Final Week to Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Register Today!

Offensive Operations Webcasts

SANS Webcasts are live web broadcasts that allow you to hear a knowledgeable speaker while viewing presentation slides that you download in advance. You need either Real Audio Player or Windows Media Player (free downloads are available on the webcast access page), and a SANS Account. If you aren't a member of the SANS.org Community, just go to the Join Community page and fill in the simple registration form, it's free.

Webcasts
Title Speaker Date Sponsor
SEC554: Blockchain and Smart Contract Security - How to lose $280 million with a single line of code Steven Walbroehl Nov 5, 2020 --
Analyzing the OWASP API Security Top 10 for Pen Testers Davin Jackson Aug 31, 2020 --
Hunting Logic Attacks - A Peak at SEC552: Bug Bounties & Responsible Disclosure Hassan El Hadary Aug 27, 2020 --
SANS@MIC - Pen Testing ICS and Other Highly Restricted Environments Don C. Weber Aug 24, 2020 --
SANS @MIC Talk - No SQL Injection in MongoDB applications Adrien de Beaupre Jul 27, 2020 --
Cyber Security 101 for Human Resource Professionals Kelli Tarala Jul 22, 2020 --
SANS@MIC - smbtimeline - An automated timeline for SMB Traffic Olaf Schwarz Jul 20, 2020 --
Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework Michael Zuckerman Jul 20, 2020 InfoBlox
Consulting: What Makes a Good Consultant, from the “Hiring One” and “Being One” perspectives Ted Demopoulos Jul 7, 2020 --
Managing & Showing Value during Red Team Engagements & Purple Team Exercises Jorge Orchilles, Phil Wainwright Jul 2, 2020 --
Extending Your Home Lab to include Cloud Ismael Valezuela, Justin Henderson Jul 1, 2020 --
Overt Operations | When the Red Team gets in your Face! Matthew Toussain Jun 26, 2020 --
SANS @MIC Talk -Hacking the SRUM and other Devious New Ways to Interrogate Windows Alissa Torres Jun 22, 2020 --
Post Modern Web Attacks: Kubernetes Attack Matrix Moses Frost Jun 19, 2020 --
Domain Name & DNS Hijacking: Learn Best Practices to Mitigate Risk and View Latest Domain Security Findings Mark Calandra and Jake Williams Jun 19, 2020 CSC
SANS@MIC - Maldocs: a bit of blue, a bit of red Didier Stevens Jun 17, 2020 --
SANS@MIC - Catch and release: phishing techniques for the good guys Jan Kopriva Jun 17, 2020 --
Purple Team: How to Achieve Threat Informed Defense Chris Kennedy, Ben Opel, Alissa Torres Jun 5, 2020 AttackIQ
Modern Web Application Penetration Testing Part 3, NoSQL injection with MongoDB Adrien de Beaupre Jun 5, 2020 --
Enterprise and Cloud | Threat & Vulnerability Assessment Matthew Toussain Jun 4, 2020 --
SANS@MIC - Waiting for a cyber range exercise is not enough Olaf Schwarz Jun 3, 2020 --
Winning in the Dark - Defending Serverless Infrastructure in the Cloud Eric Johnson Jun 3, 2020 --
Introduction to Writing Nmap NSE Scripts Jon Gorenflo Jun 2, 2020 --
7 Ways to Find Encrypted Network Threats Without Decryption Vince Stoffer, John Gamble May 28, 2020 Corelight
Post Modern Web Attacks: Cloud Edition Moses Frost, Molly Stewart May 22, 2020 --
How to Better Understand HR to Accomplish our Cybersecurity Goals Jim Michaud May 21, 2020 --
SANS @MIC Talk - Modern Domain Deception - The risk, issues and potentiality Agostino Panico May 17, 2020 --
Building an Enterprise Grade Home Lab Ismael Valezuela, Justin Henderson May 13, 2020 --
Act Like You’ve Been Hacked Ward Cobleigh May 12, 2020 Viavi Solutions
