Title |
Speaker |
Date |
Sponsor |
Think Red, Act Blue - Hacking Proprietary Protocols |
Ismael Valezuela, Douglas McKee |
Feb 23, 2021 |
Hunting Logic Attacks - A Peak at SEC552: Bug Bounties & Responsible Disclosure |
Hassan El Hadary |
Jan 19, 2021 |
SEC554: Blockchain and Smart Contract Security - How to lose $280 million with a single line of code |
Steven Walbroehl |
Nov 5, 2020 |
Analyzing the OWASP API Security Top 10 for Pen Testers |
Davin Jackson |
Aug 31, 2020 |
Hunting Logic Attacks - A Peak at SEC552: Bug Bounties & Responsible Disclosure |
Hassan El Hadary |
Aug 27, 2020 |
SANS@MIC - Pen Testing ICS and Other Highly Restricted Environments |
Don C. Weber |
Aug 24, 2020 |
SANS @MIC Talk - No SQL Injection in MongoDB applications |
Adrien de Beaupre |
Jul 27, 2020 |
Cyber Security 101 for Human Resource Professionals |
Kelli Tarala |
Jul 22, 2020 |
SANS@MIC - smbtimeline - An automated timeline for SMB Traffic |
Olaf Schwarz |
Jul 20, 2020 |
Measuring and Improving Cyber Defense Using the MITRE ATT&CK® Framework |
Michael Zuckerman |
Jul 20, 2020 |
Consulting: What Makes a Good Consultant, from the “Hiring One” and “Being One” perspectives |
Ted Demopoulos |
Jul 7, 2020 |
Managing & Showing Value during Red Team Engagements & Purple Team Exercises |
Jorge Orchilles, Phil Wainwright |
Jul 2, 2020 |
Extending Your Home Lab to include Cloud |
Ismael Valezuela, Justin Henderson |
Jul 1, 2020 |
Overt Operations | When the Red Team gets in your Face! |
Matthew Toussain |
Jun 26, 2020 |
Post Modern Web Attacks: Kubernetes Attack Matrix |
Moses Frost |
Jun 19, 2020 |
Domain Name & DNS Hijacking: Learn Best Practices to Mitigate Risk and View Latest Domain Security Findings |
Mark Calandra and Jake Williams |
Jun 19, 2020 |
SANS@MIC - Maldocs: a bit of blue, a bit of red |
Didier Stevens |
Jun 17, 2020 |
SANS@MIC - Catch and release: phishing techniques for the good guys |
Jan Kopriva |
Jun 17, 2020 |
Modern Web Application Penetration Testing Part 3, NoSQL injection with MongoDB |
Adrien de Beaupre |
Jun 5, 2020 |
Enterprise and Cloud | Threat & Vulnerability Assessment |
Matthew Toussain |
Jun 4, 2020 |
SANS@MIC - Waiting for a cyber range exercise is not enough |
Olaf Schwarz |
Jun 3, 2020 |
Winning in the Dark - Defending Serverless Infrastructure in the Cloud |
Eric Johnson |
Jun 3, 2020 |
Introduction to Writing Nmap NSE Scripts |
Jon Gorenflo |
Jun 2, 2020 |
7 Ways to Find Encrypted Network Threats Without Decryption |
Vince Stoffer, John Gamble |
May 28, 2020 |
Post Modern Web Attacks: Cloud Edition |
Moses Frost, Molly Stewart |
May 22, 2020 |
How to Better Understand HR to Accomplish our Cybersecurity Goals |
Jim Michaud |
May 21, 2020 |
SANS @MIC Talk - Modern Domain Deception - The risk, issues and potentiality |
Agostino Panico |
May 17, 2020 |
Building an Enterprise Grade Home Lab |
Ismael Valezuela, Justin Henderson |
May 13, 2020 |
Act Like You’ve Been Hacked |
Ward Cobleigh |
May 12, 2020 |
SANS @MIC Talk - Coalfire penetration testers charged with criminal trespass |
Ben Wright |
May 11, 2020 |
Develop Technical Recall Skills: Spaced Repetition with Anki |
Joshua Wright |
May 8, 2020 |
Mobile Assessments : Attack Surface and Frameworks |
