous cyberattacks are advancing—and what it means for today’s security leaders.

Unlock the Latest White Paper
Typing on Computer
Jump to:

Fear the Dark: Preventing Lack of Data in Digital Forensic Incident Response

White Paper

Author: Heather Barnhart, SANS Fellow and Head of Faculty

Heather explores how gaps in forensic artifacts and logging create “dark periods” that blind defenders during critical incidents. Drawing lessons from high-profile cases and recent breaches, this research provides essential guidance for achieving forensic readiness and ensuring visibility. 

Unlock Expert Insights
Eye

Explore more on this topic

Log for Normal to Find Evil: Lessons from Real Crimes and Cyber Attacks

When the logs go dark, attackers win. Heather Barnhart reveals why missing forensic artifacts leave defenders blind—and how to close those gaps before the next breach.

Read Blog

Hunt Evil Poster

Knowing what’s normal on a Windows host helps cut through the noise to quickly locate potential malware. Use this information as a reference to know what’s normal in Windows and to focus your attention on the outliers.

Download the Poster

Explore Digital Forensics and Incident Response (DFIR) Training

DFIR combines cybersecurity, threat hunting, and investigative techniques to identify, analyze, respond to, and proactively hunt cyber threats and criminal activity.

Explore Training

From Asymmetry to Parity: Building a Safe Harbor for AI-Driven Cyber Defense

White Paper

Author: Rob T. Lee, SANS Chief of Research and Chief AI Officer

Examine how privacy and AI laws constrain defenders, and why creating a cybersecurity safe harbor is essential to keep pace with adversaries.

Release Date: October 9

Big Eye

Authorization Sprawl: The Vulnerability Reshaping Modern Attacks

White Paper

Author: Joshua Wright, SANS Fellow

Understand how attackers exploit identity sprawl across SSO, tokens, and SaaS to evade detection, and what defenders can do to regain visibility and control.

Release Date: October 16

Hand

ICS Ransomware and Attacks: Extortion and Sabotage in Critical Infrastructure

White Paper

Author: Tim Conway, SANS Fellow  From production outages to targeted sabotage, Tim Conway examines how criminal and nation-state actors exploit ICS vulnerabilities to create cascading consequences for critical infrastructure. 

Release Date: November 3

Pen and Screen

One Event. The Full Picture.

Join us on November 13 for the exclusive launch of the Most Dangerous New Attack Techniques eBook and a live webcast with the RSAC keynote experts. We’ll connect the dots across four emerging threat domains, from forensics blind spots to AI regulations, authorization sprawl, and destructive ICS threats— and break down what they mean for today’s security leaders.

Reserve Your Spot

Connect with peers and get exclusive insights —  join the RSAC™ Community. Become a Member!