SANS @MIC Talk - Coalfire penetration testers charged with criminal trespass Ben Wright May 11, 2020 --
Develop Technical Recall Skills: Spaced Repetition with Anki Joshua Wright May 8, 2020 --
Mobile Assessments : Attack Surface and Frameworks Chris Crowley May 7, 2020 --
SANS @MIC Talk - The Hackers Apprentice Mark Baggett May 6, 2020 --
Multi-factor authentication bypass techniques you need to know about. Bryce Galbraith May 6, 2020 --
Hacking Jenkins Ross Young Apr 20, 2020 --
Using Deception Technologies to Defend Against Active Directory and Ransomware Attacks Kyle Dickinson, Kevin Fiscus and Rami Mizrahi Apr 16, 2020 Fidelis Cybersecurity
SANS @MIC Talk - Take Back The Advantage - Cyber Deception for the Win! Kevin Fiscus Apr 15, 2020 --
SANS @MIC Talk- Check out SEC573! More Python3! More Pywars! Mark Baggett Apr 13, 2020 --
Introduction to Reverse Engineering with IDA Pro - Stephen Sims Steve Sims Apr 11, 2020 --
Dirty Defense, Done Dirt Cheap: Make your life easier by making mine harder Tim Medin Apr 9, 2020 --
SANS @MIC Talk - Take Back The Advantage - Cyber Deception for the Win Kevin Fiscus Apr 8, 2020 --
Detecting the Deceivers through Deception Tony Cole and Kevin Fiscus Apr 8, 2020 Attivo Networks
Understanding Encryption Kevin Ripa Apr 7, 2020 --
SANS CyberCast SANS@MIC - Domain Password Auditing with the Cloud Matthew Toussain Apr 6, 2020 --
IDA Pro Challenge Walk Through & What\'s New in SEC760 \'Advanced Exploit Dev\' Huáscar Tejeda and Stephen Sims Apr 2, 2020 --
SANS CyberCast - SANS@Mic - The Hackers Apprentice Mark Baggett Mar 30, 2020 --
SANS CyberCast SANS@MIC - Stealth persistence strategies Erik Van Buggenhout Mar 30, 2020 --
SANS CyberCast - SANS@Mic -Attacking Serverless Servers: Reverse Engineering the AWS, Azure, and GCP Function Runtimes Brandon Evans Mar 25, 2020 --
Mobile Application Static Analysis Jeroen Beckers Mar 5, 2020 --
Adversary Emulation and the C2 Matrix Jorge Orchilles Feb 26, 2020 --
Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks Adrien de Beaupre Feb 20, 2020 --
Real-World Implementation of Deception Technologies Kyle Dickinson Feb 19, 2020 Acalvio Technologies, Inc.
Passwords are a Solvable Problem! Matthew Toussain Feb 13, 2020 --
2019 SANS Holiday Hack Challenge Award Ceremony Ed Skoudis, Joshua Wright, Evan Booth Feb 13, 2020 --
Why it’s easy being a hacker Chris Dale Feb 10, 2020 --
Your Password Doesn’t Matter Alex Weinert Feb 5, 2020 Microsoft
Shall We Play a Game? Timothy McKenzie Jan 28, 2020 --
Microsoft Patch Tuesday crypt32.dll Vulnerability Overview Jake Williams and Johannes Ullrich Jan 15, 2020 --
Why as a DoD Contractor Do I Need to Be CMMC Compliant Katie Arrington Jan 14, 2020 --
SEC642: Killing snakes for fun, Flask SSTIs and RCEs in Python Moses Frost Jan 13, 2020 --
Don’t Patch - Transformative Security Programs go Beyond the Vulnerability Matthew Toussain Dec 20, 2019 --
WhatsApp End To End Encryption Demystified Raul Siles Dec 17, 2019 --
Hacking Common AD Misconfigurations Tim Medin Dec 13, 2019 --
Workforce Development What Works – Jason Jury – Booz Allen Hamilton Jason Jury and John Pescatore Dec 4, 2019 --
Hiring and retaining for the SOC: Recruit, Train, and Retain Talented and Dedicated Staff Christopher Crowley Nov 14, 2019 --
SEC588: Cloud Penetration Testing. What is it? What\'s different, and why? Moses Frost Nov 12, 2019 --
What\'s New in SEC575: Mobile Device Security and Ethical Hacking Jeroen Beckers and Erik Van Buggenhout Nov 8, 2019 --
