Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

FOR508 - Advanced Incident Response and Threat Hunting Course Updates: Hunting Guide

  • Monday, November 21, 2016 at 1:00 PM EST (2016-11-21 18:00:00 UTC)
  • Rob Lee

You can now attend the webcast using your mobile device!



SANS authors update course materials two to three times per year to address the latest threats, tools, and methodologies. This fall, the latest version of the FOR508 Digital Forensics, Incident Response & Threat Hunting course debuted. This update begins to shift the focus of the course even more into Threat Hunting methodologies in addition to the Incident Response focus that we have. The update includes a brand new section on how adversaries gain privileged access inside your windows enterprise environments and discusses the latest windows technologies that are mitigating them. Students will learn how adversaries laterally move around your environment. A brand new section on Windows Event Log analysis for incident responders and threat hunters will show hunting teams how to track lateral movement across the enterprise and how to capture even more advanced utilization of powershell exploitations that attackers are utilizing. The latest updates are critical to anyone using their skills in incident response or hunting across multiple phases of an adversarys kill chain.  Were really excited to make an already great course even better - and hope you can join us to learn more.

Please visit to learn more or to view the course run schedule

Speaker Bio

Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. With more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead for vulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team. He also worked for a leading incident response service provider and co-authored Know Your Enemy: Learning About Security Threats, 2nd Edition.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.