All Archives
- SIEM Summit & Training 2019 (October 2019)
- Summit Agenda
- Keynote - Untapped Potential: Getting the Most our of Your SIEM
Justin Henderson, John Hubbard - Get the Basics Right!
Balaji Nakkella, Rakesh Kumar Narsingoju - We Need to Talk about the Elephant in the SOC
Jim Apger - Custom Application Behavioral Security Monitoring Using SIEM
Prithvi Bhat, Himanshu Tonk - Company Phishing Trip: Analysis of Brand Phishing Kits and Campaigns
Jared Peck - The Right Data at the Right Time
Jeff Bollinger, Matthew Valites - A SIEM Engineer's Guide to Threat Modeling
Mark Orlando - Keynote - How I Learned to Stop Worrying and Love TLS
Dr. Johannes Ullrich - Techniques to Reduce Alert Fatigue in Security Analysts
Ram Shankar Siva Kumar, Sharon Xia - Don't Be a SIEMingly SOAR Loser
Rob Gresham - That SIEM Will Hunt
John Stoner - Hunting with Sysmon to Unveil the Evil
Felipe Esposito, Rodrigo Montoro - Rapid Recognition and Response to Rogues
Craig Bowser - Did You Do Your Homework?: Use Case-Driven SIEM Deployments
Scott Lynch
- SANS DFIR Europe Summit & Training 2019 - Prague Edition (September 2019)
- a) When Data Talks b) The Beautiful Mind of a Timeline
Kristinn Gudjonsson, Member of the Detection & Response team, Google & Johan Berggren, Security Engineer, Google - Handling BECs in an Office 365 environment
Joey Rentenaar, Incident Response Specialist, PWC & Curtis Hanson, Threat Intelligence Specialist, PWC - Managing Major incidents
Mathias Fuchs, Head of Investigation & Intelligence, Infoguard AG & Michael Kurth, Senior Analyst, Infoguard AG - Memory Smearing: Myth or Reality?
Fabio Pagani, PhD Student, Eurecom - Performing Linux Investigations at Scale
John Rogers, Consultant: Investigations and Incident Response, MWR Infosecurity & Joani Green, Senior Consultant: Investigations and Incident Response, MWR Infosecurity - Incident Response in the cloud: foggy with a ray of sunshine
Jeroen Vandeleur, Director, NVISO - smbtimeline - An automated timeline for SMB Traffic
Olaf Schwarz, Senior IT-Security Analyst, Austrian Energy CERT / CERT.at - Slacking Off: Slack Artefacts on Windows
Kathryn Hedley, Director, Khyrenz Ltd - The Unified Logging Confession
Johann Polewczyk, Mac forensic expert, French Gendarmie National Forensic Lab - Tsurugi Linux project, the right DFIR tools in the wrong time
Giovanni Rattaro, Senior Cyber Security Expert, Openminded - TuxResponse: A collection of scripts, tools and commands to ease and automate incident response activities on Linux systems
Hristiyan Lazarov, VP, Deutsche Bank - Apple Watch Forensics (Live Demo)
Mattia Epifani, CEO REALITY NET & Francesco Picasso, CTO REALITY NET
- a) When Data Talks b) The Beautiful Mind of a Timeline
- Threat Hunting & Incident Response Summit & Training 2019 (September 2019)
- Summit Agenda
- Keynote: Play Like a Kid, Protect Like a Champion: A Reservist Model
Chris Cochran - Evolving the Hunt: A Case Study in Improving a Mature Hunt Program
David J. Bianco; Cat Self - My "A-Ha!" Moment
John Stoner - Well, What Had Happened Was...
Todd Mesick; Brian Moran - Who's That CARBANAKing at My Door?: Hunting for Malicious Application Compatibility Shims
Benjamin Wiley - Threat Hunting in the Enterprise with Winlogbeat, Sysmon, and ELK
David Bernal Michelena; Eduardo P. Sanchez - Once Upon a Time in the West: A Story on DNS Attacks
Ruth Barbacil; Valentina Palacin - BZAR - Hunting Adversary Behaviors with Zeek and ATT&CK
Mark Fernandez; John Wunder - Keynote: Classifying Evil: Lessons from Hunting Human Traffickers
Sherrie Caltagirone - Jupyter Notebooks and Pre-Recorded Datasets for Threat Hunting
Jose Luis Rodriguez; Roberto Rodriguez - Don't Miss the Forest for the Trees: How to Translate Too Much Data from Too Many Intrusions into Strategic Hunting Value
Karl Scheuerman; Piotr Wojtyla - Open the Pod Bay Doors Please, HAL
Gunter Ollmann - Remote Access Tools: The Hidden Threats Inside Your Network
David Pearson - Worm Charming: Harvesting Malware Lures for Fun and Profit
Will MacArthur - Hunting is Sacred, but We Never Do It for Sport!