Modern Web Application Penetration Testing Part 1, XSS and XSRF Together Adrien de Beaupre Oct 23, 2019 --
When Hacking Becomes Deadly – InfoSec in the Age of Connected Medical Devices Kenneth May Oct 7, 2019 --
Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome Chris Dale and Bobby Kuzma Oct 3, 2019 Core Security Technologies
Dominating the Active Directory Erik Van Buggenhout Oct 2, 2019 --
How to accelerate your cyber security career Stephen Sims Sep 5, 2019 --
More Super Practical Blue Tips, Tools, and Lessons Learned from Team-Based Training: Coordinating Hand-Offs, Your Buddy RITA, and Microsoft Message Analyzer FOR THE WIN! Ed Skoudis and Joshua Wright Aug 28, 2019 --
Kerberos & Attacks 101 Tim Medin Aug 21, 2019 --
Legacy Authentication and Password Spray, Understanding and Stopping Attackers Favorite TTPs in Azure AD Mark Morowczynski and Ramiro Calderon Aug 19, 2019 --
Practical tips to build a successful purple team Erik Van Buggenhout Aug 14, 2019 --
SANS Introduction to Python Course Mark Baggett Aug 8, 2019 --
A BEAST and a POODLE celebrating SWEET32 Bojan Zdrnja Jul 25, 2019 --
Tips, Tricks, and Cheats Gathered from Red vs. Blue Team-Based Training Ed Skoudis and Joshua Wright Jul 23, 2019 --
Effective Threat Hunting Chris Dale Jul 3, 2019 --
Web App Testing 101 - Getting the Lay of the Land Mike Saunders Jun 21, 2019 --
Increasing Visibility with Ixia\'s Vision ONE Serge Borso and Taran Singh Jun 18, 2019 Ixia
Secure Kubernetes Application Delivery Andrew Martin May 30, 2019 --
Hacking without Domain Admin Tim Medin and Mike Saunders May 14, 2019 --
Purple PowerShell: Current attack strategies & defenses Erik Van Buggenhout Apr 10, 2019 --
2018 Holiday Hack Challenge Winner Announcement and More! Ed Skoudis, Josh Wright and Evan Booth Mar 21, 2019 --
Purple Kerberos: Current attack strategies & defenses Erik Van Buggenhout Mar 11, 2019 --
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them Lenny Zeltser Feb 22, 2019 --
It\'s All About Scale! Succeeding in Enterprise Defense Alissa Torres, Jeff McJunkin Feb 20, 2019 --
Offensive WMI Tim Medin Feb 12, 2019 --
Assumption of a breach: How a new notion can help protect your enterprise Tim Medin Jan 9, 2019 --
Introducing the NEW SANS Pen Test Poster - Pivots & Payloads Board Game Jason Blanchard, Ed Skoudis, and Mick Douglas Dec 19, 2018 --
Tips and Tricks for Customers and Pen Testers on How to Get Higher Value Pen Tests Chris Dale Dec 13, 2018 --
A Practical Introduction into How to Exploit Blind Vulnerabilities Chris Dale Dec 11, 2018 --
Passwords and Authentication - Get Up to Speed on Attacks and Defenses Chris Dale Nov 27, 2018 --
How Hackers Run Circles Around Our Defenses Bryce Galbraith Oct 29, 2018 --
Web Hacking with Burp Suite - Deep Dive into Burp Suite\'s Functionality for Pen Testers Chris Dale Oct 25, 2018 --
Web Application Scanning Automation Timothy McKenzie Oct 17, 2018 --
Python Decorators Demystified Mark Baggett Oct 16, 2018 CyberGRX
Hacker Techniques: Covert Command and Control Derek Rook Sep 17, 2018 --
Password Cracking: Beyond the Basics Jon Gorenflo Sep 13, 2018 --
Pen Testing with PowerShell: Automating the Boring so You Can Focus on the FUN! Mick Douglas Sep 6, 2018 --
Pen Testing with PowerShell: Local Privilege Escalation Technique Mick Douglas Sep 4, 2018 --
Weaponizing Browser-Based Memory Leak Bugs - Stephen Sims Stephen Sims Aug 23, 2018 --
