OnDemand SME Support = Get Your Questions Answered! Get an iPad mini, Surface Go 2, of $300 Off Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS @MIC Talk - #LevelUpLabs

  • Monday, June 29, 2020 at 3:30 PM EDT (2020-06-29 19:30:00 UTC)
  • Mathias Fuchs

You can now attend the webcast using your mobile device!



In my LevelUp webcast last week I tried to connect people to set up security labs together. Due to covid-19 people might be more open and have more time at their hands to build their own lab.

We all know, how difficult it is to set up good DFIR labs. Though an individual can never get to a quality that SANS offers, they can do better than just running a VM, firing an exploit and image the machine.

Setting up small office infrastructures and realistically looking C2 infra takes time and depending on where you run it money. So, my idea was, that listeners of the webcast could team up by using the Twitter hashtag #LevelUpLabs to connect. Marketing loves it but it did not get traction yet.

So, over the next few weeks I'll run a Blog/VLOG series called "Building your #LevelUpLab".

The ultimate goal besides connecting people is to give DFIR folks some insights into how attackers run C2 infrastructures and penetration testers the opportunity to see what traces their attacks leave inn the target systems.

Additionally people who try to build up these labs will understand even more, how much effort it takes to set up the SANS labs - hence justifying our price-point.

In the talk I plan going over general considerations of building labs (what to set up, what to simulate and what to leave out, etc), a blueprint of my #LevelUpLab and the limitations of these labs. I will include a number of demos, what I can't cover due to time constraints, I will have covered in the YouTube videos leading up to the talk.

Speaker Bio

Mathias Fuchs

Mathias Fuchs, a certified instructor for SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, is head of cyber defense at InfoGuard AG, where he is actively engaged in building the incident response (IR) practice. In that role he uses his knowledge to shape his team; develop the necessary forensic, IR and threat hunting capabilities; and proactively mediate security vulnerabilities that would be more difficult to manage later. Prior to joining InfoGuard, Mathias was a principal consultant at Mandiant, where he led large-scale cybersecurity investigations. He also was the lead security architect at T-Systems and a security consultant for international clients in a variety of industries.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.