To access and download Summit Archive presentations, you must be a member of the SANS.org Community. If you have a SANS Account, please login - or join the SANS.org Community here.
SANS Cyber Defense Forum & Training (October 2020)
- Analysis 101 for Incident Responders, Kristy Westphal.pdf
- And Then There Were None (More False Positives) - Writing Better EDR Detections, Dan Banker.pdf
- Asking Questions and Writing Effectively, Christopher Lopez .pdf
- Automating Threat Hunting on the Dark Web, Apurv Singh Gautam .pdf
- Building the Better Playbook - Techniques to Improve Repeatability, Don Murdoch.pdf
- Hiding in the Clouds - How Attackers Can Use Applications for Sustained Persistence, Yochana Henderson, Mark Morowczynski.pdf
- Metrics on Steroid - Improving SOC Maturing Using the SOC-CMM, Rob van Os.pdf
- New Tools for Your Threat Hunting Toolbox, Mark Baggett.pdf
- Ransomware Defense and Response - Minimizing Risk of an Increasing Threat, Gabriel Curry, Will Oram.pdf
- Resolve Security Alerts with Adaptive Intelligence and Guided Response, Peter Luo.pdf
- Resource Smart Detection with YARA and osquery, Saurabh Wadhwa.pdf
- Taking Your Detection Program to the Next Level (Keynote), Carson Zimmerman.pdf
- XDR - The Hidden Pitfalls of Evaluation and Deployment, Steve Turner, Ben Tyminski.pdf
- XDR The Hidden Pitfalls of Evaluation and Deployment, Steve Turner, Ben Tyminski.pdf
Oil & Gas Cybersecurity Summit & Training 2020 (October 2020)
- A Game-Theory Approach for Defending the ICS-SCADA Environment, Rashed Rabie.pdf
- Black Gold- Battle to Defend the Most Treasured Assets in the World, Anas Faruqui.pdf
- Detecting Encrypted Radio Communications Using Universal Hacker Radio, Don C. Weber.pdf
- Developing Effective Detection and Defense Strategies Against Activity Groups in Oil & Gas OT Using Models, Sergio Caltagirone.pdf
- OT IR - Are You Prepared to Respond, Gabiriel Agboruche.pdf
- Preparing for M&A and Onboarding Newly Acquired Immature Organizations, Brent Foster.pdf
- Process Vulnerabilities for Refineries, Can Demirel, Yusuf Yilmaz Akdemir.pdf
- Raiders of the Lost RTUs, Meters, and Valves, Ron Brash.pdf
- Secure and Safe Operations in the Remote Work Era - COVID-19 and Beyond, Mark Carrigan.pdf
- What's Cooking - Starting Your Own DIY Automation and ICS Security Projects, Mike Hoffman.pdf
Threat Hunting & Incident Response Summit & Training 2020 (September 2020)
- A Tale of Two Hunters - Practical Approaches for Building a Threat Hunting Program, Peter Ortiz.pdf
- Applying Fraud Detection Techniques to Hunt Adversaries, Nicole Hoffman.pdf
- Big Game Hunting - Major threat group joins the targeted ransomware-as-a-Service (RaaS) scene via a Valak partnership, John Dwyer, Christopher Kiefer.pdf
- Building a Hunting Program at a Global Scale, Pete Bryan.pdf
- Cybersecurity and the Platypus - Why Information Modeling is Essential, Yet Challenging, Jason Keirstead.pdf
- External Threat Hunters are Red Teamers, David Maynor, Jorge Orchilles.pdf
- From One Sec Guy to the Team That Saved the CISO's Day, Diego Mariano.pdf
- Hunting Human-Operated Ransomware Operators, Ryan Chapman.pdf
- Hunting Immaturity Model, Mangatas Tondang.pdf
- Hunting Powershell Obfuscation with Linear Regression, Joe Petroske.pdf
- Leveraging Beacon Detection Techniques to Identify Anomalous Logons, Fred Nolte, Nikita Jain, Dante Razo, Jacob Alongi.pdf
- Machine Learning Meets Regex Rule Engine, David Rodriguez.pdf
- New Tools for Your Threat Huntung Toolbox, Mark Baggett.pdf
- Open NDR and the Great Pendulum (Keynote), Greg Bell.pdf
- Raising the Tide - Driving Improvement in Security by Being a Good Human- Keynote, David J Bianco.pdf
- SaaS Hunting, Ben Johnson.pdf
- Started from the Bottom - Exploiting Data Sources to Uncover ATTCK Behaviors, Jose Rodriguez, Jamie Williams.pdf
- The SOC Puzzle - Where Does Threat Hunting Fit, Ashley Pearson.pdf
- WinSCP - Yeah You Know Me, Mari DeGrazia.pdf
Security Awareness Forum & Training (August 2020)
- 28 Common Attitudes and Behaviors - Racial Literacy Resource, Joey Oteng.pdf
- A Step-by-Step Guide to Engaging a Global Workforce with Podcasts, Paige Ishii.pdf
- Create Your Own Awareness Videos at Home, Kerry Tomlinson.pdf
- Diversity, Equity, Inclusion, & Justice in Cyber - Action Items and Resources.pdf
- Diversity, Equity, Inclusion, & Justice in Cyber- Schilling, Otengo, Selemani, Stewart.pdf
- General Info and Reference Slides.pdf
- How to Build a Global Digital Security Awareness Scavenger Hunt, Neaka Lynn Balloge.pdf
- How to Engage Globally with Podcasts, Paige Ishii.pdf
