Back by Popular Demand: MacBook Air, $400 Amazon Gift Card, or $400 off with OnDemand Courses


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Rekt Casino Hack Assessment Operational Series – Vulnerability Management Gone Wrong Part 1 of 4

  • Wednesday, March 03, 2021 at 11:59 AM EST (2021-03-03 16:59:00 UTC)
  • David Hazar, Jonathan Risto

You can now attend the webcast using your mobile device!



The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personally identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with improperly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to a more mature enterprise risk management approach.

The mistake organizations often make is to focus too much on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of current threats. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet.

If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, the organizations current approach to protecting company assets, or even attending security related conferences, they would have better understood how critical security has become and how much the threat landscape has grown. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge.

In this webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into how Rekt Casino could have better managed their vulnerabilities and how this would have helped prevent the breach from occurring. We will dive into topics such as:

  • Where Rekt Casino could have done a better job identifying and managing their assets and vulnerabilities
  • Rekt Casinos challenges in analyzing, communicating, and resolving their problems.
  • How establishing and maturing a vulnerability management program would have helped

Dont wait! Register now for the other webcasts in the series!

Speaker Bios

Jonathan Risto

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, Jonathan has a deep technical background that provides a wealth of information he draws upon when teaching. Currently, Jonathan works for the Canadian Government conducting cyber security research in the areas of vulnerability management and automated remediation. He is also an independent security consultant. Jonathan is a co-author and instructor for SANS MGT516: Managing Security Vulnerabilities – Enterprise and Cloud, and has been an instructor for both SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC440: Critical Security Controls: Planning, Implementing, and Auditing. Read more about Jonathan here.

David Hazar

David is a security consultant based in Salt Lake City, Utah focused on vulnerability management, application security, cloud security, and DevOps. David has 20+ years of broad, deep technical experience gained from a wide variety of IT functions held throughout his career, including: Developer, Server Admin, Network Admin, Domain Admin, Telephony Admin, Database Admin/Developer, Security Engineer, Risk Manager, and AppSec Engineer. David is a co-author and instructor for MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, an instructor for and contributor to SEC540: Cloud Security and DevOps Automation, and has also developed and led technical security training initiatives at many of the companies for which he has worked. Read more about David here.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.