Connect with the crew behind the annual SANS Holiday Hack Challenge for this special webcast to wrap up another year and name the big winners. Plus, get a sneak peek and a few tips for next year’s challenge, already well under development. Chief creator Ed Skoudis will be joined by members of his team to offer an exclusive behind-the-scenes look at the 2022 event, share how the various challenges came together, cover how players performe...

Maintaining the integrity of critical files, executables and resource configurations is considered basic security hygiene. The Verizon Data Breach Integrity Reports points out each year that the majority of security incidents are enabled by a failure to implement and monitor these controls, even though ever major compliance regime requires compliance be regularly assessed and validated. During this SANS What Works webcast, SANS Director of Eme...

Protecting your executives takes more than a firewall. These targeted cyberattacks are on the rise with 75% of execs experiencing credential exposure, 60% have PII for sale on underground marketplaces and an astonishing 300% increase of executive impersonations between 2020 and 2021. (Reported by ZeroFox Intelligence) Even with the pool of security professionals shrinking, security budgets reaching a plateau, and physical and digital security...

Metadata is a vital part of digital forensics work but is often glanced over for OSINT. In this workshop, we'll discuss why metadata is far more useful than most analysts give it credit for. We'll cover why many people miss metadata and how it could potentially reveal hidden information. We'll even set up some hands-on exercises so you can practice your skills. Prerequisites: None Prior to the workshop: Please install ExifTool before the works...

The ICS Cybersecurity Field manuals cover what these systems are used for, how we rely on them, how they are attacked, and practical ways to defend and protect our critical infrastructure. The series comprises several volumes, each focusing on a different aspect of ICS and security defense for control environments. Continuing from the ICS Cybersecurity Field Manual Vol 1, this next instalment The ICS Cybersecurity Field Manual – Vol. 2 ...

Hands-On Cyber Security Training Taught by World-Renowned Practitioners Attend in New Orleans, LA or Live Online At Security East, choose from 29 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books and several courses align with GIAC certifications!

Toyota Motor Corporation recently suffered a data breach due to a mistakenly exposed access key on GitHub. That hardcoded access key evaded detection for five years! This news was the latest in a long line of headlines about the damage caused by hardcoding secrets in code. To combat this pervasive risk, security teams are turning to code scanners that look for secrets, but soon realize that their visibility into all the places hardcoded secret...

Organizations are moving data and applications into public cloud services at a rapid pace. As the public cloud footprint expands, red teams and attackers are reinventing the kill chain in the cloud. Public cloud services provide new, creative ways to discover assets, compromise credentials, move laterally, and exfiltrate data. In this keynote, we explore common techniques from the MITRE ATT&CK Cloud Matrix. For each technique, attendees wi...

Conventional wisdom suggests that a zero-trust framework or architecture be implemented as part of a holistic security strategy. “Trust nothing, verify everything” seems like the safest bet. Yet, it remains unclear how this approach keeps your organization's connectivity, which supports your most critical business applications, more secure without impeding their business intent. Uncover the most pressing network security policy iss...

In “The 2021 State of Enterprise Breaches,” Forrester found that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach. Ensure your team is prepared for advanced threat actors. Forrester recommends that security leaders must advocate for investment in efforts like digital transformation to help the organization be more adaptable and focus on data and metrics to uncover prevalent attack v...