Chris Crowley |
May 7, 2020 |
SANS @MIC Talk - The Hackers Apprentice |
Mark Baggett |
May 6, 2020 |
Multi-factor authentication bypass techniques you need to know about. |
Bryce Galbraith |
May 6, 2020 |
Hacking Jenkins |
Ross Young |
Apr 20, 2020 |
Using Deception Technologies to Defend Against Active Directory and Ransomware Attacks |
Kyle Dickinson, Kevin Fiscus and Rami Mizrahi |
Apr 16, 2020 |
SANS @MIC Talk - Take Back The Advantage - Cyber Deception for the Win! |
Kevin Fiscus |
Apr 15, 2020 |
SANS @MIC Talk- Check out SEC573! More Python3! More Pywars! |
Mark Baggett |
Apr 13, 2020 |
Introduction to Reverse Engineering with IDA Pro - Stephen Sims |
Steve Sims |
Apr 11, 2020 |
Dirty Defense, Done Dirt Cheap: Make your life easier by making mine harder |
Tim Medin |
Apr 9, 2020 |
SANS @MIC Talk - Take Back The Advantage - Cyber Deception for the Win |
Kevin Fiscus |
Apr 8, 2020 |
Detecting the Deceivers through Deception |
Tony Cole and Kevin Fiscus |
Apr 8, 2020 |
Understanding Encryption |
Kevin Ripa |
Apr 7, 2020 |
SANS CyberCast SANS@MIC - Domain Password Auditing with the Cloud |
Matthew Toussain |
Apr 6, 2020 |
IDA Pro Challenge Walk Through & What\'s New in SEC760 \'Advanced Exploit Dev\' |
Huáscar Tejeda and Stephen Sims |
Apr 2, 2020 |
SANS CyberCast - SANS@Mic - The Hackers Apprentice |
Mark Baggett |
Mar 30, 2020 |
SANS CyberCast SANS@MIC - Stealth persistence strategies |
Erik Van Buggenhout |
Mar 30, 2020 |
SANS CyberCast - SANS@Mic -Attacking Serverless Servers: Reverse Engineering the AWS, Azure, and GCP Function Runtimes |
Brandon Evans |
Mar 25, 2020 |
Mobile Application Static Analysis |
Jeroen Beckers |
Mar 5, 2020 |
Adversary Emulation and the C2 Matrix |
Jorge Orchilles |
Feb 26, 2020 |
Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks |
Adrien de Beaupre |
Feb 20, 2020 |
Real-World Implementation of Deception Technologies |
Kyle Dickinson |
Feb 19, 2020 |
Passwords are a Solvable Problem! |
Matthew Toussain |
Feb 13, 2020 |
2019 SANS Holiday Hack Challenge Award Ceremony |
Ed Skoudis, Joshua Wright, Evan Booth |
Feb 13, 2020 |
Why it’s easy being a hacker |
Chris Dale |
Feb 10, 2020 |
Your Password Doesn’t Matter |
Alex Weinert |
Feb 5, 2020 |
Shall We Play a Game? |
Timothy McKenzie |
Jan 28, 2020 |
Microsoft Patch Tuesday crypt32.dll Vulnerability Overview |
Jake Williams and Johannes Ullrich |
Jan 15, 2020 |
Why as a DoD Contractor Do I Need to Be CMMC Compliant |
Katie Arrington |
Jan 14, 2020 |
SEC642: Killing snakes for fun, Flask SSTIs and RCEs in Python |
Moses Frost |
Jan 13, 2020 |
Don’t Patch - Transformative Security Programs go Beyond the Vulnerability |
Matthew Toussain |
Dec 20, 2019 |
WhatsApp End To End Encryption Demystified |
Raul Siles |
Dec 17, 2019 |
Hacking Common AD Misconfigurations |
Tim Medin |
Dec 13, 2019 |
Workforce Development What Works – Jason Jury – Booz Allen Hamilton |
Jason Jury and John Pescatore |
Dec 4, 2019 |
Hiring and retaining for the SOC: Recruit, Train, and Retain Talented and Dedicated Staff |
Christopher Crowley |
Nov 14, 2019 |
SEC588: Cloud Penetration Testing. What is it? What\'s different, and why? |
Moses Frost |
Nov 12, 2019 |
What\'s New in SEC575: Mobile Device Security and Ethical Hacking |
