Live, interactive cybersecurity training available through SANS Live Online. View upcoming events.

SANS Threat Analysis Rundown


STAR Webcast Series

Hosted by Katie Nickels

The SANS Threat Analysis Rundown (STAR) is an all-new webcast series that brings you the inside scoop on what you need to know about cyber threats. Hosted by SANS Instructor Katie Nickels, this series will bring you different voices from around the community to ensure you're up-to-date on what's happening in the threat landscape so you can take action.

Every day, analysts track what adversaries are doing and how we can better protect our networks based on that - but it's often overwhelming to track everything. STAR will let you hear from the people who do this on a daily basis and break down that information to let you take action on it in your own organization. STAR will approach threats from all angles, and you'll get different takes each month. Some months we'll focus on specific adversaries or malware, and some we'll focus on a broader view like industry targeting.

This is an all-new webcast series from SANS focused on:

  • Actionable information about current threats
  • Bringing together different perspectives from the community
  • Highlighting opinions of experts who track threats daily

Upcoming Webcasts

STAR Webcast: Becoming the Adversary: Creating a Defensive Lab to Understand the Offense

August 20th, 2020

One of the best ways to understand threats is to try your hand at being one yourself! In this webcast, Tyrone E. Wilson will share how you can start setting up your defensive lab, no matter what your experience level is. Once you have a lab, you don't have to wait for adversaries to come after you - Tyrone will share ways you can mimic adversaries and then analyze your system to find your activity.

More Details

Archived Webcasts

STAR Webcast: The Only Constant is Change: Tracking Adversary Trends

June 16th, 2020

In this webcast, speakers went over:

  • How events like holidays, global pandemics, or other events might change adversaries daily activities.
  • Key trends and methodology observed in adversaries based on tracking characteristics like malware and infrastructure
  • How these tracking methods can be useful to identify trends as well as limitations to watch out for as you try to derive information about adversaries to improve your teams security and more.

Watch Now



STAR Webcast: Threat Hunting and the Rise of Targeted eCrime Intrusions

May 26th, 2020

In this webcast, speakers went over:

  • How eCrime intrusion trends have compared to state-sponsored intrusions
  • What hunting leads the CrowdStrike Overwatch team has used to identify activity
  • How looking for unusual process trees can assist in identifying adversaries
  • What notable TTPs the Overwatch team has noticed in significant eCrime intrusions
  • How you can look for TTP "bursts" to reduce false positives and try to stop incidents early
  • And much more!

Watch Now



Star Webcast: How Threats are Responding to COVID-19

April 10th, 2020

In this webcast, speakers went over:

  • How threats have shifted in some ways based on the COVID-19 pandemic but remained similar in other ways.
  • What cybercriminals are doing on the dark web, including selling medical supplies and discussing a possible "code of ethics" for not going after certain targets.
  • How phishing themes are frequently focusing on the coronavirus to prey on users' uncertainty and fear.
  • Why analysts should consider taking some new defensive actions like focusing on user awareness, while keeping the defenses that have worked in the past.
  • What the cybersecurity community is doing to try to help all of us better respond to these threats.
  • And much more!

Watch Now



STAR Webcast: xHunt - An Anime Fan's Attack Campaign in the Middle East

March 25th, 2020

In this webcast speakers went over:

  • What's been happening with threat activity over the past month, including a shift to COVID-19 themes.
  • How analysts from Unit 42 used unique infrastructure and artifact overlaps to identify a campaign they named xHunt - and why they called it a campaign rather than a group.
  • What techniques the actors behind xHunt used, including DNS tunneling, PowerShell, and Exchange Web Services for Command and Control.
  • How analyzing the adversary's tools gave insights into their possible motivations and targeting.
  • When passive DNS analysis can be useful and when to stop pivoting on infrastructure so you don't take clustering too far.
  • And much more!

Watch Now



STAR Webcast: Cyber Threats To Electric Industry

February 12, 2020

In this webcast, speakers went over:

  • A rundown of recent threats analysts are talking about.
  • How headlines like "the grid is under attack" can be misleading.
  • A break down on how "the grid" is a complex set of assets.
  • How to create activity groups by clustering with the Diamond Model to help teams focus on threats.
  • And much more!

Watch Now


Presenter Bio

Katie Nickels

Katie is a SANS instructor for FOR578: Cyber Threat Intelligence and a Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSidesLV, the FIRST CTI Symposium, multiple SANS Summits, Sp4rkcon, and many other events. Katie is also a member of the SANS CTI Summit and Threat Hunting Summit Advisory Boards. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins