Thank You to Our Sponsors
.png){kind=logo}
This webinar is offered free of charge through collaboration between SANS and its sponsor(s). If you prefer not to share your registration details with sponsor(s), a recorded webinar will be available approximately 30 days after its initial release through the SANS archive. To access the recording, you will need to create a SANS account, but your information will not be shared with the sponsor(s).
Full Agenda | 10:00am-1:30pm MT
| Timeline (T) | Session Details |
|---|---|
| 10:00am-10:10am | Event Kickoff & Introduction Domenica Lee Crognale, Event Chair, Co-Author, SANS Institute |
| 10:10am-10:45am | When Updates Turn Rogue: The Forensic Trail of a Supply Chain Attack Supply chain attacks are among the most dangerous threats in cybersecurity, not because they exploit software flaws, but because they exploit trust. This session explores several high-impact compromises and includes a hands-on lab using DLL side-loading. See how trusted binaries can be weaponized to deliver attacker-controlled payloads, and learn forensic techniques to trace execution paths, detect tampered binaries, and uncover artifacts left on disk and in memory. Get actionable insights to identify and respond to these stealthy, high-consequence attacks with confidence. Doug Metz, Senior Security Forensics Specialist, Magnet Forensics Jeff Rutherford, Forensic Consultant, Magnet Forensics |
| 10:45am-11:20am | Benchmarking Malware Sandboxes with the AMTSO Evaluation Framework In digital forensics and incident response, confidence in detection tools is vital. This session introduces the Anti-Malware Testing Standards Organization (AMTSO) and its open, vendor-neutral testing frameworks. Attendees will learn how AMTSO’s Testing Protocol Standard and Fundamental Principles of Testing support transparent, repeatable evaluations. We’ll cover why standardized testing matters for DFIR, how labs and vendors can run fair tests, and the real-world impact on tool validation, red teaming, and procurement. John Hawes, Chief Operating Officer, AMTSO |
| 11:20am-11:35pm | Break |
| 11:35pm-12:10pm | Putting the R in CDR: Balancing Speed and Control in Cloud Incident Response Responding to threats in the cloud is delicate - it's not just about eliminating the threat but doing so without causing unintended damage. Cloud environments are complex and unpredictable, forcing security teams to weigh the tradeoff between fast response and a validated, predictable resolution. This webinar will explore how to design a response strategy based on real-time insight that minimizes blast radius, assigns the right level of authority to different teams, and ensures that response actions are both swift and responsible. Learn how to strike the balance between speed and control in cloud detection and response. What You'll Learn Why cloud environments make auto response more complex, and how to implement a guided response model to accelerate MTTR without downtime How to design a response strategy that minimizes blast radius How security teams can strike the balance between speed and control in response How to empower all team members throughout the response process to enhance investigation while limiting burnout. Jason Nations, Field CISO, Stream Security |
| 12:10pm-12:45pm | Presentation Title Coming Soon! Session Details Coming Soon! |
| 12:45pm-1:20pm | Presentation Title Coming Soon! Session Details Coming Soon! |
| 1:20pm-1:30pm | Event Recap & Closing Remarks Domenica Lee Crognale, Event Chair & SANS Senior Instructor |