Pen Testing with PowerShell: Data Exfiltration Techniques Mick Douglas Aug 23, 2018 --
What’s covered in the SANS Advanced Web App Pen Testing Course – SEC642? Thanks for Asking! Moses Hernandez Aug 15, 2018 --
Intro to Smart Contract Security Jonathan Haas Jul 18, 2018 --
PowerShell for PenTesting Mick Douglas Jul 17, 2018 --
Enterprise Discovery: I Still Haven’t Found What I’m Looking For Tim Medin Jul 2, 2018 --
Three free Python apps to improve your defenses and response capabilities Mark Baggett Jun 21, 2018 --
So, You Wanna Be a Pen Tester? 3 Paths to Consider Ed Skoudis Jun 19, 2018 --
Software Defined Radio for Penetration Testing and Analysis Larry Pesce Jun 19, 2018 --
Which SANS Pen Test Course Should I Take? SEC560 Edition Ed Skoudis and Kevin Fiscus Jun 13, 2018 --
Introduction to enterprise vulnerability assessment; finding Struts Adrien de Beaupre Jun 12, 2018 --
Maximizing Your Existing Toolset… I Got 99 Tools, but Time Ain\'t One Jon Gorenflo Jun 7, 2018 --
Everything I Didn’t Learn in School Jonathan Haas May 29, 2018 --
Software Defined Radio for Penetration Testing and Analysis James Leyte-Vidal May 14, 2018 --
Raspberry Honey Pi: Botnet for Good- A SANS Masters Degree Candidate Presentation Tim Collyer May 10, 2018 --
Python Regular Expressions for the Win! Joff Thyer Apr 13, 2018 --
Hitting every rock on the way down: A look back at 15 years of pentesting with John Strand John Strand Apr 12, 2018 --
A Pentesters perspective: Catching attackers living off the land Jack Danahy and Dave Shackleford Apr 12, 2018 Barkly
Pausing the attack: deep dive on Pause-Process. A PowerShell script that allows you to pause and unpause potentially malicious attacks Mick Douglas Apr 5, 2018 --
Being Offensive in the Workplace Derek Rook Mar 29, 2018 --
Java on the Server? What Could Possibly Go wrong? Adrien de Beaupre Mar 28, 2018 --
How hackers run circles around our defenses. Bryce Galbraith Mar 28, 2018 --
2017 SANS Holiday Hack Challenge Award Ceremony & Tutorial Ed Skoudis Mar 15, 2018 --
Could we have prepared for this? Attack Simulations for Blue Team Hardening Alissa Torres Mar 5, 2018 --
OSINT for Pentesters: Finding Targets and Enumerating Systems Micah Hoffman and David Mashburn Mar 2, 2018 --
Mind the Gap: going beyond penetration testing for security improvement Caspian Kilkelly, Senior Advisory Services Consultant, Rapid7 Feb 27, 2018 Rapid7 Inc.
A pen-testers perspective on malware & ransomware attack techniques and the state of endpoint security Jack Danahy and Jake Williams Feb 22, 2018 Barkly
Security is QA: My Path from Developer to Pen Tester Joshua Barone Feb 16, 2018 --
Windows Baselining and Remote System Assessment: For the Low-low Price of Free-ninety-free Chris Pizor and John Strand Feb 16, 2018 --
Which SANS Pen Test Course Should I Take? - February 2018 Edition Ed Skoudis and Josh Wright Feb 14, 2018 --
Debugging Python Code for mere mortals Mark Baggett Feb 12, 2018 --
2 > 1: Teaming Up for Social Engineering Adventures Jen Fox Feb 8, 2018 --
OSINT for Everyone: Understanding Risks and Protecting Your Data Micah Hoffman and Josh Huff Feb 1, 2018 --
Head Hacking Tim Medin Jan 16, 2018 --
Introducing the *NEW* SANS Pen Test Poster - Building A Better Pen Tester - Blueprint Ed Skoudis and Jason Blanchard Jan 9, 2018 --
Java on the server? What could possibly go wrong? Adrien de Beaupre and Jason Blanchard Dec 8, 2017 --
Security and Ops Hacks Sonny Sarai Dec 6, 2017 Rapid7 Inc.