Jeroen Beckers and Erik Van Buggenhout |
Nov 8, 2019 |
Modern Web Application Penetration Testing Part 1, XSS and XSRF Together |
Adrien de Beaupre |
Oct 23, 2019 |
When Hacking Becomes Deadly – InfoSec in the Age of Connected Medical Devices |
Kenneth May |
Oct 7, 2019 |
Red, Blue and Purple Teams: Combining Your Security Capabilities for the Best Outcome |
Chris Dale and Bobby Kuzma |
Oct 3, 2019 |
Dominating the Active Directory |
Erik Van Buggenhout |
Oct 2, 2019 |
How to accelerate your cyber security career |
Stephen Sims |
Sep 5, 2019 |
More Super Practical Blue Tips, Tools, and Lessons Learned from Team-Based Training: Coordinating Hand-Offs, Your Buddy RITA, and Microsoft Message Analyzer FOR THE WIN! |
Ed Skoudis and Joshua Wright |
Aug 28, 2019 |
Kerberos & Attacks 101 |
Tim Medin |
Aug 21, 2019 |
Legacy Authentication and Password Spray, Understanding and Stopping Attackers Favorite TTPs in Azure AD |
Mark Morowczynski and Ramiro Calderon |
Aug 19, 2019 |
Practical tips to build a successful purple team |
Erik Van Buggenhout |
Aug 14, 2019 |
SANS Introduction to Python Course |
Mark Baggett |
Aug 8, 2019 |
A BEAST and a POODLE celebrating SWEET32 |
Bojan Zdrnja |
Jul 25, 2019 |
Tips, Tricks, and Cheats Gathered from Red vs. Blue Team-Based Training |
Ed Skoudis and Joshua Wright |
Jul 23, 2019 |
Effective Threat Hunting |
Chris Dale |
Jul 3, 2019 |
Web App Testing 101 - Getting the Lay of the Land |
Mike Saunders |
Jun 21, 2019 |
Increasing Visibility with Ixia\'s Vision ONE |
Serge Borso and Taran Singh |
Jun 18, 2019 |
Secure Kubernetes Application Delivery |
Andrew Martin |
May 30, 2019 |
Hacking without Domain Admin |
Tim Medin and Mike Saunders |
May 14, 2019 |
Purple PowerShell: Current attack strategies & defenses |
Erik Van Buggenhout |
Apr 10, 2019 |
2018 Holiday Hack Challenge Winner Announcement and More! |
Ed Skoudis, Josh Wright and Evan Booth |
Mar 21, 2019 |
Purple Kerberos: Current attack strategies & defenses |
Erik Van Buggenhout |
Mar 11, 2019 |
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them |
Lenny Zeltser |
Feb 22, 2019 |
Offensive WMI |
Tim Medin |
Feb 12, 2019 |
Assumption of a breach: How a new notion can help protect your enterprise |
Tim Medin |
Jan 9, 2019 |
Introducing the NEW SANS Pen Test Poster - Pivots & Payloads Board Game |
Jason Blanchard, Ed Skoudis, and Mick Douglas |
Dec 19, 2018 |
Tips and Tricks for Customers and Pen Testers on How to Get Higher Value Pen Tests |
Chris Dale |
Dec 13, 2018 |
A Practical Introduction into How to Exploit Blind Vulnerabilities |
Chris Dale |
Dec 11, 2018 |
Passwords and Authentication - Get Up to Speed on Attacks and Defenses |
Chris Dale |
Nov 27, 2018 |
How Hackers Run Circles Around Our Defenses |
Bryce Galbraith |
Oct 29, 2018 |
Web Hacking with Burp Suite - Deep Dive into Burp Suite\'s Functionality for Pen Testers |
Chris Dale |
Oct 25, 2018 |
Web Application Scanning Automation |
Timothy McKenzie |
Oct 17, 2018 |
Python Decorators Demystified |
Mark Baggett |
Oct 16, 2018 |
Hacker Techniques: Covert Command and Control |
Derek Rook |
Sep 17, 2018 |
Password Cracking: Beyond the Basics |
Jon Gorenflo |
Sep 13, 2018 |
