Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.

SANS Threat Analysis Rundown


STAR Webcast Series

Hosted by Katie Nickels

The SANS Threat Analysis Rundown (STAR) is an all-new webcast series that brings you the inside scoop on what you need to know about cyber threats. Hosted by SANS Instructor Katie Nickels, this series will bring you different voices from around the community to ensure you're up-to-date on what's happening in the threat landscape so you can take action.

Every day, analysts track what adversaries are doing and how we can better protect our networks based on that - but it's often overwhelming to track everything. STAR will let you hear from the people who do this on a daily basis and break down that information to let you take action on it in your own organization. STAR will approach threats from all angles, and you'll get different takes each month. Some months we'll focus on specific adversaries or malware, and some we'll focus on a broader view like industry targeting.

This is an all-new webcast series from SANS focused on:

  • Actionable information about current threats
  • Bringing together different perspectives from the community
  • Highlighting opinions of experts who track threats daily

Upcoming Webcasts

STAR Webcast: Threat Hunting and the Rise of Targeted eCrime Intrusions

May 26th, 2020

The rise in targeted eCrime attacks was a major focus of CrowdStrikes 2020 Global Threat Report. The OverWatch threat hunting team has continued to see this trend in 2020 as criminal adversaries evolve to capitalize on targeted tactics, particularly with intent to deploy ransomware. This presentation will cover how these intrusions occur and what you should look for in your threat hunting to uncover them. Discussion will include details on the commands the adversaries are actually running to exploit their victims.

Attendees will learn:

  • More about the current eCrime ecosystem
  • Targeted eCrime techniques recently observed in the wild
  • How to use threat hunting to discover eCrime actors before they accomplish their objectives

More Details

Archived Webcasts

Star Webcast: How Threats are Responding to COVID-19

April 10th, 2020

In this webcast, speakers went over:

  • How threats have shifted in some ways based on the COVID-19 pandemic but remained similar in other ways.
  • What cybercriminals are doing on the dark web, including selling medical supplies and discussing a possible "code of ethics" for not going after certain targets.
  • How phishing themes are frequently focusing on the coronavirus to prey on users' uncertainty and fear.
  • Why analysts should consider taking some new defensive actions like focusing on user awareness, while keeping the defenses that have worked in the past.
  • What the cybersecurity community is doing to try to help all of us better respond to these threats.
  • And much more!

Watch Now



STAR Webcast: xHunt - An Anime Fan's Attack Campaign in the Middle East

March 25th, 2020

In this webcast speakers went over:

  • What's been happening with threat activity over the past month, including a shift to COVID-19 themes.
  • How analysts from Unit 42 used unique infrastructure and artifact overlaps to identify a campaign they named xHunt - and why they called it a campaign rather than a group.
  • What techniques the actors behind xHunt used, including DNS tunneling, PowerShell, and Exchange Web Services for Command and Control.
  • How analyzing the adversary's tools gave insights into their possible motivations and targeting.
  • When passive DNS analysis can be useful and when to stop pivoting on infrastructure so you don't take clustering too far.
  • And much more!

Watch Now



STAR Webcast: Cyber Threats To Electric Industry

February 12, 2020

In this webcast, speakers went over:

  • A rundown of recent threats analysts are talking about.
  • How headlines like "the grid is under attack" can be misleading.
  • A break down on how "the grid" is a complex set of assets.
  • How to create activity groups by clustering with the Diamond Model to help teams focus on threats.
  • And much more!

Watch Now


Presenter Bio

Katie Nickels

Katie is a SANS instructor for FOR578: Cyber Threat Intelligence and a Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSidesLV, the FIRST CTI Symposium, multiple SANS Summits, Sp4rkcon, and many other events. Katie is also a member of the SANS CTI Summit and Threat Hunting Summit Advisory Boards. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins