SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
Featured Courses
- Slide 1 of 15
LDR433: Managing Human Risk
Intermediate LDR433Cybersecurity Leadership
- SANS Security Awareness Professional (SSAP)
- 3 Days (Instructor-Led)
- 18 CPEs / 18 Hours (Self-Paced)
- Slide 2 of 15
LDR512: Security Leadership Essentials for Managers
Intermediate LDR512Cybersecurity Leadership
- GIAC Security Leadership (GSLC)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hours of hands-on instruction
- Slide 3 of 15
LDR551: Building and Leading Security Operations Centers
Intermediate LDR551Cybersecurity Leadership
- GIAC Security Operations Manager (GSOM)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 17 Hours of hands-on instruction
- Slide 4 of 15
LDR519: Cybersecurity Risk Management and Compliance
newAdvanced LDR519Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 16 Hours of hands-on instruction
- Slide 5 of 15
LDR516: Building and Leading Vulnerability Management Programs
Intermediate LDR516Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 29 Hours of hands-on instruction
- Slide 6 of 15
SEC366: CIS Implementation Group 1
newEssentials SEC366Cybersecurity Leadership
- 6 CPEs / 6 Hours (Self-Paced)
- Slide 7 of 15
SEC405: Business Finance Essentials
Essentials SEC405Cybersecurity Leadership
- 6 CPEs / 6 Hours (Self-Paced)
- Slide 8 of 15
LDR521: Security Culture for Leaders
Advanced LDR521Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 12 Hours of hands-on instruction
- Slide 9 of 15
AIS247: AI Security Essentials for Business Leaders
Essentials AIS247Cybersecurity Leadership
- 2 CPEs / 2 Hours (Self-Paced)
- Slide 10 of 15
LDR553: Cyber Incident Management
Advanced LDR553Cybersecurity Leadership
- GIAC Cyber Incident Leader (GCIL)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 28 Hours of hands-on instruction
- Slide 11 of 15
LDR514: Security Strategic Planning, Policy, and Leadership
Advanced LDR514Cybersecurity Leadership
- GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 32 Hours of hands-on instruction
- Slide 12 of 15
SEC566: Implementing and Auditing CIS Controls
Intermediate SEC566Cybersecurity Leadership- GIAC Critical Controls Certification (GCCC)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 26 Hours of hands-on instruction
- Slide 13 of 15
LDR520: Cloud Security for Leaders
Advanced LDR520Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 13 Hours of hands-on instruction
- Slide 14 of 15
LDR414: SANS Training Program for CISSP® Certification
Intermediate LDR414Cybersecurity Leadership- GIAC Information Security Professional (GISP)
- 6 Days (Instructor-Led)
- 51 CPEs / 51 Hours (Self-Paced)
- Slide 15 of 15
LDR419: Performing A Cybersecurity Risk Assessment
Intermediate LDR419Cybersecurity Leadership
- 2 Days (Instructor-Led)
- 12 CPEs / 12 Hours (Self-Paced)
- Labs: 7 Hours of hands-on instruction
Steve Armstrong-Godwin
Lead of Security Incident Response and Threat ManagementSteve brings 25+ years of cybersecurity experience, including 12 years in incident response and management. Following his career in the UK Royal Air Force, Steve developed expertise in managing cyber incidents in high-pressure environments worldwide.
David Hazar
Co-Founder & Chief Information Security OfficerDavid has 20+ years of experience in vulnerability management, application security, and DevOps. He's developed technical security training initiatives, and believes vulnerability management is one of the most important foundations of cybersecurity.
Upcoming Events
- Slide 1 of 20
Understanding IEC 62443: An Overview of the Standard, Its Deployment and How to Use Fortinet Products for Compliance
IEC '62443 is the global standard for the security of ICS networks, designed to help organizations reduce the risk of failure and exposure of ICS networks to cyberthreats. The standard demands that security professionals not only understand their organization's hardware and its interactions, but also how to recognize a threat, how to report it and how to respond and to recover. In this webcast, SANS instructor/author Jason Dely and Fortinet representatives Antoine D'Haussy and Aasef Iqbal will explore how the IEC62443 set of standards can provide the guidance to enterprises looking to choose and implement technical security capabilities. They will look at some of the common challenges and how the use of compensating controls can help maintain a layered security across the ICS. Learn how Fortinet's layered solutions may help asset owners and system integrators reach IEC 62443 compliance. Register now and be among the first to receive the associated white papers: \Effective ICS Cybersecurity Using the IEC 62443 Standard" and "Managing ICS Security with IEC 62443".