Which SANS Pen Test Course Should I Take? November 2017 Edition Ed Skoudis, Larry Pesce, and Jason Blanchard Nov 9, 2017 --
The facts about KRACK and your WPA enabled WiFi network Larry Pesce Oct 19, 2017 --
Strut(s) your stuff. Moses Hernandez Oct 13, 2017 --
Beyond Scanning: Delivering Impact Driven Vulnerability Assessments Matthew Toussain Oct 4, 2017 --
New SANS Course - How to Prevent, Detect & Respond to an Advanced Attack Erik Van Buggenhout and Stephen Sims Oct 3, 2017 --
Breaking Red - Designing IOCs Using Red Team Tools Joe Vest Sep 18, 2017 --
Harness the Hacker With Breach and Attack Simulation Itzik Kotler and John Pescatore Sep 13, 2017 Safebreach
Building Your Own Super-Duper Home Lab Jeff McJunkin and Jason Blanchard Aug 24, 2017 --
Which SANS Pen Test Course Should I Take? Ed Skoudis, Mark Baggett, and Jason Blanchard Aug 23, 2017 --
PowerShell Proxy Kenton Groombridge Jul 18, 2017 --
Catch Me if You can - Pentesting vs APT Mor Levi Jun 15, 2017 Cybereason
Obfuscated No More: Practical Steps for Defeating Android Obfuscation Joshua Wright May 5, 2017 --
WikiLeaks\' Release of CIA Hacking Tools: What Security Professionals Need to Know Jake Williams and Rick McElroy Apr 26, 2017 Carbon Black
Profiling Online Personas: Are We Sharing Too Much? Micah Hoffman and Lance Spitzner Mar 23, 2017 --
Breaking Red - Understanding Threats through Red Teaming Joe Vest and James Tubberville Mar 17, 2017 --
I Don\'t Give One IoTA: Introducing the Internet of Things Attack Methodology Larry Pesce Mar 16, 2017 --
Going Past the Wire: Leveraging Social Engineering in Physical Security Assessments Stephanie Carruthers Mar 15, 2017 --
The Problems with the Dark Web: From Crime to Complicated Crawling Emily Wilson and Alex Viana Feb 23, 2017 Terbium Labs
So What\'s It Mean To Hack a Car Matt Carpenter Feb 21, 2017 --
Elevators as Security Risks... What Goes Up May Let You Down Deviant Ollam Feb 7, 2017 --
Automating Information Security Mark Baggett Jan 31, 2017 --
Introducing the NEW SANS Pen Test Poster - White Board of Awesome Command Line Kung-Fu Ed Skoudis Jan 25, 2017 --
Opening a can of Active Defense and Cyber Deception to confuse and frustrate attackers Chris Pizor, Ed Skoudis, and John Strand Dec 5, 2016 --
Top Methods Pen Testers Use to Socially Engineer Their Way In Dave Shackleford and Lance Spitzner Nov 29, 2016 --
Navigating SANS Pen Test Cheat Sheets for Fun and Profit Ed Skoudis Sep 8, 2016 --
Running a Better Red Team Through Understanding ICS/SCADA Adversary Tactics Robert M. Lee Aug 10, 2016 --
This phish goes to 11, w/ Guest: “SNOW” [DEF CON 22 Social Engineering CtF - Black Badge Winner] Stephanie Carruthers May 11, 2016 --
HTTP/2 & Websockets Are Gonna Change the Pen Test World. Are You Ready? Justin Searle and Adrien de Beaupre Apr 13, 2016 --
Easier Web App Pen Testing by Leveraging Plugins & Extensions Micah Hoffman Oct 27, 2015 --
