Metadata is a vital part of digital forensics work but is often glanced over for OSINT. In this workshop, we'll discuss why metadata is far more useful than most analysts give it credit for. We'll cover why many people miss metadata and how it could potentially reveal hidden information. We'll even set up some hands-on exercises so you can practice your skills. Prerequisites: None Prior to the workshop: Please install ExifTool before the works...

The ICS Cybersecurity Field manuals cover what these systems are used for, how we rely on them, how they are attacked, and practical ways to defend and protect our critical infrastructure. The series comprises several volumes, each focusing on a different aspect of ICS and security defense for control environments. Continuing from the ICS Cybersecurity Field Manual Vol 1, this next instalment The ICS Cybersecurity Field Manual – Vol. 2 ...

Hands-On Cyber Security Training Taught by World-Renowned Practitioners Attend in New Orleans, LA or Live Online At Security East, choose from 29 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books and several courses align with GIAC certifications!

Toyota Motor Corporation recently suffered a data breach due to a mistakenly exposed access key on GitHub. That hardcoded access key evaded detection for five years! This news was the latest in a long line of headlines about the damage caused by hardcoding secrets in code. To combat this pervasive risk, security teams are turning to code scanners that look for secrets, but soon realize that their visibility into all the places hardcoded secret...

Organizations are moving data and applications into public cloud services at a rapid pace. As the public cloud footprint expands, red teams and attackers are reinventing the kill chain in the cloud. Public cloud services provide new, creative ways to discover assets, compromise credentials, move laterally, and exfiltrate data. In this keynote, we explore common techniques from the MITRE ATT&CK Cloud Matrix. For each technique, attendees wi...

Conventional wisdom suggests that a zero-trust framework or architecture be implemented as part of a holistic security strategy. “Trust nothing, verify everything” seems like the safest bet. Yet, it remains unclear how this approach keeps your organization's connectivity, which supports your most critical business applications, more secure without impeding their business intent. Uncover the most pressing network security policy iss...

In “The 2021 State of Enterprise Breaches,” Forrester found that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach. Ensure your team is prepared for advanced threat actors. Forrester recommends that security leaders must advocate for investment in efforts like digital transformation to help the organization be more adaptable and focus on data and metrics to uncover prevalent attack v...

DNS provides one of the best methods for command and control, covert tunneling, and blind data exfiltration. Burp Collaborator provides a great way to both confirm blind injection, and also exfiltrate data. Penetration testers may prepend names to each DNS request, allowing data exfiltration subject to DNS's length limitations (63 characters per label, 255 characters total name) and character limitations. This webcast will describe methods for...

In today’s world of enterprise security, many technology options are available—perhaps too many. Despite all the options available, security teams still ask the same questions: What is the “right” telemetry? How do we best integrate, and where can we find the best return on our investment? In response to these questions, and the need to disrupt adversary TTPs, eXtended Detection and Response (XDR) technologies have emer...

This engaging session takes a light-hearted look at securing your cloud-native applications and gives a detailed list of what (not) to do. We’ll cover how to ensure your developers never create insecure or vulnerable code, we’ll talk about how to enable complete zero trust, and most importantly we’ll talk about how to guarantee 100% security of your cloud-native applications.