WebinarCybersecurity Leadership
- 19 Nov 2020
- 10:30 UTC
- Slide 2 of 20
SANS Attack Surface Management Virtual Conference
You will earn 6 CPE credits for attending this virtual event. Forum Format: Virtual - US Eastern Event Overview Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Virtual Conference will take place on April 14, 2021 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with work-from-home transitions, cloud migrations, M&A, shadow IT and the rise of ransomware attacks. Attendees will gain valuable lessons on how to operationalize attack surface management in order to improve their threat intelligence, vulnerability management and offensive security programs.Agenda 10:30 - 10:35 AM EDT - Event Welcome Dave Cowen, @HECFBlog, Forum Chair, SANS Institute, @SANSInstitute 10:35 - 11:05 AM EDT - Defending Forward in Today's Exposed World David "Moose" Wolpoff, @HexadeciMoose, CTO, CO-Founder, Randori, @RandoriSecurity Dan MacDonnell, Retired Rear Admiral, Former Deputy Chief NSA/CSS, Randori, @RandoriSecurity Whether we like it or not, organizations today are on the front lines of an ongoing and growing geopolitical cyberwar. We need look no further than Solarwinds for proof. In this session, former Deputy NSA Chief Rear Admiral Dan MacDonnell and Randori Co-Founder & CTO David Wolpoff will take attendees on a behind the scenes'look into forces driving today's cyber landscape and what they tell us about the future of security. Attendees will leave with a firm understanding of the macro-forces driving today's cyberwar, clarity into why today's approaches won't cut it tomorrow, and why it's essential organizations defend forward - adopting proactive strategies that leverage the attacker's perspective to anticipate threats and test resiliency. 11:05 - 11:35 AM EDT - Getting on Target: Looking at Your Attack Surface Like An Attacker Aaron Portnoy, @aaronportnoy, Principal Scientist, Randori, @RandoriSecurity Fundamental to the rise of attack surface management is a growing recognition that attackers see the world differently. In this session, Aaron Portnoy, Principal Scientist at Randori will break down why that is the case and how red teams, like the Randori Attack Team, can often come to dramatically different conclusions than security teams about an asset - even when both are looking at the same information. He will look at real examples taken from customer environments and break down some of the ways he's see security teams adopting the attacker's perspective to reduce noise, prioritize risk and get on target faster. 11:35 AM - 12:05 PM EDT - Hunting Threat Actors with Attack Surface Management Kyle Howson, Cyber Security Operations Centre Specialist, Air Canada, @AirCanada Dan Pistelli, Security Solutions Engineer, LogicHub, @Logichubhq With a third of successful breaches now originating with unmanaged or unknown assets, understanding your attack surface and being able to prioritize new risks as they emerge has never been more essential. In this session, Air Canada's Kyle Howson and LogicHub's Dan Pistelli will break down how Air Canada is 'integrating the attacker's perspective into their asset, vulnerability, and threat management workflows through LogicHub to hunt for APTs and quickly find, prioritize, and act upon issues as they are discovered. In this session, Kyle and Dan will walk through tangible examples and break down how attendees can replicate these actions in their organization, by:Establishing an external source of truth for threat prioritization between Security and ITIncreasing the efficiency of remediation efforts by combining threat intelligence with real time visibility into their attack surfaceIdentifying process failures and shadow IT that poses categorical risks.Leveraging the attacker's perspective to turn threat data into actionable narratives both executives and practitioners can agree-on.Saving time and money by focusing teams on the specific threats that pose the greatest risk to Air Canada. 12:05 - 12:15 PM EDT - Randori Attack Platform See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations. 12:15 - 12:45 PM EDT - Evaluating Attack Surface Management Tools Pierre Lidome, @texaquila, SANS Instructor and Cyber Hunter, SANS Institute, @SANSInstitute Attack surface management (ASM) is an emerging category that aims to help organizations address these challenges by providing a continuous perspective of an organization's external attack surface. In this session, SANS course author Pierre Lidome will provide an overview of Attack Surface Management, the key use-cases and 'benefits and limitations of today's solutions. Based off his research developing the SANS Guide to Evaluating Attack Surface Management, Pierre will also provide attendees with 'actionable guidance they can use 'when crafting RFPs and PoCs for ASM projects. 