Pen Testing with PowerShell: Automating the Boring so You Can Focus on the FUN! |
Mick Douglas |
Sep 6, 2018 |
Pen Testing with PowerShell: Local Privilege Escalation Technique |
Mick Douglas |
Sep 4, 2018 |
Weaponizing Browser-Based Memory Leak Bugs - Stephen Sims |
Stephen Sims |
Aug 23, 2018 |
Pen Testing with PowerShell: Data Exfiltration Techniques |
Mick Douglas |
Aug 23, 2018 |
What’s covered in the SANS Advanced Web App Pen Testing Course – SEC642? Thanks for Asking! |
Moses Hernandez |
Aug 15, 2018 |
Intro to Smart Contract Security |
Jonathan Haas |
Jul 18, 2018 |
PowerShell for PenTesting |
Mick Douglas |
Jul 17, 2018 |
Enterprise Discovery: I Still Haven’t Found What I’m Looking For |
Tim Medin |
Jul 2, 2018 |
Three free Python apps to improve your defenses and response capabilities |
Mark Baggett |
Jun 21, 2018 |
So, You Wanna Be a Pen Tester? 3 Paths to Consider |
Ed Skoudis |
Jun 19, 2018 |
Software Defined Radio for Penetration Testing and Analysis |
Larry Pesce |
Jun 19, 2018 |
Which SANS Pen Test Course Should I Take? SEC560 Edition |
Ed Skoudis and Kevin Fiscus |
Jun 13, 2018 |
Introduction to enterprise vulnerability assessment; finding Struts |
Adrien de Beaupre |
Jun 12, 2018 |
Maximizing Your Existing Toolset… I Got 99 Tools, but Time Ain\'t One |
Jon Gorenflo |
Jun 7, 2018 |
Everything I Didn’t Learn in School |
Jonathan Haas |
May 29, 2018 |
Software Defined Radio for Penetration Testing and Analysis |
James Leyte-Vidal |
May 14, 2018 |
Raspberry Honey Pi: Botnet for Good- A SANS Masters Degree Candidate Presentation |
Tim Collyer |
May 10, 2018 |
Python Regular Expressions for the Win! |
Joff Thyer |
Apr 13, 2018 |
Hitting every rock on the way down: A look back at 15 years of pentesting with John Strand |
John Strand |
Apr 12, 2018 |
A Pentesters perspective: Catching attackers living off the land |
Jack Danahy and Dave Shackleford |
Apr 12, 2018 |
Pausing the attack: deep dive on Pause-Process. A PowerShell script that allows you to pause and unpause potentially malicious attacks |
Mick Douglas |
Apr 5, 2018 |
Being Offensive in the Workplace |
Derek Rook |
Mar 29, 2018 |
Java on the Server? What Could Possibly Go wrong? |
Adrien de Beaupre |
Mar 28, 2018 |
How hackers run circles around our defenses. |
Bryce Galbraith |
Mar 28, 2018 |
2017 SANS Holiday Hack Challenge Award Ceremony & Tutorial |
Ed Skoudis |
Mar 15, 2018 |
OSINT for Pentesters: Finding Targets and Enumerating Systems |
Micah Hoffman and David Mashburn |
Mar 2, 2018 |
Mind the Gap: going beyond penetration testing for security improvement |
Caspian Kilkelly, Senior Advisory Services Consultant, Rapid7 |
Feb 27, 2018 |
A pen-testers perspective on malware & ransomware attack techniques and the state of endpoint security |
Jack Danahy and Jake Williams |
Feb 22, 2018 |
Security is QA: My Path from Developer to Pen Tester |
Joshua Barone |
Feb 16, 2018 |
Windows Baselining and Remote System Assessment: For the Low-low Price of Free-ninety-free |
Chris Pizor and John Strand |
Feb 16, 2018 |
Which SANS Pen Test Course Should I Take? - February 2018 Edition |
Ed Skoudis and Josh Wright |
Feb 14, 2018 |
Debugging Python Code for mere mortals |
Mark Baggett |
Feb 12, 2018 |
2 > 1: Teaming Up for Social Engineering Adventures |
