Cybersecurity Webinars and Workshops

Guardians of the AI Frontier: MITRE ATLAS™ Unveiled for Navigating AI & ML System Attacks

The landscape of cyber threats against AI and ML systems is ever-evolving, with dire consequences for industries that increasingly rely on these technologies. Staying abreast of the adversary's tactics and techniques is crucial.

SANSFIRE 2023: Keynote - Internet Storm Center: What's New and Current Threat Brief

The Internet Storm Center is all about "coloring your logs". Finding out what matters and doesn't matter by adding context to otherwise abstract datapoints like IP addresses and domain names. This free data is made available via our website and easy to use APIs. During this session, we will talk about some of the changes we have made to make the data more useful and more available. We will also illustrate how you can learn about ongoing trends and improve your skills via our amazing collaborative community.

SANS Review: Google reCAPTCHA Enterprise

In this exclusive webcast, SANS Expert Dave Shackleford and Google Product Manager Badr Salmi share insights based on Google reCAPTCHA Enterprise platform. You will learn how reCAPTCHA Enterprise employs intelligent risk assessment based on real-time user behavior analysis. Download the on-demand webcast now, and discover how reCAPTCHA Enterprise can provide organizations an entire ecosystem of tools for both detecting and responding to fraud.

Dodge the Sliver Bullet and Find the Smoking Gun

Sliver is rising in popularity and is thought to be taking significant market share off other well known C2 frameworks. Corelight Content can better power your Sliver detections highlighting what's on your network to build a strategic data reserve when you need to investigate an incident. Come learn about Corelight Content, insightful community developed detections, and an open NDR that puts the power in your hands.

Advanced Python CTF

Advanced Python CTF based on Mark Baggett’s SEC673 Advanced Information Security Automation with Python.

Hello SANS World! セキュリティの人材育成とスキルアップのためにできること

この講演では、まずはじめにセキュリティ業界の現状を説明し、人材育成の重要性についてお話します。SANSでは70コース以上用意しており、セキュリティの知識レベルに合わせたコースをご受講いただけます。

Building a New Cybersecurity Alert Priority Matrix

There is a common tug-of-war between SOC staff, detection engineers and CSIRT/DFIR professionals when determining how important or severe an alert or detection is.

SANS Cyber Defence Australia 2023 Community Night - July 6

Presentation 1 - DevSecOps - We Are The Champions and 2023 Chris Edmundson, Associate InstructorPresentation 2 - 2023 SOC Survey - Highlights and Deep Drive presentedChristopher Crowley, Senior Instructor

SOF-ELK® を活用してインシデントレスポンスを迅速化

SOF-ELK® (Security Operations and Forensics ELK)は、Elastic Stackのコンポーネントと、インシデントレスポンスやセキュリティ運用業務で必要とされることの多い様々なログフォーマット用の数百のパーサーと数多くのダッシュボードから構成されており、すぐに利用できるように事前に設定されたアプライアンスのようなディストリビューションとして公開されています。

Using SOF-ELK® to Speed Up Incident Response

SOF-ELK® (Security Operations and Forensics ELK) is a public, fully-configured, appliance-like distribution consisting of components from the Elastic Stack as well a hundreds of parsers and numerous dashboard for various log formats commonly encountered in incident response and security operations work.

Containers Workshop: How They Work and How To Assess Them

Our containers workshop will be a two-hour workshop that will focus on how we can assess vulnerabilities in containers. As containers are part of the modern software stack, your company may use containers locally on a system and remotely on servers. Containers can be deployed on stand-alone servers, to a container service like AWS ECS, and on orchestration technologies like Kubernetes. Given how ubiquitous containers are, you will likely either be working with or attacking them at some point in your career.

Threat Hunting via DeepBlueCLI v3

Every incident ends with a lessons learned meeting, and most executive summaries include this bullet point: "Leverage the tools you already paid for"Are you leveraging the tools you already paid for? Are you using the host-based firewall to block/alert when applications like PowerShell, PSExec, and WMIC attempt to make outbound connections from non-IT clients? Have you enabled AppLocker?