Organizations in every sector are increasingly adopting cloud offerings to build their online presence. However, although cloud providers are responsible for the security of the cloud, their customers are responsible for what they do in the cloud. Unfortunately, the providers have made the customer's job difficult by offering many services that are insecure by default. Worse yet, with each provider offering hundreds of different services and w...

Does your organization have penetration testers and a red team? Do they work closely with those performing defensive roles to improve the overall security? Far too often, pen tests and red team engagements are performed, leaving only a list of discovered vulnerabilities with no instructions on how to mitigate the findings. This is where purple teaming can be of great value to an organization. It's not a new team, rather, it's an organized effo...

A top-notch security platform requires a significant investment of money, time, and resources, so it's essential to know it's doing its job. Instead of waiting for an attack to test your security controls, on-demand, proactive testing allows you to validate that controls are acting as expected. That means you need a solution that enables you to emulate true threat actors within your environment, making penetration testing more effective and re...

As the velocity of IT operations increases, automation is becoming critical for auditors and compliance professionals. In this session, we will cover the basics of using PowerShell for common infosec, compliance and audit tasks. We will make heavy use of demonstrations to explore the object-oriented nature of the shell, important commands for getting help, and how to select, sort, filter and transform results from native Windows tools. We will...

Zero trust has become one of the hottest topics in IT and cybersecurity especially in light of the global pandemic and related work-from-home (WFH) momentum. Zero trust is garnering plenty of headlines but do users really understand zero trust technologies and where they fit? And is now the time to move zero trust from a tactical to a strategic approach that aligns to business initiatives? Join us for our webinar with ESG and Cisco as we take...

Smartphone data can be confusing. There are so many locations, timestamps, and synched data that it may be more difficult than you think to put a person at the scene of a crime or behind an activity. For this Tech Tuesday Workshop we'll walk you through a scenario where the data is confusing. We'll show you how to create your own test data, extract it, and most importantly - validate it! System Requirements: A Mac or PC with permissions to ins...

Traditional methods of cyber defense, like perimeter-based network security, have always emphasized the need of keeping adversaries out of our networks, building a fortress that would stop attackers while allowing secure access to legitimate users. In such a model, trust is typically binary: either the user is authenticated (trusted) or not. Once access is granted to a user, that level of trust is hardly re-evaluated, and when it is, it is usu...

In this special session you will play to win the Cyber42 Vulnerability Management Simulation! In this three-hour game day you will play as part of a team to improve the state of a fictional organization and more effectively handle the vulnerability management. During the game, as developed for MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, you will see that the actions you choose can have uncertain outcomes and even unintende...

"Congratulations, you have been selected to conduct a penetration test of our industrial control system (ICS) environment. Please remember, you cannot scan anything, you cannot install anything, and you cannot break anything. Your point of contact, who will watch every move you make, will be..." This is not a joke. More and more companies are requesting penetration tests of their ICS assets. But how can you conduct testing with these restricti...

Join Mark Baggett as he discusses new tools and some new features of older tools that enhance your threat hunting capability. This short one hour talk will provide you with the insight you need to begin hunting for Phishing domains and Command and Control channels on your networks. We will discuss the installation and configuration of tools that will have you threat hunting in no time.