World-class instructors teaching today's, critical cyber skills - SANS Online Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Think Red, Act Blue - Hacking Proprietary Protocols

  • Tuesday, February 23, 2021 at 10:30 AM EST (2021-02-23 15:30:00 UTC)
  • Ismael Valenzuela, Douglas McKee

You can now attend the webcast using your mobile device!



Nation-states and threat actors are increasingly targeting industrial networks and critical infrastructure. As part of their attacks, they often conduct extensive reconnaissance to discover vulnerabilities that can give them access and full control over critical systems. Some of these may even have the potential to threaten the safety of citizens and personnel inside targeted facilities.

Often we find vendors using proprietary protocols to communicate on our networks. Naturally, these protocols are harder to understand and protect due to a lack of publicly available information. As a result, sophisticated attackers are taking the time to analyze these protocols for vulnerabilities as they too often go unprotected by organizations.

In this webinar, Douglas McKee and Ismael Valenzuela, using their combined 30 years of experience in cybersecurity, will walk through how an adversary can dissect and understand proprietary protocols on your network to find vulnerabilities or leak sensitive information. These same techniques can be used by red teamers as well as blue teamers, to emulate behaviors and anticipate the adversary. We will provide insights using real data embedded into proprietary networking protocols used by vendors and the techniques needed to breakdown and understand this information.

Speaker Bios

Ismael Valenzuela

SANS Certified Instructor Ismael Valenzuela ( is coauthor of the CyberDefense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering, and holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132).

Since he founded one of the first IT Security consultancies in Spain, Ismael Valenzuela has participated as a security professional in numerous projects across the globe over the past 19 years. Prior to his current role as Senior Principal Engineer at McAfee, where he leads research on threat hunting using machine-learning and expert-system driven investigations, Ismael led the delivery of SOC, IR & Forensics services for the Foundstone Services team within Intel globally. Previously, Ismael worked as Global IT Security Manager for iSOFT Group Ltd, one of the world's largest providers of healthcare IT solutions, managing their security operations in more than 40 countries.

Douglas McKee

Douglas McKee (@fulmetalpackets) is a Principal Engineer and Senior Security Researcher for the McAfee Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in penetration testing, reverse engineering, malware analysis and forensics and throughout his career has provided software exploitation training to many audiences, including law enforcement. Doug is a regular speaker at industry conferences such as DEF CON.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.