In this talk we will take a look at the most recent attack techniques, targets, and trends. This includes understanding what kind of malware and illicit access items are available on the dark web for sale and how it can be the first sign of a breach, social engineering attacks, and the latest on 0-day and n-day vulnerability research. Artificial Intelligence is an aggressively growing area where we can both use the technology as an attack aid...

Organizations keep deploying AI "agents" without understanding what autonomy level they're getting or what governance it warrants. Chinese state-sponsored hackers used Claude Code to automate a cyberattack campaign across 30 organizations. Replit's AI coding agent deleted a production database, then tried to cover up its mistake. These aren't anomalies. They're predictable governance failures. The Misenar 4A Model maps AI autonomy across four...

When cybercriminals hold your data hostage, do you pay the ransom or call their bluff? In 2024, only 25% of organizations paid ransoms—an all-time low—yet those who did pay still only achieved 46% full data recovery. In this talk, we'll dissect the high-stakes world of ransomware negotiations, where million-dollar decisions happen under extreme pressure. Drawing from real-world negotiation transcripts and the groundbreaking Coinbas...

Join the renowned investigators of Baker221b and step into the role of a digital detective. In this immersive workshop, participants will tackle a series of mysterious cloud breach cases—each one demanding sharp analytical thinking and technical skill. Working exclusively with popular command-line tools and cloud telemetry data, you will uncover hidden traces of attacker activity, reconstruct timelines, and piece together the story behin...

Modern application environments now extend across multi-cloud platforms, data centers, and distributed edge locations. With the rise of remote work and AI-driven applications, the attack surface is rapidly expanding. Traditional Next-Generation Firewalls (NGFWs) often fall short in securing this complex landscape or safeguarding AI models, leaving gaps that enable advanced threats. In this webinar, experts from SANS and Cisco will explore the...

Unlock the full potential of your cybersecurity career at SANS Nashville Winter 2026 (January 12-17, CT). Guided by world-renowned instructors at the forefront of the field, this event provides exclusive access to live industry experts, ensuring you stay ahead of the curve. Immerse yourself in a learning environment that features industry-leading hands-on labs, simulations, and exercises, all geared towards practical application in your profes...

Branch offices, remote campuses, and distributed OT/IoT environments have long relied on legacy VPNs, firewalls, and replicated security stacks to stay connected and secure. But these approaches introduce high costs, operational complexity, and leave dangerous gaps—especially around lateral movement within branch networks. In this SANS First Look webcast, we explore how Zscaler’s Zero Trust Branch (ZTB) introduces a new, streamline...

Bootstrap means to start with “existing resources,” is commonly used with startup companies, and is far more widely applicable. There are many examples of successful bootstrapping and many advantages. Tenable, Sourcefire (acquired by Cisco for $2.7 billion), Malwarebytes, and SolarWinds are all companies that were bootstrapped. Wireshark and OSSEC are open source projects that were bootstrapped. The BSides conferences were bootstra...

Operational Technology (OT) environments are more dependent than ever on remote access—for vendor support, troubleshooting, and data sharing—yet each connection can expand the attack surface. From disruptive ransomware to the cascading impacts seen in events like Ukraine’s 2015 grid attacks and Colonial Pipeline, the lesson is clear: Remote access is both a necessity and a potential vulnerability. This webcast distills guidan...

The SANS 2026 Kubernetes and CNAPP Forum is a focused, one-day event designed for security professionals, DevOps teams, and cloud architects seeking to secure modern, containerized applications. As Kubernetes and Cloud-Native Application Protection Platforms (CNAPPs) become core to enterprise infrastructure, this forum explores the evolving threat landscape, key attack vectors, and emerging defense strategies. Through expert-led sessions, tech...