Jonathan Reiter
Certified Instructor
Specialities
Offensive Operations
SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control
SEC670Offensive Operations
- 6 Days (Instructor-Led)
- 46 CPEs / 46 Hours (Self-Paced)
- Labs: 27 Hours of hands-on instruction
Virtual Events
Explore content featuring this instructor’s insights and expertise.
- Slide 1 of 20
SEC670: Red Team Ops – Windows Tool Development Preview
Join SEC670 course author Jonathan Reiter and SANS Principal Instructor Jorge Orchilles as they give a sneak peek at the latest SANS Red Team Ops course – Windows Tool Development. This is an advanced, 600-level course for the experienced Red Teamers. As Red Teaming evolves, you will realize that custom windows tool development is a requirement. Your generic and default payloads from most offensive tools will (and should) be caught by your security controls. Red Teams must build custom code to evade defenses and gain the objectives.
WebinarCyber Defense
- 29 Jun 2022
- 15:30 UTC
- Jonathan Reiter & Jorge Orchilles
- Slide 2 of 20
An Intro to C for Windows Devs
This will be the first part in a series of workshops that introduce students to the C programming language, specifically for the Windows platform. The items discussed in this workshop series will serve as a prerequisite for those interested in taking the SEC670 course. This first part will cover basic items such as, setting up Visual Studio Community, creating a project, developing your first project, etc. We will then dive into C itself covering data types, the anatomy of a function, statements, variables, directives, and debugging.
WebinarCyber Defense- 12 Jun 2023
- 14:00 UTC
- Jonathan Reiter
- Slide 3 of 20
An Intro to C for Windows - Part 2
Continuing where our previous workshop, An Intro to C for Windows Devs, left off, this Part 2 picks up with a closer look at the bits behind the bytes, the characters behind the strings, and the addresses behind the pointers. If you have not had a chance to walk through Part 1, you can take the recorded workshop here, https://www.sans.org/webcasts/intro-c-windows-devs/. Please have the projects you were working on during Part 1 readily available as we will continue using them for the remainder of the series.
WebinarCyber Defense
- 24 Jul 2023
- 15:30 UTC
- Jonathan Reiter
- Slide 4 of 20
An Intro to C for Windows - Part 3
Pointers that point, loops that make you dizzy, and functions that do something. For Part 3 of our series we'll continue where Part 2 left off and then introduce pointers, loops, and functions and their stack frames.
WebinarCyber Defense- 28 Aug 2023
- 14:00 UTC
- Jonathan Reiter
- Slide 5 of 20
How to Create Windows Implants Using C/C++
Have you ever wanted to understand how the tools and frameworks you are using during a Red Team engagement work under the hood?
WebinarCyber Defense- 20 Sep 2023
- 14:00 AEST
- Jonathan Reiter
- Slide 6 of 20
An Intro to C for Windows - Part 4
Part 4 of this series will continue where Part 3 left off with the introduction of functions. For this part we will learn how how create functions that accept pointers as arguments, how to validate pointer arguments, SAL annotations, structures, and linked lists.
WebinarOffensive Operations- 27 Sep 2023
- 15:00 UTC
- Jonathan Reiter
- Slide 7 of 20
An Intro to C for Windows - Part 5
Picking up where Part 4 left off, we will have linked list enumeration where we will look at a real world example of how knowing the underlying structure comes into play. After linked list enumeration, we can finally start to talk about some Windows internals, Windows APIs, and Windows specific structures.
WebinarOffensive Operations
- 22 Dec 2023
- 15:00 UTC
- Jonathan Reiter
- Slide 8 of 20
An Intro to C for Windows - Part 6
After enumerating a list of loaded modules, it's only fitting to get started with what normally comes next, parsing exports of a DLL. Before we can do that, we will have to understand the anatomy of executable images. This means parsing PE headers. It would be great to have the following programs installed before this Part 6: WinDbg, PE Explorer by Pavel.PS: don't forget your files from Part 5; you'll need them!
WebinarOffensive Operations
- 27 Jan 2024
- 14:00 UTC
- Jonathan Reiter
- Slide 9 of 20
An Intro to C for Windows - Part 7
On part 6 of the series we learned about the anatomy of executable images and parsing PE headers. We will continue with PE parsing and will explore a few more interesting areas of a PE file.
WebinarOffensive Operations- 8 Mar 2024
- 15:30 UTC
- Jonathan Reiter
- Slide 10 of 20
An Intro to C for Windows - Part 8
Threads, stacks, and heaps! Part 8 will take a look at using Windows APIs to create threads, heaps, and using a debugger to view stacks. We will also talk about some of the myths around stack growth versus stack usage.
WebinarOffensive Operations- 29 Apr 2024
- 14:00 UTC
- Jonathan Reiter
- Slide 11 of 20
An Intro to C for Windows - Part 9: Can you C the Internet!
How do applications download Internet resources like files, how are specific requests crafted like GET and POST, how are headers and user agent strings created? This part of the series will answer all of those questions by introducing two Win32 libraries: WinHttp and WinINet.
WebinarOffensive Operations
- 10 Jun 2024
- 15:00 UTC
- Jonathan Reiter
- Slide 12 of 20
Everything is a file. Or is it?