- Keynote - The Human Side of Threats, Katie Nickels.pdf
- SANS Scavenger Hunt Clues and Answers.pdf
- Social Justice 101 - Joey Oteng.pdf
- stop action video tipsheet - Kerry Tomlinson.pdf
DFIR Summit & Training 2020 (July 2020)
- Accelerate Your Threat Hunting and IR with Next-Gen NDR+EDR, Balaji Prasad, Arun Raman, Heike Ritter.pdf
- capa - Automatically Identify Malware Capabilities, Willi Ballenthin, Moritz Raabe.pdf
- Captain's Log - Take Your Application Log Analysis from Starfleet to Star Fleek, David Pany, Ryan Tomcik.pdf
- Completing the Triad - The Case for Leading with NDR, John Smith.pdf
- CyberSleuth - Education and Immersion for the Next Generation, Daryl Pfief.pdf
- Data Science for DFIR - The Force Awakens, Jess Garcia.pdf
- Did I Do That- Understanding Action and Artifacts in Real Time, David Cowen, Matthew Seyer.pdf
- Dig Deeper - Acquisition and Analysis of AWS Cloud Data, Trey Amick, Curtis Mutter.pdf
- Empowering DFIR Through Automation and Orchestration - Enhancing Your Artifacts with Threat Intelligence, Iain Davison.pdf
- Forensic Analysis of the Apple HomePod and the Apple HomeKit Environment, Mattia Epifani.pdf
- Forensic Marriage - The Love-Hate Relationship Between eDiscovery and DFIR, Andrew + Sarah Konunchuk.pdf
- From Threat Detection to Organizational Threat Detection, O'Shea Bowens, Nico Smith.pdf
- Healthy Android Exams - Timelining Digitial Wellbeeing Data, Alexis Brignoni, Joshua Hickman.pdf
- Help, We Need an Adult, Liz Waddell.pdf
- How Not to Ruin Your Day - Avoiding Common Threat Huntung Mistakes, Menachem Perlman.pdf
- Hunting Bad Guys That Use TOR in Real-Time, Milind Bhargava.pdf
- If At First You Don't Succeed, Try Something Else, Jim Clausing.pdf
- Just Forensics - Mercifully, Lee Whitfield.pdf
- Kansa for Enterprise Scale Threat Hunting, Jonathan Ketchum.pdf
- Keynote - Strengthening Trust in DFIR, Eoghan Casey, Daryl Pfeif.pdf
- Long Live Linux Forensics, Ali Hadi, Brendan Brown, Victor Griswold.pdf
- Lucky (iOS) #13 - Time to Press Your Bets, Jared Barnhart.pdf
- Making Memories - Using Memory Analysis for Faster Response to User Investigations, Jessica Hyde, Aaron Sparling.pdf
- Man in The Mirror - Upping Your Threat Hunting Game by Seeing Yourself as an Attacker, Eric McIntyre, Randori.pdf
- Profiling Threat Actors in DNS, Taylor Wilkes-Pierce.pdf
- Putting Big Data to Work in DFIR, Jason Mical.pdf
- Think Like a Threat Actor to Handle Remote Work Risks, Brandon Hoffman, NetEnrich Lunch.pdf
- Using Big DFIR Data in Autopsy and Other Tools, Brian Carrier.pdf
- Using Storytelling to Be Heard and Remembered, Frank McClain.pdf
- What the DLL is Happening - A Practical Approach to Identifying SOH, Frank McClain.pdf
- You Need a PROcess to Check Your Running Processes and Modules, Michael Gough.pdf
Pen Test HackFest & Cyber Ranges Summit (June 2020)
- Anatomy of a Gopher - Binary Analysis of Go Binaries, Alex Useche.pdf
- Assumed Breach - The Better Pen Test, Tim Medin.pdf
- Automated Detection of Software Vulnerabilities Using Deep Learning, Nidhi Rastogi.pdf
- Building Compelling Cyber Challenges and Range Scenarios, Chris Elgee, Simon McNamee.pdf
- Creating Simulations for Historical Data Collection I, Tim Conway.pdf
- Creating Simulations for Historical Data Collection II, Phil Hagen.pdf
- Emulating the Adversary in Post-Exploitation, Jake Williams.pdf
- Fully Functional Cloud C2, Chris Truncer.pdf
- Getting tthe Most Out of Free CtFs, Derek Rook.pdf
- Handling Advanced Threats - De-Obfuscation, Emulation, and Anti-Forensics, Alexandre Borges.pdf
- Handling Advanced Threats - Extended Version, Alexandre Borges.pdf
- Hardware Hacking - Intro to Programming Micro Controllers, Mick Douglas.pdf
- How You Can Use Your Offensive Skills to Help the Air Force, Capt. Lillian Warner.pdf
- Identifying Novel Malware at Scale, Pedram Amini.pdf
- Keynote - Opportunity Amidst Uncertainty - Spinning Up Virtual Cons on a Shoestring, Lesley Carhart.pdf
- Keynote - Using CTF Challenges to Massively Level-Up Your Cybersecurity Career, Ed Skoudis.pdf
- Let the Games Begin- Overview of Summit Challenges and Jupiter Rockets, Steve Sims, Ed Skoudis, Simon Vernon.pdf
- Maldocs - Tips for Red Teamers, Didier Stevens.pdf
- Open Source Election Security - End-to-End Verifiable Voting with Microsoft ElectionGuard, Ethan Chumley, Matthew Wilhelm.pdf
- Quickstart Guide to MITRE ATT&CK, Adam Mashinchi .pdf
- Some of Them Want to Use You; Some of Them Want to Get Used By You, Chris Wysopal.pdf
- Supercharge Your Red Team with RedELK, Marc Smeets.pdf
