Cybersecurity Webinars and Workshops

Cloud Security: Does the Endpoint Still Matter?

Today, detection engineers and blue teamers are focused on cloud threat detection. However, are we thinking about these threats holistically?There are many pathways that threat actors utilize to gain access to cloud resources. Among these are endpoints that contain various cloud credential material.This cloud credential material - in the form of various files, tokens and cookies is often overlooked, with little visibility and telemetry generated.

A Journey into the Fields of Digital Forensics and Incident Response with Julia Gately

"Where do I begin?". We will delve into the route taken by veterans and those new to the field alike to try to answer this question. In this webcast, learn about Julia Gately's journey into this exciting career.

The Case of the Cloudy Deception: A Sherlock Holmes Story

The evil Professor Moriarty is hunting for a hiding Sherlock Holmes, whose whereabouts are only known to Sherlock’s brother, Mycroft.  In this webinar, we will discuss how Moriarty and his gang hacked into Mycroft’s web environment to search for clues, and how Sherlock turned the tables and detected their every step.  This webinar is based on a newly released SANS poster that focuses on Cloud Threat Detection, set in the world of modern-day Sherlock Homes.

Memory Forensics Acquisition in the Cloud

As more and more organizations begin moving their resources to the cloud, analysts and responders must be prepared to operate in this new landscape. One aspect of traditional forensics that we must learn to implement in the cloud is memory forensics.

Managed Detection and Response: Optimizing External Expertise

As outsourcing and external management of MDR becomes more common, organizations need to know and understand what best practices look like. They also need to understand how to keep the human analysts engaged at the organization and within the MSSP. It’s enough of a challenge to establish then sustain technical interchange between two organizations. How will you maintain trusted professional interchange in a 24x7 operational environment?

SANS 2023 - @Night: Best Practices and Lessons Learned from Starting Up Multiple OSINT Teams

Over the course of his career, SEC497: Practical Open-Source Intelligence (OSINT) Course Author Matt Edmondson has started up multiple OSINT teams within the U.S. government and worked with private sector cyber threat intelligence teams ranging from Fortune 100 businesses to small startups. In this talk, Matt will explain how the OSINT landscape is changing and most importantly, he’ll discuss some crucial decisions that organizations can make which can severely hinder the effectiveness of their OSINT operations. He’ll also talk about what really matters with operational security (OPSEC) and how we can improve our OPSEC with minimal cost.

SOC Visibility Triad, Why You Need NDR Alongside EDR

Defenders face numerous challenges in their complex, ever-expanding environments. Good data or network truth shouldn't be one of them. As Corelight is the standard in the NDR market, we will explore how to pivot from NDR to several EDR tools. The demo will showcase popular tools and give analyst workflow examples and use cases.

SANS 2023: Hands-On Cloud Security Workshop: Building Detections in AWS

As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be:Establish proper logging to detect the adversarial activityPerform the attack to generate the appropriate artifactsReview the log event dataCreate an automated process to quickly discover this activityTest that the automated process is working effectively by “re-attacking” the AWS accountPrerequisites: An AWS account with administrator accessSystem Requirements: A modern web browser

SANS 2023 - Featured Keynote: ChatGPT, GANs, and Deep Learning: Pulling Back the Curtain

ChatGPT and other GAN technologies are dominating the news, but can you tell what’s hype and what’s not? How do these AI tools work? Are there security applications or concerns? How difficult is it to use these tools for red/blue/purple team accelerators? In our Featured Keynote, SANS Fellow David Hoelzer will discuss potential risks that advanced AI poses to cybersecurity, and what steps are being taken to address these challenges. He will also demonstrate and explore the ways in which AI can be used to improve cybersecurity and protect against cyber threats. If you want to be in the know on AI, join David for this comprehensive overview and its potential impact on cybersecurity and society.

Community Night SANS Secure Australia 2023 - Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!

Join us in this Community Night talk as Ryan Chapman, author of SANS FOR528: Ransomware for Incident Responders, provides an overview of tools leveraged often by ransomware operators. Though a multitude of ransomware operations and affiliate groups exist, we see a great deal of overlap between the tools leveraged by these groups (and that's an understatement!).

意外と簡単なランサムウェア運用ツールの検出と駆逐

今回のCommunity Nightでは､SANSの「FOR528: Ransomware for Incident Responders」の開発者であるRyan Chapmanが、ランサムウェアの運用に活用されているツールについて紹介します。ランサムウェアの運用については様々なバリエーションが存在しますが、活用されているツールには重複している点も少なくありません。

Community Night – SANS Secure Australia 2023

SANS Community Nights are a great way to stay in touch with your local InfoSec community and to hear the latest in technical wizardry, industry intelligence, and thought leadership from our amazing instructors.