Ashraf M. Adbalhalim - There's an Actor in My Pocket!
Jennifer Chavarria Reindl; Daniel Garcia
- Oil & Gas Cybersecurity Summit & Training 2019 (September 2019)
- Summit Agenda
- Securing the Technology Supply Chain
Keith Turpin - A Process-Based Approach to ICS Security
Michael Hoffman - ICS, SCADA, and MITRE ATT&CK: How It Helps and Where It Hurts
Neal Humphrey - Breaching the IT/OT Boundary: Wedge Points and How to Secure Them
Jackson Evans-Davies; Connor Leach - Fueling the Exchange of Cyber Intelligence: Why ONG-ISAC Matters
Angela Haun - If It Isn't Secure, It Isn't Safe: Incorporating Cybersecurity into Process Safety
John Cusimano - A Roadmap to Help Enterprise Security Operations Centers Expand Duties to OT Environments
Vernon L. McCandlish - SCADA Cybersecurity for Pipelines: API 1164 and Updates from the Trenches
Tom Aubuchon, Jason Christopher - Assessments in Active ICS Environments
Don C. Weber
- Supply Chain Cybersecurity Summit & Training 2019 (August 2019)
- Supply Chain Summit Day 1 Opening Remarks
Jake Williams - When Security Best Practices Meet Your Supply Chain
Curt Dukes - Selecting for Security: Searching for Risks from the Supply Chain in IoT Devices at Scale
Ryan Spears - Keynote: When Your OT Supports the APT
Jake Williams - Own Your Supply Chain System - Or It Will Own You
John P. Martin - Andrew Martin
The State of Your Container's Supply Chain - Neuralizing Risk from Customer Engagements
Keely Richmond - Third-Party Software Assessments for Modern Development
Chris Wysopal - Bring Your Own Threat: Supply Chain Attacks Using Personal IoT Devices in Companies
Martin Hron - Supply Chain Integrity Through Hardware Material Analysis
MacKenzie Morris - Trust But Verify: An Argument for Security Testing Vefndors
Rachel Black and Kyle Tobener - Hacking the Motherboard: Exploting Implicit Trust in All of the Forgotten Places
Sophia d'Antoine - Day 2 Wrap / Up Closing Comments
Jake Williams - AF Cyber Defense Risk Management
Alyssa Feola
- Supply Chain Summit Day 1 Opening Remarks
- Security Awareness Summit & Training 2019 (August 2019)
- Summit Agenda
- Keynote: Latest Techniques in Hacking the Human
Jake Williams - Changing Culture: Lessons from Teaching Music
Jessica Chang - Using Appreciative Inquiry to Create a Network of Security Champions that Went Viral
Sarah Janes - Online Training Structure for Multi-Generations
Dr. Brenda L. Ellis - Beginners' Track: Lessons Learned in Building an Award-Winning Phishing Program
Dennis Legori - Beginners' Track: Security Awareness Recognition Program
Nicole Jacobs - Beginners' Track: Securing Leadership Support
Janet Roberts - Beginners' Track: How to Use the Fogg Behavior Model, Nudge Theory, and More to Design Secure Behaviors
Perry Carpenter - Metrics CyberScore Workshop (Advanced)
Jon Smiley - The Creative Process Behind Fun, Low-Budget Videos
Jill Barclay - Keynote: A Lesson in Survival: Transforming Culture by Preparing for a Crisis
Adam Tice - Partnerships & Collaboration
Alexandra Panaretos - SSAP, 2019 Awareness Report, and New Courses
SANS Security Awareness - How Data-Driven Personalized Journeyys are the Future of Security Training
Aika Sengirbay - OSINT Workshop
Micah Hoffman - OSINT Workshop - Handout
Micah Hoffman - Communications & Engagement Track - Dashboard Confessions: Security Awareness Communication in Silicon Valley
Brooke Pearson, Paisley Parker - Communications & Engagement Track - Shifting from FUD to Fun!: How to Overcome Internal Obstacles for Program Success
Dr. Mary Dziorny - Communications & Engagement Track - Cyber Agents for Change: Leveraging Untapped Opportunities for Cybersecurity Awareness
Diane Desaulniers - Special Events - How to Build Your Own Escape Room (HANDOUT)
Bob Hewitt, Justin Perkins - Communications & Engagement Track - Cyber Agents for Change (HANDOUT - Cypher Wheel)
Diane Desaulniers - Special Events - How to Build Your Own Escape Room
Bob Hewitt, Justin Perkins - Communications & Engagement Track - Cyber Agents for Change (HANDOUT - Cypher Practice Cards )
Diane Desaulniers - Special Events - Online Digital Scavenger Hunt Engaging Security Awareness with Global Impact
Laney Cannon - vLearning Theory/Instructional Design
Kevin Bennett, Andrew Mantuano
- DFIR Summit & Training 2019 (July 2019)
- Summit Agenda
- Keynote: Troying to Make Forensics EZer
Troy Larson, Eric Zimmerman - AmCache Investigation
Blanche Lagny - They See Us Rollin', They Hatin': Forensics of iOS CarPlay and Android Auto
Sarah Edwards, Heather Mahalik - MacOS DS_Stores: Like Shellbags but for Macs
Nicole Ibrahim - Finding Evil in Windows 10 Compressed Memory
Omar Sardar, Blaine Stancill - The DFIR Practitioner's Guide to the Research and Development Process
Joe Sylve - Live Response with Ansible
Brian Olson - Distributed Evidence Collection and Analysis with Velociraptor: Fast, Surgical, at Scale... and Free!