- Where the ---- Is My Identity, Chris Edmundson.pdf
- Windows 10 Kernel Mitigations and Exploitation, Jaime Geiger, Stephen Sims.pdf
Cloud Security Summit & Training 2020 (May 2020)
- Building a Pipeline for Secure Virtual Machines in AWS, Shaun McCullough.pdf
- Cloud Breaches - Case Studies, Best Practices, and Pitfalls - Dylan Marcoux, Christopher Romano.pdf
- Cloud Security Posture Management from Security Hygiene to Incident Response, Yuri Diogenes, Jess Huber, Ricardo Bruno.pdf
- Cloud Security to Go, Ken Hartman.pdf
- Cover Your SaaS - Practical SaaS Security Tips, Ben Johnson.pdf
- Doing Cloud in China, Kenneth G. Hartman.pdf
- Don't Just Lift and Shift - Why Traditional Controls Don't Always Apply to the Cloud and What You Can Do About It, Steve Turner.pdf
- Keynote - Lessons Learned from Cloud Security Incidents Past and Present, Dave Shackleford.pdf
- Keynote - Securing Cloud Deployments - A Red Team Perspective, Matt Burrough.pdf
- Leveling Up Your Workforce for Cloud Enablement - Pathways to Total Pwnage, Aaron Lancaster.pdf
- Modern Identity Strategies to Securely Manage Your Cloud Infrastructure, Michael Soule.pdf
- Multi-Cloud Visibility for Large Organizations, Chris Farris.pdf
- Put a Lid on Those AWS S3 Buckets, Lily Lee & Melisa Napoles.pdf
- Reimagining Vulnerability Management in the Cloud, Eric Zielinski.pdf
- Static Analysis of Infrastructure as Code, Barak Schoster Goihman.pdf
- Threat Hunting in the Microsoft Cloud - The Times They Are a-Changin', John Stoner.pdf
ICS Security Summit & Training 2020 (March 2020)
- 2020 ICS Cyber Attack Trends.pdf
- At Least We Can Agree on This Working with Legal to Improve Cybersecurity in Standard Agreements.pdf
- Clean Up Your MES The Bridge Between IT and OT.pdf
- Cyber Guardian Exercise A Case Study in Brazil to Address Challenges in Cybersecurity and Protect Critical Infrastructure.pdf
- Five Blind Men and an Elephant Called ICS Supply Chain Security.pdf
- Go-To Analysis for ICS Network Packet Captures.pdf
- ICS Threats and Mapping to ICS ATT&CK.pdf
- Keynote Keeping the Lights on in a Dangerous World.pdf
- Mission Kill Process Targeting in Industrial Control System Attacks.pdf
- Nation-State Supply Chain Attacks for Dummies and You Too -or- Chipping Cisco Firewalls.pdf
- Project Runaway How the Worlds Largest Manufacturers are Unknowingly Leaking Their Secrets Online.pdf
- RADICS The DARPA Project to Restart the Power Grid After a Significant Cyber Attack.pdf
- Save the Day Build an Incident Response Program Now.pdf
- Security Worst Practices.pdf
- Summit Agenda.pdf
- The Current Status of Industrial Control Systems in Developing Countries A Case Study of Argentina and Latin America.pdf
- Vulnerabilities on the Wire Mitigations for Insecure ICS Protocols.pdf
Blue Team Summit & Training 2020 (March 2020)
- Cobot Uprising Smart Automation for Blue Teams.pdf
- Computer Love Love Letters and Log Analysis.pdf
- Cops and Robbers Simulating Adversary Techniques for Detection Validation.pdf
- Creativity Convergence and Choices Security Analyst Thinking Modes.pdf
- Cybercrime Markets and Their Effects on Threat Intelligence and Detection.pdf
- DevBlue Applying Software Engineering Practices to Blue Teaming for the Win.pdf
- How to Build a Threat Hunting Team and Manage Rabbit Holes.pdf
- Keynote Threat Hunting via DNS.pdf
- Keynote Untapped Potential.pdf
- Orchestrating Detection within Security Onion.pdf
- Passwordless Can It Be Done .pdf
- Pushing the SOC Left to Achieve Nash Equilibrium.pdf
- Put Some Power in Your Shell POSH for Incident Response at Scale.pdf
- Seeing Red Top Five Things You Can Do to Catch a Physical Pen Tester.pdf
- Summit Agenda.pdf
- Threat Intelligence How to Focus Fire on the Bad Guys Coming for Your Network.pdf
Open-Source Intelligence Summit & Training 2020 (February 2020)
- Connecting the Dots Using Engagement Metrics on Social Media to Identify Associates.pdf
- Judging by the Cover Profiling Through Social Media.pdf
- Keynote The News is OSINT.pdf
- Opening Remarks.pdf
- OSINT for Counter Diversion and Brand Protection Investigations.pdf
- Summit Agenda.pdf
- Think Outside the App An Investigators Guide to Mobile App OSINT.pdf
- Weaponizing the Deep Web.pdf
- Welcome to the (Sock) Jungle .pdf
Cyber Threat Intelligence Summit & Training 2020 (January 2020)
- Automation The Wonderful Wizard of CTI Or Is IT .pdf
- Collection Overload Understanding and Managing Collection to Support Threat Intelligence Analysis.pdf
- CTI to Go Your Takeaways and To Do List.pdf
