This workshop is structured around teaching students how to construct access to shared datasets in S3 and more broadly, cementing in their minds the threats to consider when using cloud-native storage. Students will dive headlong into a case study where they will serve as the Cloud Security Architect Consultant for a fictional company undergoing the growing pains of a nascent cloud migration. Tasks in this workshop challenge the student to fir...

As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. We will discuss the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be: Establish proper logging to detect...

Performing audits on organizations of any size is no easy task. Successful audits require communication amongst various functions and auditors; all of whom may be operating on different timetables, with different requirements and defined areas of responsibility. Each moment wasted on trying to “gather” audit information is time spent not performing the audit. In this SANS First Look, we examined Drata’s Audit Hub, a part of t...

Learn how to apply the European Cybersecurity Skills Framework (ECSF) to your talent needs within your organization. Developed by The European Union Agency for Cybersecurity (ENISA) we will discuss how to use the framework along with how it can be applied to meet the standardization of the work roles within your security teams. The ECSF helps to build a common language in the workforce that allows you to work with other cross-sectors to build...

Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Solutions Forum will take place on March 8, 2023 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with organizations’ ever-growing attack surfaces. Contributing...

DDoS attacks are back in the headlines and disrupting businesses across the globe. Though these threats aren’t new, they are evolving and increasing in size, complexity, and frequency. During this session, we will uncover attack trends from the last year, and discuss what to expect in 2023. Attend this webinar to learn about: Emerging threats and new sophisticated botnets Top industries targeted and geographical breakdowns Record-breakin...

For the past few years, we have continued to see malware and ransomware-focused intrusions on the rise. The year 2022 was no different. Many organizations suffered attacks (some more public than others) as adversaries continued to hone their malware and tradecraft, and find success in victim environments. On this webcast, we’re going to assess the impact of ransomware intrusions on enterprises as they wrap up 2022 and prepare for 2023 se...

ChatGPT was launched by OpenAI in November 2022. Since then, it has been the subject of many discussions. ChatGPT itself is one application that was built on top of OpenAI’s GPT-3 models. We can programmatically interact with these models via OpenAI API. In this talk, we will go beyond ChatGPT and discuss OpenAI API, fine-tuning our own models for specific tasks, and building security applications on top of them. We will be building a sa...

Surge in infostealer malware in recent months has allowed threat actors to gain access to victim machines. It has become very common for threat actors to spend time in the target environment, harvest confidential information, gain better understanding about the victim's environment and tailor the attack to impose maximum damage, move laterally and escalate privileges to maintain persistence and maximize their revenue. While Infostealer's prima...

With more and more companies moving their applications and infrastructure to the cloud, the potential attack surface has expanded dramatically. Attackers know they have a window of opportunity and have become savvier at carrying out advanced cloud and container attacks. Within seconds of entering your cloud environment, they can begin conducting cryptomining, supply chain attacks, and other forms of advanced attacks. Without the ability to det...