Jen Fox |
Feb 8, 2018 |
OSINT for Everyone: Understanding Risks and Protecting Your Data |
Micah Hoffman and Josh Huff |
Feb 1, 2018 |
Head Hacking |
Tim Medin |
Jan 16, 2018 |
Introducing the *NEW* SANS Pen Test Poster - Building A Better Pen Tester - Blueprint |
Ed Skoudis and Jason Blanchard |
Jan 9, 2018 |
Java on the server? What could possibly go wrong? |
Adrien de Beaupre and Jason Blanchard |
Dec 8, 2017 |
Security and Ops Hacks |
Sonny Sarai |
Dec 6, 2017 |
Which SANS Pen Test Course Should I Take? November 2017 Edition |
Ed Skoudis, Larry Pesce, and Jason Blanchard |
Nov 9, 2017 |
The facts about KRACK and your WPA enabled WiFi network |
Larry Pesce |
Oct 19, 2017 |
Strut(s) your stuff. |
Moses Hernandez |
Oct 13, 2017 |
Beyond Scanning: Delivering Impact Driven Vulnerability Assessments |
Matthew Toussain |
Oct 4, 2017 |
New SANS Course - How to Prevent, Detect & Respond to an Advanced Attack |
Erik Van Buggenhout and Stephen Sims |
Oct 3, 2017 |
Breaking Red - Designing IOCs Using Red Team Tools |
Joe Vest |
Sep 18, 2017 |
Harness the Hacker With Breach and Attack Simulation |
Itzik Kotler and John Pescatore |
Sep 13, 2017 |
Building Your Own Super-Duper Home Lab |
Jeff McJunkin and Jason Blanchard |
Aug 24, 2017 |
Which SANS Pen Test Course Should I Take? |
Ed Skoudis, Mark Baggett, and Jason Blanchard |
Aug 23, 2017 |
PowerShell Proxy |
Kenton Groombridge |
Jul 18, 2017 |
Catch Me if You can - Pentesting vs APT |
Mor Levi |
Jun 15, 2017 |
Obfuscated No More: Practical Steps for Defeating Android Obfuscation |
Joshua Wright |
May 5, 2017 |
WikiLeaks\' Release of CIA Hacking Tools: What Security Professionals Need to Know |
Jake Williams and Rick McElroy |
Apr 26, 2017 |
Profiling Online Personas: Are We Sharing Too Much? |
Micah Hoffman and Lance Spitzner |
Mar 23, 2017 |
Breaking Red - Understanding Threats through Red Teaming |
Joe Vest and James Tubberville |
Mar 17, 2017 |
I Don\'t Give One IoTA: Introducing the Internet of Things Attack Methodology |
Larry Pesce |
Mar 16, 2017 |
Going Past the Wire: Leveraging Social Engineering in Physical Security Assessments |
Stephanie Carruthers |
Mar 15, 2017 |
The Problems with the Dark Web: From Crime to Complicated Crawling |
Emily Wilson and Alex Viana |
Feb 23, 2017 |
So What\'s It Mean To Hack a Car |
Matt Carpenter |
Feb 21, 2017 |
Elevators as Security Risks... What Goes Up May Let You Down |
Deviant Ollam |
Feb 7, 2017 |
Automating Information Security |
Mark Baggett |
Jan 31, 2017 |
Introducing the NEW SANS Pen Test Poster - White Board of Awesome Command Line Kung-Fu |
Ed Skoudis |
Jan 25, 2017 |
Opening a can of Active Defense and Cyber Deception to confuse and frustrate attackers |
Chris Pizor, Ed Skoudis, and John Strand |
Dec 5, 2016 |
Top Methods Pen Testers Use to Socially Engineer Their Way In |
Dave Shackleford and Lance Spitzner |
Nov 29, 2016 |
Navigating SANS Pen Test Cheat Sheets for Fun and Profit |
Ed Skoudis |
Sep 8, 2016 |
Running a Better Red Team Through Understanding ICS/SCADA Adversary Tactics |
Robert M. Lee |
Aug 10, 2016 |
This phish goes to 11, w/ Guest: “SNOW” [DEF CON 22 Social Engineering CtF - Black Badge Winner] |
Stephanie Carruthers |
