Cybersecurity Webinars and Workshops

Cybersecurity Standards Scorecard (2022 Edition)

In the 1990s government agencies, industry groups, and cybersecurity researchers started creating cybersecurity standards and these standards led to cybersecurity regulations and laws that dictate to organizations what they must do to protect their data. Today, there are now dozens of standards dictating thousands of cybersecurity controls that organizations can consider when building their cybersecurity plans. Every year more standards are released and the confusion grows. To make the problem even more challenging, no two standards are the same, nor do they even cover the same scope of defenses.

Emulating, Detecting, and Responding to LOLBAS Attacks – A SEC699 Update Preview

In this preview of new material directly from the updated SANS SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection, we will introduce various Living Off the Land Binaries and Scripts (LOLBAS), how to emulate them, detect, and respond to them in a true purple team fashion.

New and Updated: Top 20 Cyber Attacks on Industrial Control Systems

This webinar is a preview of a new report - the updated version of the Top 20 Cyber Attacks on Industrial Control Systems. The attack "ruler" of 20 standard attacks now includes nation-state-grade ransomware, IT-targeted ransomware that triggers "abundance of caution" OT / ICS shutdowns, IT-targeted ransomware that triggers OT shutdowns when IT systems vital to OT networks are impaired, and other timely updates. Cloud-seeded ransomware / supply-chain attacks are highlighted as the new biggest risk looking forward.

Vulnerability Management - Is the Program Effective?

So you have a vulnerability management program. Great. Excellent. But are you able to let the management team know if it is being effective or not?

Common Persistence Strategies - Emulating, Preventing, and Detecting

In this follow-up webcast to Finding the Hidden Visitor - Persistence Mechanisms to Look Out For, we will do a review of the most commonly used persistence mechanisms and provide some examples on how they are used by attackers, as well as how they try to prevent detections by combining tactics.

SANS DFIR Summit 2022: Solutions Track - DFIR

Many of the aspects that make DFIR so exciting are also what makes this career field challenging: no two investigations or days in this field are ever the same. We strive to keep pace with changes in technology while attempting to get ahead of attackers who modify their methods to evade detection in this sea of interconnected digital devices.

SANS Workshop – Building an Azure Pentest Lab for Red Teams

In this SANS Workshop, you will learn how to use Infrastructure as Code and open-source tools to automatically create an Azure Active Directory security lab which can be used for your own security simulations and use cases. After automatically creating Azure AD users, Applications, and RBAC role assignments, participants will have hands-on exercises to perform reconnaissance and a specific attack pathway that abuses mis-configured roles and permissions.

Corellium for Mobile Device Security

When analyzing Android apps, we can choose to use either a real device or an emulator, however, for a very long time, the only option for iOS was a real device. Luckily, this has changed, and Corellium now offers iOS and Android virtualization which allows us to analyze applications from either OS on a virtualized device.

Xâm phạm giả định (Assumed Breach) - Mô hình tiếp cận tốt hơn

Thay vì giả định rằng một vụ rò rỉ dữ liệu sẽ xảy ra, nhóm bảo mật nên dự đoán thời điểm xảy ra rò rỉ. Trong bước ngoặt mới về bài kiểm thử thâm nhập, chúng ta đặt kẻ tấn công (những chàng trai/cô gái tốt bụng) vào hệ thống với tư cách người dùng được ủy quyền. Mục tiêu của bài kiểm thử là để mô phỏng hệ thống khi bị xâm nhập hoặc một thành viên nội bộ xấu xa. Mục tiêu kiểm thử nên tập trung vào rủi ro kinh doanh và ảnh hưởng của vấn đề bảo mật, lỗ hổng bảo mật, cấu hình sai đến dữ liệu và quy trình quan trọng của tổ chức. Mục tiêu nên dựa trên hoạt động kinh doanh và rủi ro thực tế, không xoay quanh sự vượt trội về mặt kỹ thuật và quá trình truy cập ban đầu chậm chạp (và tốn kém).

Vulnerability Management - Finding Context

Do you ever run into problems with your vulnerability management program that you wished you had at your fingertips just one more little piece of information? To help conduct some prioritization, or to know who the business owner is, or to inform people this was an end of life system… All valuable and great to have readily available. But alas, we often are missing information, or it is not easy to access.

Demystifying SIEM, EDR, XDR & MDR

CISOs and security practitioners are now being bombarded by new acronyms such as XDR which seem to overlap with “older” acronyms like EDR, SIEM, and MDR.According to Gartner, XDR is mainly attractive to smaller security organizations that don’t currently have a SIEM, and it will likely not displace SIEM functionality in large and mature security operations. And according to Forrester, XDR is grounded in EDR and also on a collision course with SIEM and SOAR.

Querying with Kusto

If you have ever needed to analyze data in your Azure cloud environment, chances are you have run across the Kusto Query Language. Join me as we go over the basics of Kusto and the Kusto Query Language, discuss how it is leveraged in Azure, and learn how to get started if you are unfamiliar with the language and syntax.