The Best Cybersecurity Training in the World - No Travel Required! Learn More


To attend this webcast, login to your SANS Account or create your Account.

SEC599: Defeating Advanced Adversaries – Discover what’s NEW in Purple Team….Latest course updates!

  • Wednesday, May 22nd, 2019 at 10:30 AM EDT (14:30:00 UTC)
  • Erik Van Buggenhout
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


What is purple teaming? How can Red and Blue teams, not only co-exist, but strengthen each other and thrive? SEC599 was released back in March 2018 and Erik Van Buggenhout has completed the first MAJOR update. Do you want to know how to leverage MITRE ATT&CK? What baseline controls should you implement to have an effective cyber security posture? If these are questions that frequently come to mind, look no further! Weve doubled down on your feedback and added even more to an already very comprehensive course:

  •  AMSI bypasses in Windows 10
  • In-depth coverage of Exploit Guard and its exploit mitigation techniques
  • MITRE ATT&CK framework and how it can be leveraged in your organization
  • Deep-dive on Kerberos security issues and how they can be defended against (Silver tickets, Golden tickets, & Skeleton Key)
  • Effective ways of detecting on MS-DRS replication attacks (DCSync & DCShadow)

Are you considering taking SEC599? Join us on this webcast for an overview of additions and Q&A with the authors!

Speaker Bio

Erik Van Buggenhout

Erik Van Buggenhout is the lead author of SEC599 - Defeating Advanced Adversaries. In addition to SEC599, Erik teaches SEC560 - Network Penetration Testing & Ethical Hacking and SEC542 - Web Application Penetration Testing & Ethical Hacking. He has been involved with SANS since 2009, first as a Mentor, working his way to Community Instructor in 2012 and finally becoming a Certified Instructor in 2016.

Erik loves explaining deeply technical concepts by using war stories, adding a few funny anecdotes here and there. As a testimony of his technical expertise, he has obtained the GSE, GCIA, GNFA, GPEN, GWAPT, GCIH, and GSEC certifications.

In addition to his work with SANS, Erik is the co-founder of Belgian cyber security firm NVISO, which focuses on high-end cyber security services, specializing in government, defense and the financial sector. Together with his team of 20+ technical experts, Erik delivers a wide array of technical security services, including penetration testing, security monitoring & incident response.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.