Mike Cohen, Nick Klein - Finding Badness: Using Moloch for DFIR
Elyse Rinne, Andy Wick - Pipeline Incident Response
Terry Freestone - Forensic Investigation of Emails Altered on the Server
Arman Gungor - Tracking Traces of Deleted Applications
Alexis Brignoni, Christopherr Vance - Shedding Light on the macOS Spotlight Desktop Search Service
Dr. Vico Marziale
- SANS Pen Test Hackfest Europe Summit & Training 2019 (July 2019)
- Blame Wars - How to Attribute Responsibility
David Fuhr, Head of Research, HiSolutions AG - Why it's easy being a hacker
Chris Dale, Head of Cyber Security at Netsecurity AS - A Journey Through Adversary Emulation
Jonas Bauters, Senior Security Consultant, NVISO - Well, that escalated quickly! - A Local Privilege Escalation Approach
Khalil Bijjou, Senior Security Consultant, SEC Consult - Pentesting Cars
Oliver Nettinger, R&D, NVISO - With Just a Search Engine & Cup of Coffee: Hunting Vulnerabilities on the Web
Jan Kopriva, CSIRT Team Leader, Alef Nula a.s. - Automated adversary emulation using Caldera
Erik Van Buggenhout, Certified Instructor & Author, SANS
- Blame Wars - How to Attribute Responsibility
- SANS ICS Europe 2019 (June 2019)
- ICS Down! Its Go Time.
Christopher Robinson, Principal Consultant, Industrial Control Systems at Cylance - Engineers worst day - How Murphy could keep his production running
Daniel Buhmann, Systems Engineer at Fortinet - Extending an IT SOC to include critical OT/ICS systems
Tobias Kiesling, Head of OT Security at Airbus CyberSecurity Falk Lindner, Industrial Cyber Security Expertise Services Lead at Airbus Operations - CYBERSECURITY FOR THE INDUSTRY 4.0 from the perspective of the energy CERT
Jarek Sordyl, Deputy Director of Cybersecurity at PSE - Five Ways to Ensure the Integrity of Your Industrial Operations
Yariv Lenchner, Director of Product Management at Indegy - Using ICS/SCADA Honeypots - the right way!
Mikael Vingaard, Preparedness Manager at Energinet - Assessing [Industrial Cybersecurity] Assessments
Samuel Linares, Managing Director, Europe & Latin America ICS Security Lead for Resources at Accenture - Building a National Cyber Security Strategy
Sren Egede Knudsen, CEO & IT/OT Security Expert - Key Takeaways from the New SANS 2019 State of OT/ICS Cybersecurity Market Survey
Doug Wylie, Industry Practice Director at SANS Institute Jason Dely, ICS Practice Director at Cylance and SANS ICS515 Instructor - Securing Large-Scale Industrial Networks
Ofer Shaked, Co-Founder & Chief Technology Officer at SCADAfence - OT Security Requirements vs. Real Life stories
Ćukasz Maciejewski, Security Manager at Accenture
- ICS Down! Its Go Time.
- Security Operations Summit & Training 2019 (June 2019)
- Keynote: Lessons Learned Applying ATT&CK-Based SOC Assessments
Andy Applebaum - Mental Models for Effective Searching
Chris Sanders - Keynote: How to Disrupt an Advanced Cyber Adversary
Manny Castillo - Use Case Development Utilizing an ARECI Chart
Nathan Clarke - Use Case Development as a Driver for SOC Maturation
Eric Thompson - A SOC Technology/Tools Taxonomy - And Some Uses for It
Chris Crowley & John Pescatore - Managing Security Operations int he Cloud
Marc Baker - Virtuous Cycles: Rethinking the SOC for Long-Term Success
John Hubbard - 2019 SANS SOC Survey Preview: Live Simulcast
Chris Crowley - This Will Never Work: Tales from Disappointingly Successful Pen Tests
Derek Rook - Rapid Recognition and Response to Rogues
Craig Bowser - The Case for Building Your Own SOC Automations
Nathaniel Kenyon - The Call Is Coming from Inside the House: How Does Your SOC Respond When Attackers Are On-Site?