Security Evaluation of Mobile Applications using 'App Report Cards' Raul Siles Oct 13, 2015 --
Complete Application pwnage via Multi-POST XSRF Adrien de Beaupre Oct 9, 2015 --
Manual Testing is a Must, but Automation is Divine Ed Skoudis and John Strand Oct 2, 2015 --
DIY vulnerability discovery with DLL Side Loading Jake Williams Sep 22, 2015 --
What you need to know about Stagefright Josh Wright and Brian LaFlamme Aug 14, 2015 Veracode
Hacking for the Masses Mark Baggett Aug 3, 2015 --
SANS NetWars: Building a Better InfoSec Pro with Gamification Ed Skoudis, Josh Wright, and Jeff McJunkin Jul 14, 2015 --
A Taste of SANS SEC660: Utilizing ROP on Windows 10 Stephen Sims Jun 22, 2015 --
If it fits, it sniffs: Adventures in WarShipping Larry Pesce Apr 23, 2015 --
Saboreando SANS SEC575: Seguridad y pen-testing de dispositivos, apps, comunicaciones y entornos moviles Raul Siles Apr 21, 2015 --
Adventures in High-Value Pen Testing: A Taste of SANS Security 560" by Ed Skoudis Ed Skoudis Apr 6, 2015 --
How to Build Account Harvesters and Password Guessers with Python Ed Skoudis and Michael Murr Apr 3, 2015 --
SANS 8 Mobile Device Security Steps Christopher Crowley, SANS Certified Instructor Mar 31, 2015 MobileIron
Pillage the Village Redux: More Pen Test Adventures in Post Exploitation John Strand Mar 19, 2015 --
Pillage the Village Redux: More Pen Test Adventures in Post Exploitation Ed Skoudis, and John Strand Feb 26, 2015 --
Shellshock hands-on Eric Conrad Feb 25, 2015 --
How to Give the Best Pen Test of your Life Ed Skoudis, SANS Faculty Fellow Dec 18, 2014 --
Securing Personal and Mobile Device Use with Next-Gen Network Access Controls Joshua Wright, Jack Marsal, Matt Santill Nov 14, 2014 Forescout Technologies BV
CyberCity Hands-on Kinetic Cyber Range Webcast Ed Skoudis, Tim Medin Nov 11, 2014 --
Ramping Up Your Phishing Program Cheryl Conley, Business Area Information Security Officer, Lockheed Martin Oct 30, 2014 --
Patch Pwnage: Ripping Apart Microsoft Patches to Build Exploits Stephen Sims Oct 8, 2014 --
Your App is Leaking! - Bypassing Exploit Mitigations for Pentesters... Stephen Sims Sep 8, 2014 --
How Not To Fail at a Pen Test John Strand and Ed Skoudis Aug 25, 2014 --
SQL Injection Exploited Micah Hoffman Aug 8, 2014 --
Demanding MOAR From Your Vulnerability Assessments & Pen Tests by Ed Skoudis Ed Skoudis and Morey J. Haber Jul 31, 2014 BeyondTrust
How To Not Fail At Pentesting John Strand Jul 9, 2014 --
Secrets of Exploiting Blind SQL Injection Justin Searle Apr 30, 2014 HP
OpenSSL "Heartbleed" Vulnerability Jake WIlliams Apr 9, 2014 CloudPassage
Your Pen-Test has a Glaring Weakness - Emulating the Attackers Better with Social Engineering Dave Shackleford & James Lyne Mar 10, 2014 --
SANS Asia-Pacific Series: A Taste of SANS SEC660 - Advanced Penetration Testing: Attacking Network Devices Mar 5, 2014 --
Secrets of Exploiting Local and Remote File Inclusion Justin Searle Feb 18, 2014 --

View All webcasts | Subscribe to webcast feed