12:45 - 12:55 PM EDT - Randori Attack Platform See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations. 12:55 - 1:25 PM EDT - Top IOT/OT Security Attack Vectors Eric McIntyre, @pwnpnw, Director of Research and Development, Randori, @RandoriSecurity Phil Neray, Director of Azure IoT & Industrial Cybersecurity, Microsoft, @Microsoft IoT and OT devices are now everywhere, helping individuals and businesses collect real-time data and automate tasks for greater productivity and efficiency. This is increasingly true in enterprises, as workers rely on a diverse set of smart devices to get their work done. These devices are often unpatched, unmanaged, and invisible to IT and OT teams ' making them soft targets for adversaries seeking to gain access to corporate networks in order to steal sensitive intellectual property or deploy ransomware. In this talk, join Phil Neray from Microsoft and Randori's Eric McIntyre for a look into the top IT and OT Attack Vectors and how organizations are using ASM to reduce their exposure. 1:25 - 2:15 PM EDT - Fireside Chat: Exchanging Zero Days - Where Do We Go From Here? Moderator - Joseph Menn Panelists: Window Snyder, @window, former CISO at Square, Square, @Square Richard Puckett, CISO, SAP, @SAP Stewart Baker, Former General Counsel of NSA David "Moose" Wolpoff, @HexadeciMoose, CTO and CO-Founder, Randori, @RandoriSecurity SolarWinds and Microsoft Exchange were not the first, and they won't be the last, major cyber attacks to leverage zero days to infect tens of thousands of organizations. In this session - attendees will hear from a panel of leading experts from the commercial and public sector on how they see our approaches to security evolving post these two seismic supply chain attacks. Topics discussed will include - what role policies/regulations can play in reducing cyber risk? How can we as a society work together to build more resilient systems? And what role active defense, or "Defending Forward," has in the future of security. 2:15 - 2:25 PM EDT - Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World Joseph Menn, Reuters Cybersecurity Journalist and author Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. 2:25 - 2:30 PM EDT - Wrap-up
WebinarCybersecurity Leadership
- 14 Apr 2021
- 10:30 UTC
- Slide 3 of 20
Data Security Solutions Forum
To be effective, data protection has to be everywhere, from the server to the endpoint, at the office and at home, throughout the cloud and across the web. A company's system must be able to detect data leakage from any path, quickly apply real-time data protection policies, automate incident workflows, and alert the IT team as needed for further investigation. Having an effective understanding of how and where a company's data is stored is essential when trying to protect it. Data stored across multiple devices and cloud services need to be discovered and categorized according to sensitivity and accessibility. The data that a company creates, collects, stores, and exchanges is a valuable asset. Safeguarding it from corruption and unauthorized access by internal or external people protects a company from financial loss, reputation damage, consumer confidence breakdown, and brand erosion. Furthermore, government and industry regulation around data security make it imperative that a company achieve and maintain compliance with these rules wherever you do business.
WebinarCybersecurity Leadership
- 12 Nov 2021
- 10:30 UTC
- Benjamin Wright
- Slide 4 of 20
SANS 2021 Ransomware Detection and Incident Response Report
Ransomware attacks have become some of the most prolific and public intrusions over recent years. Within a matter of hours, organizations can go from normal operations to having an inoperable network and being extorted for tens of millions of dollars. On this webcast, SANS instructor and author Matt Bromiley, as well as sponsor representatives, will share their thoughts on modern detection and response techniques for ransomware breaches.
WebinarSecurity Awareness
- 16 Nov 2021
- 10:30 UTC
- Matt Bromiley & Jake Williams
- Slide 5 of 20
Demystifying SIEM, EDR, XDR & MDR
CISOs and security practitioners are now being bombarded by new acronyms such as XDR which seem to overlap with “older” acronyms like EDR, SIEM, and MDR.According to Gartner, XDR is mainly attractive to smaller security organizations that don’t currently have a SIEM, and it will likely not displace SIEM functionality in large and mature security operations. And according to Forrester, XDR is grounded in EDR and also on a collision course with SIEM and SOAR.