- Every Breath You Take A CTI Review of Stalkerware.pdf
- Hack the Reader Writing Effective Threat Reports.pdf
- Keynote Secret Squirrels and Flashlights Legal Risks and Threat Intelligence.pdf
- Stop Tilting at Windmills Three Key Lessons that CTI Teams Should Learn from the Past.pdf
- Strategic Takeaways Forging Compelling Narratives with Cyber Threat Intelligence.pdf
- Summit Agenda.pdf
- The Importance of Cultural and Social Intelligence.pdf
- The Threat Intelligence EASY Button.pdf
- Threat Intelligence and the Limits of Malware Analysis.pdf
- Threat Summary Report - Stalkerware.pdf
SANS Threat Hunting & IR Europe Summit & Training 2020 (January 2020)
- Enhancing the Cyclic Threat Hunting process using Attacker Methodologies and Automation.pdf
- Evolving the Hunt.pdf
- How do you do Incident Response for your Azure Active Directory.pdf
- How to automate response with M365.pdf
- How to detect that your domains are being abused for phishing by using DNS.pdf
- Mandiant IR Grab Bag of Attacker Activity.pdf
SANS Cyber Threat Summit 2019 (November 2019)
- Adventures in Threat Tracking.pdf
- BRONZE UNION An Unexpected Journey into the DNA of a Targeted Threat Group.pdf
- Cutting the Phishing Line Using Certificate Transparency Logs and Open Source Search Tools to Detect Phishing Attempts Against your Organisation.pdf
- Cutting the Phishing Line.pdf
- How do you do Incident Response for your Azure Active Directory.pdf
- Incident Response Practitioners Guide.pdf
- Mandiant IR Grab Bag of Attackers Activity.pdf
- Need for PLEAD.pdf
- Tactics, Techniques, and Procedures of the Worlds Most Dangerous Attackers.pdf
- Tracking Actors Through Their Webinjects.pdf
- Using Threat Models for Incidents; Introducing the Possible and Impossible Attack Trees..pdf
- What do you Get when you Add Military Power with a Sprinkling of Cat Burglar and a Pinch of Teenage Temper Tantrum.pdf
- Why Attackers Should Avoid C Sharp.pdf
Pen Test HackFest Summit & Training 2019 (November 2019)
- Covert Channels & Command and Control Innovation.pdf
- Crazy Windows Privilege Escalation Tricks That Your Blue Team Hates.pdf
- How to Train Your Dragon Ghidra Basics.pdf
- Introduction to Modern Heap Exploitation for Penetration Testers.pdf
- Keynote - Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD).pdf
- Maniacal Keyboards.pdf
- Pen Testing ICS and Other Highly Restricted Environments.pdf
- Sneaky Tip and Tricks with Alternate Data Streams.pdf
- Summit Agenda.pdf
- TheC2Matrix Comparing C2 Frameworks.pdf
- Trials and Tribulations of Modern Malware Control.pdf
- Using Mobile Malware Tactics During Penetration Tests.pdf
- What Every Pen Test Needs to Know About ICS.pdf
European Security Awareness Summit 2019 (November 2019)
- A New Awareness Approach.pdf
- Awareness Training Secrets Gleaned from the Security Podcast World.pdf
- Changing Security Culture, One Small Step at a Time.pdf
- Demystifying Cyber Security Cultural Strategy.pdf
- Dont Fly too Close to the Sun Carefully Building Leadership Support for Your Program.pdf
- Hacking Your Awareness.pdf
- Identifying the Introvert.pdf
- Less Filling.pdf
- Not on my Watch.pdf
- Phish apples and oranges assessing the sophistication of your phishing simulations.pdf
- So Now What Using Risk Assessments to Prioritise Security Behaviours.pdf
- The Many Faces of Culture in Security Awareness.pdf
- Using Appreciative Inquiry to Start a Network of Champions.pdf
Cloud & DevOps Security Summit & Training 2019 (November 2019)
- A DevOps Approach to Security Controls.pdf
- Add Continuous Compliance to Your Continuous IntegrationContinuous Deployment Pipelines.pdf
- CloudSec Rules Everything Around Me.pdf
- Continuous Security Buddy OpenShift KubernetesOpenStack Platform.pdf
- DevSecOps and the Cloud An Organizational Primer.pdf
- DevSecOps To Go Your Takeaways and To Do List.pdf
- Embedding Security and Privacy in the World of DevOps RealWorld Case Studies.pdf
- Get Off Your Buts and Move Your Apps Creating an App Modernization Strategy.pdf
- Infrastructure as Code is Real Using the Cloud to Provision Infrastructure with Software.pdf
- Keynote Building Zero Trust A CloudNative Perspective.pdf
- Keynote Shift RIGHT to Fix Bugs Earlier Security in a DevOps World.pdf
- Keynote Security for the Masses.pdf
- Lessons from Developing Microsegmentation for Container Environment Networks.pdf
- Loose Keys Bring These Attackers Me Incident Responders.pdf
- Managing Security Vulnerabilities in the Cloud.pdf
- Serverless DevSecOps Owning Security.pdf
- Summit Agenda.pdf
- The Art of Automation Creating a Serverless Threat Intel Bot.pdf
