Don't Miss Out on the Best Specials of the Year Available Now - Top Training, Top Instruction!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

More Super Practical Blue Tips, Tools, and Lessons Learned from Team-Based Training: Coordinating Hand-Offs, Your Buddy RITA, and Microsoft Message Analyzer FOR THE WIN!

  • Wednesday, August 28, 2019 at 3:30 PM EDT (2019-08-28 19:30:00 UTC)
  • Ed Skoudis, Joshua Wright

You can now attend the webcast using your mobile device!



SANS recently taught a course designed to take cyber security training to the next level: Team-Based Training 570. In this course, we cover several topics to help blue teams up their game. In this webcast, we'll share some of the most practical tips and tools from the whole course. In particular, we'll look at some of the dynamics associated with task hand-off while dealing with a widespread enterprise attack. Also, it is getting harder and harder to identify host compromises using network-based analysis, given data hiding in innocuous protocols, exfiltration through common Internet relay points, and transport encryption mechanisms attackers are using every day. Fortunately, defensive tools are also evolving, giving us new opportunities to catch bad guys at work. Join Ed and Josh as they review the power of free network-based analysis tools including RITA and Microsoft Message Analyzer as a sophisticated mechanism to detect attacker activity in your network. And, to top it off, we'll include some additional previews of Holiday Hack Challenge 2019!

Speaker Bios

Ed Skoudis

Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing.

Joshua Wright

Joshua Wright is a senior technical analyst with Counter Hack, a company devoted to the development of information security challenges for education, evaluation and competition. Through his experiences as a penetration tester, Josh has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations. As an open source software advocate, Josh has conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms. As the technical lead of the innovative CyberCity, Josh also oversees and manages the development of critical training and educational missions for cyberwarriors in the US military, government agencies, and critical infrastructure providers.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.