When developing an implant in C/C++ for Windows, there will come a time when you must implement some kind of directory enumeration capability. There are several methods that can help you achieve this and this workshop will talk about a few and implement one of them using Windows APIs.
WebinarDigital Forensics and Incident Response
- 10 Jul 2024
- 11:00 AEST
- Jonathan Reiter
- Slide 13 of 20
SANSFIRE 2024: SANS@Mic - Implant, Phone Home
This presentation delves into the strategic utilization of Windows HTTP libraries, WinInet and WinHTTP, for developing red team malware tools. Starting with an overview of these libraries, we highlight their pivotal roles in Windows networked applications, particularly in covert operations and data exfiltration scenarios. The WinInet API, primarily client-focused, and the server-optimized WinHTTP API are examined for their applicability in maintaining stealthy communications with command and control servers. A practical beaconing example in C++ will demonstrate each library's functionality in simulated red team scenarios. The session concludes with a case study on certificate pinning, essential for bypassing network security measures and enhancing the stealthiness of malware communications. Attendees will leave with a comprehensive understanding of how to choose and implement the right HTTP library to bolster the effectiveness and discretion of their malware initiatives.
WebinarCyber Defense- 18 Jul 2024
- 19:15 UTC
- Jonathan Reiter
- Slide 14 of 20
SANS Offensive Operations - Baltimore 2024: Keynote - An Exclusive Fireside Chat: From Military Life to Cyber Professional
Step into an inspiring conversation with SANS Instructors Jonathan Reiter, Christopher Elgee, and Jon Gorenflo—esteemed professionals who have seamlessly transitioned from military service to thriving careers in cybersecurity. Whether you're a current service member, a veteran, or someone looking to understand the unique advantages of a military background in the cyber world, this session is for you! Meet the Speakers: • Jonathan Reiter, Senior Master Sergeant (E8) & Certified Instructor: With years of experience in military cyber operations, Jonathan brings invaluable insights into the skills and discipline honed in the service and how they translate into success in the private sector. • Christopher Elgee, Certified Instructor & Senior Security Analyst, Counter Hack: A seasoned instructor with a deep understanding of offensive cyber tactics, Christopher will share his journey from military duty to becoming a leading voice in cybersecurity education and practice. • Jon Gorenflo, Principal Instructor: As a former military cyber professional now excelling in the civilian world, Jon offers a unique perspective on the transition process, the challenges faced, and the opportunities available. What You'll Learn: • The parallels between military and private sector cyber roles • How military experience can provide a solid foundation for a cybersecurity career • Tips and advice on transitioning from military service to the civilian cyber industry • Answers to your burning questions about leveraging military skills in the cyber realm Why Attend? • Inspiration: Hear firsthand stories of transformation and success. • Insight: Gain practical advice on making your own career shift. • Connection: Network with like-minded professionals and expand your support system. Engage in a dynamic discussion and leave with a clearer path to your future in cybersecurity.
WebinarCyber Defense- 17 Sep 2024
- 19:15 UTC
- Christopher Elgee, Jonathan Reiter & Jon Gorenflo
- Slide 15 of 20
Processes and Modules
Directory enumeration is just one of many features implants should have. The first workshop covered how to do that, and this workshop will cover how to enumerate processes and modules that could be loaded in them.
WebinarDigital Forensics and Incident Response- 10 Oct 2024
- 11:00 AEDT
- Jonathan Reiter
- Slide 16 of 20
An Intro to C for Windows - Part 10: The End
Hear ye! Hear ye! Be ye free from the CRT! What’s life like anyway without the CRT? What can a program even do without it? As the entire series comes to a close, this part will explore the CRT and how to become independent from it. This independence is critical to understand when it comes to creating binaries that are compiled as PIC; Position Independent Code.
WebinarOffensive Operations- 2 Dec 2024
- 15:00 UTC
- Jonathan Reiter
- Slide 17 of 20
Mastering PE Parsing with WinDbg
Dive into the intricacies of Portable Executable (PE) parsing in this presentation showcasing the usefulness of the PE Parsing with WinDbg cheat sheet.
WebinarOffensive Operations
- 13 Jan 2025
- 15:00 UTC
- Jonathan Reiter
- Slide 18 of 20
Intro to WinDbg Part 1: The Beginning
Have you ever wanted to debug Windows binaries with WinDbg, but just not sure where to start? Well, this brand new series of workshops is for you! This series of workshops will start with the absolute basics of WinDbg and debugging in general. By the end of the entire series, you will be much more comfortable with WinDbg and will understand what's happening under the hood a bit more.
WebinarOffensive Operations- 24 Feb 2025
- 15:30 UTC
- Jonathan Reiter
- Slide 19 of 20
Setting up Kernel Debugging and More! | Poster Walkthrough
Join SANS instructor Jonathan Reiter for this webcast covering his newly published poster, Comprehensive Kernel Debugging for Windows Developers.
WebinarOffensive Operations- 7 Apr 2025
- 15:30 UTC
- Jonathan Reiter
- Slide 20 of 20
Intro to WinDbg Part 3: Call Me Maybe
By now you have learned how to travel through time using Time Travel Debugging. TTD is such a powerful feature and you’ve only begun to scratch the surface of its use cases.
WebinarOffensive Operations- 23 Jun 2025
- 15:30 UTC
- Jonathan Reiter