Purple Team Summit & Training 2019 (October 2019)
- Adaptive Adversary Emulation with MITRE ATT&CK.pdf
- Air Forces Purple Teams Lessons Learned from a Red Team Inside of a Blue Team.pdf
- Detecting and Mitigating FLAM1 Banking APT.pdf
- Emulating the Adversary While Training the Defenders Purple Teaming with MITRE ATTCK.pdf
- Evolving Your Adversary Playbooks Incorporating Red Team Findings and Benchmarking.pdf
- Its Hackers All the Way Down Experiences in Improving Security by Transferring Adversarial Skills to Product Teams.pdf
- Keynote Enter Mordor Prerecorded Security Events from Simulated Adversarial Techniques.pdf
- Keynote Purple Yourself.pdf
- Lessons in Purple Team Testing with MITRE ATT&CKs from Priceline and Praetorian.pdf
- One Hundred Red Team Operations a Year.pdf
- Optimizing Caldera for Automated Adversary Emulation.pdf
- Red Purple Blue Collaboration for Optimum Results.pdf
- Summit Agenda.pdf
- When Being Wrong is Right The Role of False Positives in Building a Detection Pipeline.pdf
- Work it Out Organizing Effective Adversary Emulation Exercises.pdf
SIEM Summit & Training 2019 (October 2019)
- Company Phishing Trip Analysis of Brand Phishing Kits and Campaigns.pdf
- Custom Application Behavioral Security Monitoring Using SIEM.pdf
- Did You Do Your Homework Use CaseDriven SIEM Deployments.pdf
- Get the Basics Right!.pdf
- Hunting with Sysmon to Unveil the Evil.pdf
- Keynote Untapped Potential Getting the Most our of Your SIEM.pdf
- Keynote - How I Learned to Stop Worrying and Love TLS.pdf
- Rapid Recognition and Response to Rogues.pdf
- Summit Agenda.pdf
- Techniques to Reduce Alert Fatigue in Security Analysts.pdf
- That SIEM Will Hunt.pdf
- The Right Data at the Right Time.pdf
- We Need to Talk about the Elephant in the SOC.pdf
SANS DFIR Europe Summit & Training 2019 - Prague Edition (September 2019)
- a) When Data Talks b) The Beautiful Mind of a Timeline.pdf
- Apple Watch Forensics (Live Demo) .pdf
- Handling BECs in an Office 365 environment.pdf
- Incident Response in the cloud foggy with a ray of sunshine.pdf
- Managing Major incidents.pdf
- Memory Smearing Myth or Reality.pdf
- Performing Linux Investigations at Scale.pdf
- Slacking Off Slack Artefacts on Windows.pdf
- smbtimeline - An automated timeline for SMB Traffic.pdf
- The Unified Logging Confession.pdf
- Tsurugi Linux project, the right DFIR tools in the wrong time .pdf
- TuxResponse A collection of scripts tools and commands to ease and automate incident response activities on Linux systems.pdf
Threat Hunting & Incident Response Summit & Training 2019 (September 2019)
- BZAR - Hunting Adversary Behaviors with Zeek and ATT&CK.pdf
- Dont Miss the Forest for the Trees How to Translate Too Much Data from Too Many Intrusions into Strategic Hunting Value.pdf
- Evolving the Hunt A Case Study in Improving a Mature Hunt Program.pdf
- Hunting is Sacred, but We Never Do It for Sport! .pdf
- Jupyter Notebooks and Pre-Recorded Datasets for Threat Hunting.pdf
- Keynote Classifying Evil Lessons from Hunting Human Traffickers.pdf
- Keynote Play Like a Kid Protect Like a Champion A Reservist Model.pdf
- My AHa Moment.pdf
- Once Upon a Time in the West A Story on DNS Attacks.pdf
- Open the Pod Bay Doors Please, HAL.pdf
- Remote Access Tools The Hidden Threats Inside Your Network.pdf
- Summit Agenda.pdf
- Threat Hunting in the Enterprise with Winlogbeat, Sysmon, and ELK.pdf
- Well, What Had Happened Was....pdf
- Whos That CARBANAKing at My Door Hunting for Malicious Application Compatibility Shims.pdf
- Worm Charming Harvesting Malware Lures for Fun and Profit.pdf
Oil & Gas Cybersecurity Summit & Training 2019 (September 2019)
- A Process-Based Approach to ICS Security.pdf
- A Roadmap to Help Enterprise Security Operations Centers Expand Duties to OT Environments.pdf
- Assessments in Active ICS Environments.pdf
- Breaching the ITOT Boundary Wedge Points and How to Secure Them.pdf
- Fueling the Exchange of Cyber Intelligence Why ONGISAC Matters.pdf
- ICS SCADA and MITRE ATTCK How It Helps and Where It Hurts.pdf
- If It Isnt Secure It Isnt Safe Incorporating Cybersecurity into Process Safety.pdf
- SCADA Cybersecurity for Pipelines API 1164 and Updates from the Trenches.pdf
- Securing the Technology Supply Chain.pdf
- Summit Agenda.pdf
Supply Chain Cybersecurity Summit & Training 2019 (August 2019)
- AF Cyber Defense Risk Management.pdf
- Andrew Martin.pdf
- Bring Your Own Threat Supply Chain Attacks Using Personal IoT Devices in Companies.pdf
- Day 2 Wrap Up Closing Comments.pdf
