In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain. We will take a look at: What is NTLM auth? Using broadcast traffic for fun and profit Active Directory Certificate Services abuse ShadowCredentials And more! BEFORE THE WORKSHOP: This workshop requires a large local LAB that must be downloaded prior to the workshop. D...

There is no doubt that Zero Trust has become one of the main topics in the cybersecurity industry. Since the US Federal Government mandated agencies to accelerate the adoption of Zero Trust and issued detailed guidelines on implementing a Zero Trust Architecture in the second half of 2021, Zero Trust has become both the ‘de facto’ cybersecurity approach and a controversial concept used by some as a marketing ploy. But what is Zero...

Threat actors continue to make government agencies – at the federal, state and local levels – one of their most important targets. A series of Presidential Executive Orders and DHS CISA Binding Operational Directives have been issued in response, often with specific cybersecurity control and technology requirements. Government agencies need to address both these pressures, and do it with limited resources, prioritizing their action...

Staying current in DFIR is more than just doing the job daily. It takes work. Those who put forward an effort to research, train and share seem to carve a special place for themselves in this community. Do you have what it takes? Do you want to do more in forensics and with your education? This talk will walk you through lessons learned and methods to get the most out of DFIR and enhance your daily work.

Learn, connect, and share with some of the most advanced cybersecurity operators in the world at this year’s Pen Test HackFest Summit. This one-of-a-kind Summit brings together all aspects of offensive operations – covering the latest research in penetration testing, exploit writing, red teaming, adversary emulation, and more. Join us at Pen Test HackFest to experience: Highly technical talks, demos, and panel discussions – P...

This session is to walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? D...

Some fast facts from Gartner: By 2025, 45% of organizations will have experienced attacks on their software supply chains, tripling the numbers from 2021. Half of existing supply-chain attacks are attributed to APTs or well-known attackers. Digital transformation enables enterprises of all sizes to provide value to their customers in a fast and consistent manner. One crucial consideration of that transformation is the automation and security o...

Organizations need modern threat detection that operates at scale, and Google’s cloud-native SIEM platform, Chronicle, delivers. In our tests, we observed multiple threat detections that most organizations haven’t even pondered including in their SIEM. SIEMs in general were supposed to enable three main goals: Increase visibility Enable detection of security events Support the response of discovered security issues While those goal...

In this webinar we will cover the importance of malware protection in ensuring network security for all organizations, from large enterprises to smaller companies. Key topics: The costs of not defending against malware - “being lucky is not enough” How to deploy malware protection across your organization How malware protection keeps your users/resources safe from online threats Join us for a fascinating discussion on how implement...

Storing your data in cloud services doesn't always guarantee the security of it. Data loss can occur for various reasons including human errors, ransomware attacks, or other kinds of malicious deletion.It is important to understand the retention policies and data back-up strategies so we can quickly react to any threats that could lead to permanent data loss and quickly recover data. This webinar will focus on the possible external factors tha...