WebinarCloud Security
- 19 Jul 2022
- 15:30 UTC
- Dr. Anton Chuvakin
- Slide 6 of 20
Less Busy work. More Security.
Save your SOC team hundreds of hours on daily tasks.What does an ideal day in the SOC look like? It certainly wouldn’t include what you’re facing now with an endless stream of alerts, user requests and ad hoc fire drills. But you’re not alone. According to USNews, security analyst jobs rank in the top 25 most stressful jobs.
WebinarCloud Security
- 25 Jan 2023
- 13:00 UTC
- Slide 7 of 20
A Leader's Guide to Security Operations: Improve Productivity with Threat Intelligence and Automation
In The 2021 State of Enterprise Breaches, Forrester® found that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach.
WebinarCloud Security- 14 Feb 2023
- 13:00 UTC
- Slide 8 of 20
How to Build a Risk Register That Accounts for Internal and External Risk
An organized, full-coverage risk register can maximize your cybersecurity resources while improving organizational security. Without including third-party risks, however, even the best risk register can fail to stop security incidents. Your risk framework needs to map to internal and external gaps to identify weaknesses and ensure complete coverage.
WebinarCyber Defense- 21 Feb 2023
- 13:00 UTC
- Brian Ventura & Andrew Egoroff
- Slide 9 of 20
Foiling Modern Attacks: Map MITRE ATT&CK Tactics to Falco Rules
With more and more companies moving their applications and infrastructure to the cloud, the potential attack surface has expanded dramatically. Attackers know they have a window of opportunity and have become savvier at carrying out advanced cloud and container attacks. Within seconds of entering your cloud environment, they can begin conducting cryptomining, supply chain attacks, and other forms of advanced attacks. Without the ability to detect and respond to these attacks in real-time, it’s almost impossible to stop them from causing significant damage.
WebinarCloud Security- 28 Feb 2023
- 15:30 UTC
- Matt Bromiley & Nigel Douglas
- Slide 10 of 20
Accelerate Your ASM Journey: Top 10 Attack Surface Management Use Cases
The move to the cloud and increasing remote work have fragmented attack surfaces, making it easy for attackers to find unmanaged assets with critical exposures. Manually finding and remediating these risks is untenable, so security teams need active attack surface management to not just find the unknown exposures but also automatically fix them.
WebinarCyber Defense- 18 Apr 2023
- 13:00 UTC
- Abhishek "Abhi" Anbazhagan & Giuliana Sturma
- Slide 11 of 20
Implementing Attack Surface Management
Selection of an effective Attack Surface Management (ASM) solution can help you identify and mitigate potential threats.
WebinarCyber Defense- 3 May 2023
- 13:00 UTC
- Pierre Lidome
- Slide 12 of 20
A Journey of Vulnerability Hunting in a Third-Party Plugin in Adobe Acrobat Through Fuzzing
In today’s cybersecurity landscape, zero-day vulnerabilities pose significant threats to software applications, and their discovery is crucial for effective mitigations. Join us in this webinar as we will share our journey in uncovering vulnerabilities in Adobe Acrobat and Foxit PDF Editor, the two most widely used PDF processing applications.
WebinarCyber Defense- 1 Jun 2023
- 15:30 UTC
- Slide 13 of 20
Understand Vulnerability Management Maturity with a Self-Assessment Tool
Use the newest tool to self-assess your organization's vulnerability management maturity, built on the renowned SANS Vulnerability Management Maturity Model (VMMM).
WebinarCybersecurity Leadership- 6 Jun 2023
- 10:00 UTC
- Jonathan Risto
- Slide 14 of 20
2023 Survey Event | SOC
In its sixth year, the SANS 2023 SOC Survey explored SOC capabilities, deployment architecture, technology use and satisfaction, capabilities outsourced and satisfaction with outsourced providers. With survey data from active SOC managers and analysts, this webcast will cover the escalating movement to the cloud, orchestration, and tool changes. It explores the developing promise of deception, AI and machine learning. Key topics will include capabilities that compromise a SOC such as; technology deployed and satisfaction; staff composition, hiring, and retention; and SOC budgets.Register for this webcast now and be among the first to receive this whitepaper from SANS author and Senior Instructor Christopher Crowley.