- Hacking the Motherboard Exploting Implicit Trust in All of the Forgotten Places.pdf
- Keynote When Your OT Supports the APT.pdf
- Neuralizing Risk from Customer Engagements.pdf
- Own Your Supply Chain System - Or It Will Own You.pdf
- Selecting for Security Searching for Risks from the Supply Chain in IoT Devices at Scale.pdf
- Supply Chain Integrity Through Hardware Material Analysis.pdf
- Supply Chain Summit Day 1 Opening Remarks.pdf
- Third-Party Software Assessments for Modern Development.pdf
- Trust But Verify An Argument for Security Testing Vefndors.pdf
- When Security Best Practices Meet Your Supply Chain.pdf
Security Awareness Summit & Training 2019 (August 2019)
- Beginners Track How to Use the Fogg Behavior Model Nudge Theory and More to Design Secure Behaviors.pdf
- Beginners Track Securing Leadership Support.pdf
- Beginners Track Security Awareness Recognition Program.pdf
- Changing Culture Lessons from Teaching Music.pdf
- Communications Engagement Track Cyber Agents for Change Leveraging Untapped Opportunities for Cybersecurity Awareness.pdf
- Communications Engagement Track Dashboard Confessions Security Awareness Communication in Silicon Valley.pdf
- Communications Engagement Track Shifting from FUD to Fun How to Overcome Internal Obstacles for Program Success.pdf
- Communications & Engagement Track - Cyber Agents for Change (HANDOUT - Cypher Practice Cards ).pdf
- Communications & Engagement Track - Cyber Agents for Change (HANDOUT - Cypher Wheel).pdf
- How Data-Driven Personalized Journeyys are the Future of Security Training.pdf
- Keynote A Lesson in Survival Transforming Culture by Preparing for a Crisis.pdf
- Keynote Latest Techniques in Hacking the Human.pdf
- Metrics CyberScore Workshop (Advanced).pdf
- Online Training Structure for Multi-Generations.pdf
- OSINT Workshop - Handout.pdf
- OSINT Workshop.pdf
- Partnerships & Collaboration.pdf
- Special Events - How to Build Your Own Escape Room (HANDOUT).pdf
- Special Events - How to Build Your Own Escape Room.pdf
- Special Events - Online Digital Scavenger Hunt Engaging Security Awareness with Global Impact.pdf
- SSAP, 2019 Awareness Report, and New Courses.pdf
- Summit Agenda.pdf
- The Creative Process Behind Fun, Low-Budget Videos.pdf
- Using Appreciative Inquiry to Create a Network of Security Champions that Went Viral.pdf
- vLearning TheoryInstructional Design.pdf
DFIR Summit & Training 2019 (July 2019)
- AmCache Investigation.pdf
- Distributed Evidence Collection and Analysis with Velociraptor Fast Surgical at Scale and Free.pdf
- Finding Badness Using Moloch for DFIR.pdf
- Finding Evil in Windows 10 Compressed Memory.pdf
- Forensic Investigation of Emails Altered on the Server.pdf
- Keynote Troying to Make Forensics EZer.pdf
- Live Response with Ansible.pdf
- MacOS DSStores Like Shellbags but for Macs.pdf
- Pipeline Incident Response.pdf
- Shedding Light on the macOS Spotlight Desktop Search Service.pdf
- Summit Agenda.pdf
- They See Us Rollin They Hatin Forensics of iOS CarPlay and Android Auto.pdf
- Tracking Traces of Deleted Applications.pdf
SANS Pen Test Hackfest Europe Summit & Training 2019 (July 2019)
- A Journey Through Adversary Emulation.pdf
- Automated adversary emulation using Caldera.pdf
- Blame Wars - How to Attribute Responsibility.pdf
- Pentesting Cars.pdf
- Well, that escalated quickly! - A Local Privilege Escalation Approach.pdf
- With Just a Search Engine Cup of Coffee Hunting Vulnerabilities on the Web.pdf
SANS ICS Europe 2019 (June 2019)
- Assessing [Industrial Cybersecurity] Assessments.pdf
- Building a National Cyber Security Strategy.pdf
- CYBERSECURITY FOR THE INDUSTRY 4.0 from the perspective of the energy CERT.pdf
- Engineers worst day - How Murphy could keep his production running.pdf
- Extending an IT SOC to include critical OTICS systems.pdf
- Five Ways to Ensure the Integrity of Your Industrial Operations.pdf
- ICS Down! Its Go Time..pdf
- Key Takeaways from the New SANS 2019 State of OTICS Cybersecurity Market Survey.pdf
- OT Security Requirements vs. Real Life stories.pdf
- Securing Large-Scale Industrial Networks.pdf
- Using ICSSCADA Honeypots the right way.pdf
Security Operations Summit & Training 2019 (June 2019)
- 2019 SANS SOC Survey Preview Live Simulcast.pdf
- A SOC TechnologyTools Taxonomy And Some Uses for It.pdf
- Arming SecOps with a Special Forces Targeting Process.pdf
- Breach ATTCK Osquery Learning from Breach Reports to Improve Endpoint Monitoring.pdf
- How to Literally Think Like an Attacker to Become a Better Defender.pdf
- Keynote How to Disrupt an Advanced Cyber Adversary.pdf
