Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Inside the Five Most Dangerous New Attack Techniques

Download File
Inside the Five Most Dangerous New Attack Techniques (PDF, 10.59MB)Published: 08 Dec, 2025
Created by:
Heather BarnhartRob T. LeeJoshua Wright
Heather Barnhart, Rob T. Lee, Joshua Wright + 1 more

For nearly two decades, SANS and RSAC™ have collaborated to explore the latest attack techniques and share knowledge that equips defenders with the tools they need to stay ahead of adversaries. This e-book represents the next evolution of that effort. Here, we take the five key topics presented from the keynote stage and expand them into four full-length chapters. The chapters provide context, case studies, and actionable recommendations for enterprises defending against the most pressing challenges in cybersecurity today. Written by leading SANS instructors and authors—each a recognized expert in their field—these chapters combine technical depth with practical guidance that organizations can put to work immediately.

For deeper insights into each topic, unlock the individual white papers here

Meet the Authors

Heather Barnhart

Heather Barnhart

Fellow

Heather has 20+ years of experience working with government agencies, defense contractors, law enforcement, and Fortune 500 companies. Her case experience ranges from fraud, crimes against children, counter-terrorism, and homicide investigations.

Learn more
Rob Lee

Rob T. Lee

Fellow

Rob T. Lee is Chief AI Officer and Chief of Research at SANS Institute, where he leads research, mentors faculty, and helps cybersecurity teams and executive leaders prepare for AI and emerging threats.

Learn more
Joshua Wright

Joshua Wright

Fellow

Joshua Wright, Senior Technical Director at Counter Hack Challenges and author of SEC504, has spent over two decades teaching and building tools that help defenders identify and counter real-world cyber threats through practical, hands-on learning.

Learn more
Tim Conway

Tim Conway

Fellow

SANS Fellow Tim Conway, co-author of ICS456, ICS310, and ICS612, blends decades of hands-on ICS/OT security and compliance expertise with ongoing frontline consulting, helping students turn complex industrial challenges into practical skills.

Learn more

Additional resources

Marketing or Added Value? The Truth About Purpose-Built Detection and Response for Containers

WhitepaperCloud Security
  • 5 Dec 2025

No-Cost Detection of Endpoint Hard Drive Removal

WhitepaperArtificial Intelligence
  • 19 Nov 2025

Measuring Malware Obfuscation: Evaluating CNN- Based Detection for Real-World Resilience

WhitepaperDigital Forensics and Incident Response
  • 19 Nov 2025

State of ICS/OT Security 2025

WhitepaperIndustrial Control Systems Security
  • 14 Nov 2025
  • Jason Christopher

Autonomous Endpoint Management: Next-Gen Endpoint Visibility Fueling SecOps and IT Ops with AI

WhitepaperCloud Security
  • 10 Nov 2025
  • Matt Bromiley

Automating Generative AI Guidelines: Reducing Prompt Injection Risk with 'Shift-Left' MITRE ATLAS Mitigation Testing

WhitepaperArtificial Intelligence
  • 7 Nov 2025

Related courses

  • Slide 1 of 20

    SEC540: Cloud Native Security and DevSecOps Automation

    Advanced
    SEC540Cloud Security
    SEC540: Cloud Security and DevSecOps Automation
    • GIAC Cloud Security Automation (GCSA)
    • 5 Days (Instructor-Led)
    • 38 CPEs / 38 Hours (Self-Paced)
    • Labs: 35 Hands-On Labs

    View course detailsRegister
  • Slide 2 of 20

    LDR433: Managing Human Risk

    Beginner
    LDR433Cybersecurity Leadership
    LDR433: Managing Human Risk
    • SANS Security Awareness Professional (SSAP)
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 7 Hands-On Labs

    View course detailsRegister
  • Slide 3 of 20

    SEC402: Cybersecurity Writing: Hack the Reader

    Essentials
    SEC402Cybersecurity Leadership
    SEC403
    • 12 CPEs / 12 Hours (Self-Paced)

    View course detailsRegister
  • Slide 4 of 20

    LDR512: Security Leadership Essentials for Managers

    Intermediate
    LDR512Cybersecurity Leadership
    LDR512: Security Leadership Essentials for Managers
    • GIAC Security Leadership (GSLC)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 5 of 20

    FOR589: Cybercrime Investigations

    Intermediate
    FOR589Digital Forensics and Incident Response
    FOR589: Cybercrime Intelligence
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 6 of 20