WebinarCloud Security- 13 Jun 2023
- 10:00 UTC
- Lonnie Best , Christopher Crowley & Bob Hansmann
- Slide 15 of 20
Enhancing OT Security: A Dual Perspective on Threat Detection with Emerson and Dragos
Join us for a panel discussion presented by Emerson and Dragos, as they share their insights around OT cybersecurity as partners - while also depicting the unique expertise, experience, and responsibilities that they bring to the table to defend customer installations and environments together. Although the core focus of the conversation will be on DeltaV systems, a high-level overview of OT cybersecurity and the Industrial Control Systems (ICS) landscape will be covered and relevant to multiple industry segments, including Oil & Gas, Chemicals, Life Sciences, and Metals & Mining.
WebinarDigital Forensics and Incident Response- 15 Jun 2023
- 15:30 UTC
- Jeff Mais , Dan Schaffer, Jack Sweet + 1 more
- Slide 16 of 20
The Future of Risk-Based Detection
Detecting attacks in their earliest stages — before they impact your business — is a key element of an effective threat detection and incident response (TDIR) strategy. But according to Mandiant’s 2022 M-Trends Special Report, it still takes an average of 21 days to detect a successful cyberattack — and only an average of 92 minutes for threat actors to move laterally across a compromised network.
WebinarCloud Security
- 20 Jun 2023
- 15:30 UTC
- Phil Neray & Ken Tidwell
- Slide 17 of 20
The Future of Log Centralization for SIEMs and DFIR – Is the End Nigh?
For many years, security professionals have advocated the approach of collecting logs from all the places where they’re generated and centralizing them into one or only a few places.
WebinarCloud Security- 22 Aug 2023
- 13:00 UTC
- Dr. Anton Chuvakin & Phil Neray
- Slide 18 of 20
2023 Survey Event | ICS/OT Cybersecurity: 2023’s Challenges and Tomorrow’s Defenses
The ICS threat landscape has changed significantly in the last few years with the discovery of more ICS-specific scalable attack frameworks. In the 2023 SANS ICS/OT Cybersecurity Survey, Certified Instructor Jason Christopher will ask key questions and analyze answers to explore how critical infrastructure defenders across all sectors are constantly adapting to address new challenges and threats in ICS/OT security. Join us for this webcast event as we gather, analyze, and draw out the main takeaways from the 2023 SANS ICS/OT Cybersecurity Survey.
WebinarCloud Security- 20 Sep 2023
- 11:00 UTC
- Rod Locke, Yiyi Miao & Amit Pawar
- Slide 19 of 20
Enhance Security Investigations with ServiceNow Asset Data
Asset and inventory control solutions are difficult to build and maintain. Many organizations spend lots of time, effort, and resources to get ahold of their inventory of assets, but few are able to effectively leverage their asset inventory data to enrich security operations.Snowflake’s IT and Security teams leverage ServiceNow asset data to create data models and join them to other sources of truth within Snowflake itself. In this webinar, we will demonstrate:How to bring asset inventory data into the Data Cloud with a connectorHow we leverage asset data for security enrichmentHow to use Snowflake as a security data lake
WebinarCloud Security- 12 Oct 2023
- 13:00 UTC
- Tom Larkin & Tammy Truong
- Slide 20 of 20
SANS Cyber Compliance Countdown
As we head into the last quarter of 2023, three major mandate changes are occurring, each positioned to make a large impact on how businesses, governmental bodies, and critical sector organizations operate. The goal of the SANS Cyber Compliance Countdown is to focus on what you need to know in these complicated and broad requirements and to offer solutions on how to meet these directives.
WebinarCyber Defense- 2 Nov 2023
- 10:00 UTC
- Brian Correia, Steve Armstrong-Godwin, James Tarala + 3 more
How to Attract, Hire, and Retain Top-Tier Cybersecurity Talent: Key Insights from the 2025 Cybersecurity Workforce Research Report
Join us for a research-driven webcast that unveils and explores the key findings of the 2025 Cybersecurity Workforce Research Report by SANS | GIAC. This comprehensive, global study delivers unparalleled insights into the cybersecurity talent landscape, highlighting the essential strategies for building and maintaining high-performing teams.
Webinar
- Slide 1 of 3
- Slide 2 of 3
- Slide 3 of 3