- Keynote Lessons Learned Applying ATTCKBased SOC Assessments.pdf
- Managing Security Operations int he Cloud.pdf
- Mental Models for Effective Searching.pdf
- Rapid Recognition and Response to Rogues.pdf
- Shared Security Services How to Adjust to an Evergrowing Landscape of Security Operations Center Responsibilities.pdf
- summit_archive_1561488873.pdf
- The Case for Building Your Own SOC Automations.pdf
- This Will Never Work Tales from Disappointingly Successful Pen Tests.pdf
- Use Case Development as a Driver for SOC Maturation.pdf
- Use Case Development Utilizing an ARECI Chart.pdf
- Virtuous Cycles Rethinking the SOC for LongTerm Success.pdf
Enterprise Defense Summit & Training 2019 (June 2019)
- Analyst Unknown Cyber Range AUCR A Standardized Open Source Web Framework.pdf
- Assumed Breach A Better Model for Penetration Testing.pdf
- Creating Incident Response Playbooks.pdf
- Do-It-Yourself ATT&CK Evaluations to Improve Your Security Posture.pdf
- Finding Evil with Skadi.pdf
- Five Mistakes We Wish Users Would Stop Making.pdf
- Hide Seek Where Your Business Does Business.pdf
- Keynote Practical Detection Engineering at Scale.pdf
- Legacy Authentication and Password Spray Understanding and Stopping Attackers Favorite TTPs in Azure AD.pdf
- LOLBin Detection Methods Seven Common Attacks Revealed.pdf
- Rapid Recognition and Response to Rogues.pdf
- Realigning from Chaotic Evil.pdf
- Sky-High Incident Response at Cloud Scale.pdf
- Summit Agenda.pdf
- The Best of Both Worlds Blending Tactics from the Public and Private Sectors.pdf
- The Offensive Defender Cyberspace Trapping.pdf
Cloud Security Summit & Training 2019 (April 2019)
- Automating Cloud Security Monitoring at Scale.pdf
- Automating the Creation of Network Firewall Rules Using PowerShell and CICD.pdf
- Cloud DFIR Why So Cirrus .pdf
- Cloud Security at its Finest.pdf
- Cloud Security Automation From Infrastructure to App.pdf
- Cloud, the Hard Way.pdf
- Demonstration of Typical Forensic Techniques for AWS EC2 Instances.pdf
- Keep it Flexible How Cloud Makes it Easier and Harder to Detect Bad Stuff.pdf
- Locking Them Out of Their Own House Access Control to Cloud at Startups.pdf
- Secrets for All the Things The Injection of Secrets for Every Application in Your CloudAgnostic Environment.pdf
- Secure by Default Enabling Developers to Focus on Their Mission by Providing Cloud Security for Free.pdf
- Securing Your Application Identities.pdf
- Serverless Security Attackers and Defenders.pdf
- Summit Agenda.pdf
- The State of Cloud Security How Does Your Organization Compare .pdf
- Who Done It Gaining Visibility and Accountability in the Cloud.pdf
Blue Team Summit & Training 2019 (April 2019)
- Azure AD Security Recommendations and the Customer Stories That Prove It.pdf
- Forgotten But Not Gone Gathering NTFS Artifacts of Deletion.pdf
- Mental Models for Effective Searching.pdf
- Network Flow Data A Cornucopia of Value.pdf
- One Phish, Two Phish, Red Phish, Green Phish.pdf
- OSINT Not Just Offensive.pdf
- Relentless Team Building.pdf
- Seriously, I Can See You.pdf
- Skill Sharpening at the Cyber Range Developing the NextGeneration Blue Team .pdf
- Statically Analyzing Infrastructure as Code.pdf
- Summit Agenda.pdf
- Suspiciously Inconspicuous.pdf
- Threat Hunting via Sysmon.pdf
- To Blue with ATT&CK-Flavored Love.pdf
- Using Statistical Analysis to Reduce Noise and Improve Efficacy.pdf
- ZeroTrust Networks The Future Is Here.pdf
SANS Cyber Security Middle East Summit (April 2019)
- A Knack for NAC Locking Down Network Access Across a Global Enterprise.pdf
- Actionable CTI Not a Pipedream.pdf
- Attacking & Defending AWS S3 Bucket.pdf
- Emerging threats by SANS Internet Storm Centre.pdf
- Exploiting relationship between Active Directory Objects.pdf
- In the trails of Windshift APT.pdf
- Raising the Bar for the Attacker.pdf
- The Case for Building Your Own SOC Automations.pdf
ICS Security Summit & Training 2019 (March 2019)
- A Vital New Concept for ICS Cybersecurity Programs ForeScout Lunch Learn .pdf
- Assumed Breach Assessments Using You Against You.pdf
- CES21 Technology Achievements Grid Security and Cyber Automation.pdf
- Creating a Security Metrics Program How to Measure Programmatic Success.pdf
- Evolution of ICS Attacks From BlackEnergy 3 to TRISIS.pdf
- Gaining Buy-In and Resources to Manage Cybersecurity Risk in OT Environments.pdf
- Gaining Endpoint Log Visibility in ICS Environments.pdf
- How Common Network Misconfigurations Impact ICS Reliability and Security.pdf
- ICS Risk Management Approaches Vulnerability vs Threat vs Engineering.pdf