    SEC522: Application Security: Securing Web Applications, APIs, and Microservices

    Advanced
    SEC522Cloud Security
    SEC522: Application Security: Securing Web Applications, APIs, and Microservices
    • GIAC Certified Web Application Defender (GWEB)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 21 Hands-On Labs

    View course detailsRegister
  • Slide 7 of 20

    LDR551: Building and Leading Security Operations Centers

    Advanced
    LDR551Cybersecurity Leadership
    LDR551: Building and Leading Security Operations Centers
    • GIAC Security Operations Manager (GSOM)
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 19 Hands-On Labs

    View course detailsRegister
  • Slide 8 of 20

    LDR519: Cybersecurity Risk Management and Compliance

    newAdvanced
    LDR519Cybersecurity Leadership
    LDR519: Cybersecurity Risk Management and Compliance
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 16 Hands-On Labs

    View course detailsRegister
  • Slide 9 of 20

    LDR516: Strategic Vulnerability and Threat Management

    Major UpdatesAdvanced
    LDR516Cybersecurity Leadership
    LDR516: Building and Leading Vulnerability Management Programs
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 24 Hands-On Labs

    View course detailsRegister
  • Slide 10 of 20

    FOR585: Smartphone Forensic Analysis In-Depth

    Essentials
    FOR585Digital Forensics and Incident Response
    FOR585: Smartphone Forensic Analysis In-Depth
    • GIAC Advanced Smartphone Forensics (GASF)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 11 of 20

    SEC545: GenAI and LLM Application Security

    newAI-FOCUSEDAdvanced
    SEC545Cloud Security, Artificial Intelligence
    SEC545: GenAI and LLM Application Security
    • 3 Days (Instructor-Led)
    • 18 CPEs / 18 Hours (Self-Paced)
    • Labs: 11 Hands-On Labs

    View course detailsRegister
  • Slide 12 of 20

    SEC366: CIS Implementation Group 1

    newEssentials
    SEC366Cybersecurity Leadership
    SEC366: CIS Implementation: Group 1
    • 6 CPEs / 6 Hours (Self-Paced)

    View course detailsRegister
  • Slide 13 of 20

    SEC411: AI Security Principles and Practices: GenAI and LLM Defense

    newAI-FOCUSEDIntermediate
    SEC411Cyber Defense, Artificial Intelligence
    SEC411
    • 14 CPEs / 14 Hours (Self-Paced)
    • Labs: 2 Hands-On Labs

    View course detailsRegister
  • Slide 14 of 20

    SEC502: Cloud Security Tactical Defense

    Intermediate
    SEC502Cloud Security
    SEC502: Cloud Security Tactical Defense
    • GIAC Cloud Security Essentials (GCLD)
    • 5 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 41 Hands-On Labs

    View course detailsRegister
  • Slide 15 of 20

    SEC405: Business Finance Essentials

    Essentials
    SEC405Cybersecurity Leadership
    SEC405: Business Finance Essentials
    • 6 CPEs / 6 Hours (Self-Paced)

    View course detailsRegister
  • Slide 16 of 20

    FOR608: Enterprise-Class Incident Response & Threat Hunting

    Intermediate
    FOR608Digital Forensics and Incident Response
    FOR608: Enterprise-Class Incident Response & Threat Hunting
    • GIAC Enterprise Incident Responder (GEIR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 17 of 20

    ICS515: ICS Visibility, Detection, and Response

    Intermediate
    ICS515Industrial Control Systems Security
    ICS515: ICS Visibility, Detection, and Response
    • GIAC Response and Industrial Defense (GRID)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 18 of 20

    FOR518: Mac and iOS Forensic Analysis and Incident Response

    updatedIntermediate
    FOR518Digital Forensics and Incident Response
    FOR518: Mac and iOS Forensic Analysis and Incident Response
    • GIAC iOS and macOS Examiner (GIME)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hands-On Labs

    View course detailsRegister
  • Slide 19 of 20

    ICS418: ICS Security Essentials for Leaders

    Essentials
    ICS418Industrial Control Systems Security
    ICS418: ICS Security Essentials for Leaders
    • 12 CPEs / 12 Hours (Self-Paced)
    • Labs: 12 Hands-On Labs

    View course detailsRegister
  • Slide 20 of 20

    ICS613: ICS/OT Penetration Testing & Assessments

    newAdvanced
    ICS613Industrial Control Systems Security
    ICS613: ICS/OT Penetration Testing & Assessments
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours
    • Labs: 27 Hands-On Labs

    View course detailsRegister