May 11, 2016 |
HTTP/2 & Websockets Are Gonna Change the Pen Test World. Are You Ready? |
Justin Searle and Adrien de Beaupre |
Apr 13, 2016 |
Easier Web App Pen Testing by Leveraging Plugins & Extensions |
Micah Hoffman |
Oct 27, 2015 |
Security Evaluation of Mobile Applications using 'App Report Cards' |
Raul Siles |
Oct 13, 2015 |
Complete Application pwnage via Multi-POST XSRF |
Adrien de Beaupre |
Oct 9, 2015 |
Manual Testing is a Must, but Automation is Divine |
Ed Skoudis and John Strand |
Oct 2, 2015 |
DIY vulnerability discovery with DLL Side Loading |
Jake Williams |
Sep 22, 2015 |
What you need to know about Stagefright |
Josh Wright and Brian LaFlamme |
Aug 14, 2015 |
Hacking for the Masses |
Mark Baggett |
Aug 3, 2015 |
SANS NetWars: Building a Better InfoSec Pro with Gamification |
Ed Skoudis, Josh Wright, and Jeff McJunkin |
Jul 14, 2015 |
A Taste of SANS SEC660: Utilizing ROP on Windows 10 |
Stephen Sims |
Jun 22, 2015 |
If it fits, it sniffs: Adventures in WarShipping |
Larry Pesce |
Apr 23, 2015 |
Saboreando SANS SEC575: Seguridad y pen-testing de dispositivos, apps, comunicaciones y entornos moviles |
Raul Siles |
Apr 21, 2015 |
Adventures in High-Value Pen Testing: A Taste of SANS Security 560" by Ed Skoudis |
Ed Skoudis |
Apr 6, 2015 |
How to Build Account Harvesters and Password Guessers with Python |
Ed Skoudis and Michael Murr |
Apr 3, 2015 |
SANS 8 Mobile Device Security Steps |
Christopher Crowley, SANS Certified Instructor |
Mar 31, 2015 |
Pillage the Village Redux: More Pen Test Adventures in Post Exploitation |
John Strand |
Mar 19, 2015 |
Pillage the Village Redux: More Pen Test Adventures in Post Exploitation |
Ed Skoudis, and John Strand |
Feb 26, 2015 |
Shellshock hands-on |
Eric Conrad |
Feb 25, 2015 |
How to Give the Best Pen Test of your Life |
Ed Skoudis, SANS Faculty Fellow |
Dec 18, 2014 |
Securing Personal and Mobile Device Use with Next-Gen Network Access Controls |
Joshua Wright, Jack Marsal, Matt Santill |
Nov 14, 2014 |
CyberCity Hands-on Kinetic Cyber Range Webcast |
Ed Skoudis, Tim Medin |
Nov 11, 2014 |
Ramping Up Your Phishing Program |
Cheryl Conley, Business Area Information Security Officer, Lockheed Martin |
Oct 30, 2014 |
Patch Pwnage: Ripping Apart Microsoft Patches to Build Exploits |
Stephen Sims |
Oct 8, 2014 |
Your App is Leaking! - Bypassing Exploit Mitigations for Pentesters... |
Stephen Sims |
Sep 8, 2014 |
How Not To Fail at a Pen Test |
John Strand and Ed Skoudis |
Aug 25, 2014 |
SQL Injection Exploited |
Micah Hoffman |
Aug 8, 2014 |
Demanding MOAR From Your Vulnerability Assessments & Pen Tests by Ed Skoudis |
Ed Skoudis and Morey J. Haber |
Jul 31, 2014 |
How To Not Fail At Pentesting |
John Strand |
Jul 9, 2014 |
Secrets of Exploiting Blind SQL Injection |
Justin Searle |
Apr 30, 2014 |
OpenSSL "Heartbleed" Vulnerability |
Jake WIlliams |
Apr 9, 2014 |
Your Pen-Test has a Glaring Weakness - Emulating the Attackers Better with Social Engineering |
Dave Shackleford & James Lyne |
Mar 10, 2014 |
SANS Asia-Pacific Series: A Taste of SANS SEC660 - Advanced Penetration Testing: Attacking Network Devices |
|
Mar 5, 2014 |
Secrets of Exploiting Local and Remote File Inclusion |
Justin Searle |
Feb 18, 2014 |