Cybersecurity Webinars and Workshops

SANS Workshop – NTLM Relaying 101: How Internal Pentesters Compromise Domains

In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain.

Integrating Open NDR To Automate Alert Response Via Better Network Evidence

Are you interested in context for your cloud or container environment when you investigate an event from last week, last month, or last year? Would it save you time to have IDS alerts that include the full context of the connection? Join this session to hear James Schweitzer demonstrate some easy to understand, interlinked network evidence, available wherever you need it and which also enables orchestration.

XDR Does Not Exist Without NDR

In today’s world of enterprise security, many technology options are available—perhaps too many. Despite all the options available, security teams still ask the same questions: What is the “right” telemetry? How do we best integrate, and where can we find the best return on our investment?

Blind Data Exfiltration Using DNS and Burp Collaborator

DNS provides one of the best methods for command and control, covert tunneling, and blind data exfiltration. Burp Collaborator provides a great way to both confirm blind injection, and also exfiltrate data. Penetration testers may prepend names to each DNS request, allowing data exfiltration subject to DNS's length limitations (63 characters per label, 255 characters total name) and character limitations. This webcast will describe methods for blind data exfiltration using Burp Collaborator (using both public and private servers), as well as using DNS without Burp. Content directly from SEC542: Web App Penetration Testing and Ethical Hacking.

SANS Workshop – Metadata Madness

Metadata is a vital part of digital forensics work but is often glanced over for OSINT. In this workshop, we'll discuss why metadata is far more useful than most analysts give it credit for. We'll cover why many people miss metadata and how it could potentially reveal hidden information. We'll even set up some hands-on exercises so you can practice your skills.

Less Busy work. More Security.

Save your SOC team hundreds of hours on daily tasks.What does an ideal day in the SOC look like? It certainly wouldn’t include what you’re facing now with an endless stream of alerts, user requests and ad hoc fire drills. But you’re not alone. According to USNews, security analyst jobs rank in the top 25 most stressful jobs.

Fantastic Caches and What You Can Find in Them

Windows puts a lot into logs, but it puts even more into forensic artefacts you may not be aware of. This talk will explore some of the artefacts that, without the knowledge of the user, records more than just metadata. I think it's pretty cool, maybe after this talk you will do....or disable it all...or both?

魅力的な様々なキャッシュとそこから発見できるもの

Windowsのログには多くの情報が記録されていますが、それに加えてフォレンジックに活用できる様々なアーティファクトから情報を読み取ることができます。この講演では、ユーザーの知らない間に、単なるメタデータとは言い切れないような情報を記録しているアーティファクトをいくつかご紹介します。この講演を聞いたあと、あなたはキャッシュを無効にしますか？キャッシュの面白さを感じてもらえたら嬉しいです。

Seeing Cyber Threats Over the Horizon in 2023

More visibility. Most (if not, every?) cybersecurity professional will tell you they need more visibility into the threat landscape, but also their own security posture. Join SANS Analyst, Jake Williams and Chas Clawson, CTO for security with Sumo Logic, as they talk about the importance of correlating security alerts across your entire cloud and on-prem environment, and enriching with threat intelligence and other feeds for context and improving threat investigations.

ゼロから始めるOSINT:  Open Source Intelligence

OSINTという言葉をご存知でしょうか？OSINTとは「Open Source Intelligence」を略した用語で、主に情報セキュリティの世界で使われています。インターネットをはじめとする多くの情報源からデータを収集し、分析・精査・取捨選択を行い、特定の個人やシステム、組織などについての調査を行う手法です。今回は、OSINTの基本的な要素についてご紹介した後、いくつかのデータ収集・探索・分析手法のデモを行い、押さえておくべき技術やツール、トレーニングについてもご紹介します。

"OSINT: Open Source Intelligence" starting from scratch

Do you know what OSINT is?OSINT is an abbreviation for "Open Source Intelligence" and is mainly used in the information security world. It is a method of collecting data from many sources, including the Internet, and analyzing, scrutinizing, and discarding the data to conduct research on specific individuals, systems, or organizations.

WhatWorks in Improving End User Phishing Awareness, Recognition and Resistance

Join John Pescatore and Liz Wallace of Amgen to hear details on the selection, deployment and experience using SANS Security Awareness. The webcast includes a discussion of lessons learned and best practices and gives you the opportunity to ask questions to get deeper insight.