- Intersection of Data Breach Notification and Critical Infrastructure Protection.pdf
- Practical Solutions to Supply Chain Attacks.pdf
- Preventing Your Physical Access Control System from Being Used Against You.pdf
- Scanners, Tunnels, and Sims, Oh My! .pdf
- Securing the Distribution Grid The State Regulatory Perspective.pdf
- Still Bailing Water Out of the OT Boat Two Years Later.pdf
- Summit Agenda.pdf
Open-Source Intelligence Summit & Training 2019 (February 2019)
- Backdoors to the Kingdom... Changing The Way You Think About Organizational Reconnaissance.pdf
- Beginners Business and Legal Research.pdf
- Hunting Down Malicious Sites Using Certstream Data and Available Web Services.pdf
- OSINT Data Breach Ethics and OpSec Oh My.pdf
- So You Want to OSINT Full-Time.pdf
- Summit Agenda.pdf
- Using OSINT to Improve Critical Business Decision-Making .pdf
- Weaponizing OSINT.pdf
Cyber Threat Intelligence Summit & Training 2019 (January 2019)
- A Brief History of Attribution Mistakes.pdf
- Analytic Tradecraft in the Real World.pdf
- ATTCK Your CTI Lessons Learned from Four Years in the Trenches.pdf
- Cloudy with Low Confidence of Threat Intel How to Use and Create Threat Intelligence in an Office 365 World.pdf
- CTI 101 Effectively Communicating Threat Intel and Its Value.pdf
- CTI 101 Frameworks and Why We Use Them.pdf
- CTI 101 Network Defense Integrating Threat Intel IR and Hunting.pdf
- How to Get Promoted Developing Metrics to Show How Threat Intel Works.pdf
- Keynote Applyiing WWIIEra Analytic Techniques to CTI.pdf
- Language and Culture in Threat Intelligence.pdf
- Meet Me In the Middle Threat Indications and Warning in Principle and Practice .pdf
- Quality Over Quantity Determining Your CTI Detection Efficiency .pdf
- Schroedingers Backslash Tracking the Chinese APT Goblin Panda with RTF Metadata .pdf
- Summit Agenda.pdf
- Untying the Anchor Countering Unconscious Bias in Threat Intelligence Analysis.pdf
Tactical Detection & Data Analytics Summit & Training 2018 (December 2018)
- Applied Data Science and Machine Learning for Cybersecurity.pdf
- Detection with MITRE ATT&CK in the Energy Sector.pdf
- Forgotten but Not Gone Gathering NTFS Artifacts of Detection.pdf
- From Automation to Analytics Simulating the Adversary to Create Better Detections.pdf
- Keeping Up With the Joneses SIEM Rules Edition.pdf
- Keynote Build it Once Build it Right Architecting for Detection .pdf
- Machine Learning in Cybersecurity Fact Fantasy and Moving Forward.pdf
- Measure Your Bad Self The SIEMquel.pdf
- Rapid Data Analysis Thunderdome.pdf
- Sharing is Caring Improving Your Detection Capability with the Sigma Framework.pdf
- Summit Agenda.pdf
- Top 5 Things to Know About Azure Active Directory Logs.pdf
- Unconventional Logging & Detection.pdf
- Users as a Data Source Are You Leveraging SecurityAware Employees in Your Detection Strategy .pdf
- Using Open Source Tools for Data Analytics Learning from a Corpus of Endpoint Snapshots.pdf
- Whats in a User Name .pdf
- Wreck SIEM Noise How to Build and Measure Effective Alerting.pdf
European Security Awareness Summit 2018 (November 2018)
- A Role-Reversal Learning Approach to Low-Level Security Training.pdf
- Ensuring CyberSecurity Is not a Car Crash.pdf
- Establishing a Baseline to Measure Behavioural Change.pdf
- Future-proofing your Security Awareness Programme.pdf
- Gaining Leadership Support what do we tell them and how.pdf
- Information Security Human Risk Level Assessment.pdf
- Leveraging Your Security Operations Center.pdf
- Managing Your Security Awareness Career.pdf
- Once Upon a Time Back to the Future of Security.pdf
- Summit Agenda.pdf
- Wait Did I Just Learn Something.pdf
- Workshop Fun Cheeky Videos.pdf
- Workshop - OSINT (Open Source Intelligence) .pdf
- You Shape Security Supporting the ingenuity of people.pdf
Pen Test HackFest Summit & Training 2018 (November 2018)
- Come to the Dark Side Pythons Sinister Secrets.pdf
- Domain Fronting For the Win!.pdf
- Extending Burp to Find Struts and XXE Vulnerabilities.pdf
- Grape Jelly How Threat Intel Enhances a Red Team.pdf
- Hacking in the Future.pdf
- Hatfields McCoys Feuds AntiPatterns and Other Crossed Connections in the DevSec Relationship.pdf
- Keynote A Year of Gaining Superpowers.pdf
- NoSQL Injection It Isnt Just MongoDB.pdf
- Post Exploitation in Developer Environments.pdf
- Summit Agenda.pdf
- The Clouds Are Coming to Get Me!.pdf
- Timelines Not Just for Incident Response.pdf
- Ubiquitous Shells.pdf
- Wrangling Malware for Fun and Pen Testing.pdf