Deviant Ollam - Arming SecOps with a Special Forces Targeting Process
Andrew Stokes - Breach - ATT&CK - Osquery: Learning from Breach Reports to Improve Endpoint Monitoring
Guillaume Ross - Shared Security Services: How to Adjust to an Ever-growing Landscape of Security Operations Center Responsibilities
Kevin Garvey - How to Literally Think Like an Attacker to Become a Better Defender
Eric Groce
- Keynote: Lessons Learned Applying ATT&CK-Based SOC Assessments
- Enterprise Defense Summit & Training 2019 (June 2019)
- Summit Agenda
- Keynote: Practical Detection Engineering at Scale
Jared Atkinson - Legacy Authentication and Password Spray: Understanding and Stopping Attackers' Favorite TTPs in Azure AD
Ramiro Calderon, Mark Moroczynski - Assumed Breach: A Better Model for Penetration Testing
Mike Saunders - Five Mistakes We Wish Users Would Stop Making
Chelle Clements, Lee Neely - Realigning from Chaotic Evil
Joe Schottman - Sky-High Incident Response at Cloud Scale
Aaron Lancaster - The Offensive Defender: Cyberspace Trapping
Matthew Toussain - LOLBin Detection Methods: Seven Common Attacks Revealed
Alissa Torres - Rapid Recognition and Response to Rogues
Craig Bowser - Do-It-Yourself ATT&CK Evaluations to Improve Your Security Posture
Daniel Weiss - Finding Evil with Skadi
Alan Orlikoski - Finding a Domain's Worth of Malware
Jeff McJunkin - Hide & Seek: Where Your Business Does Business
Tonia Dudley - The Best of Both Worlds: Blending Tactics from the Public and Private Sectors
Josh Bryant - Creating Incident Response Playbooks
Chris Taylor - Analyst Unknown Cyber Range (AUCR): A Standardized Open Source Web Framework
Wyatt Roersma
- Cloud Security Summit & Training 2019 (April 2019)
- Summit Agenda
- Cloud Security at its Finest
Ben Hagen - Secrets for All the Things: The Injection of Secrets for Every Application in Your Cloud-Agnostic Environment
Brian Nuszkowski, Mike Ruth - Keep it Flexible: How Cloud Makes it Easier and Harder to Detect Bad Stuff
Lily Lee - Automating Cloud Security Monitoring at Scale
Chris Farris - Who Done It? Gaining Visibility and Accountability in the Cloud
Marta Gomez-Macias, Ryan Nolette - Automating the Creation of Network Firewall Rules Using PowerShell and CI/CD
Nills Franssens - Locking Them Out of Their Own House: Access Control to Cloud at Startups
Jackie Bow - The State of Cloud Security: How Does Your Organization Compare?
Dave Shackleford - Serverless Security: Attackers and Defenders
Ory Segal - Secure by Default: Enabling Developers to Focus on Their Mission by Providing Cloud Security for Free
Reza Nikoopour, Zach Pritchard - Demonstration of Typical Forensic Techniques for AWS EC2 Instances
Kenneth G. Hartman - Cloud, the Hard Way
Will Bengtson - Cloud DFIR: Why So Cirrus?
Rick Correa - Securing Your Application Identities
Tarek Dawoud, Alexander Pavlovsky - Cloud Security Automation: From Infrastructure to App
Frank Kim
- Blue Team Summit & Training 2019 (April 2019)
- Summit Agenda
- Threat Hunting via Sysmon
Eric Conrad - Azure AD Security Recommendations and the Customer Stories That Prove It
Mark Morowczynski - Skill Sharpening at the Cyber Range: Developing the Next-Generation Blue Team
Don Murdoch - To Blue with ATT&CK-Flavored Love
Jamie Williams - Seriously, I Can See You
Jonathan Ham - Using Statistical Analysis to Reduce Noise and Improve Efficacy
Keshia Levan; Kyle Rainey - Zero-Trust Networks: The Future Is Here
Randy Marchany - Suspiciously Inconspicuous
Greg Foss - Network Flow Data: A Cornucopia of Value
Andrew Laman - Forgotten But Not Gone: Gathering NTFS Artifacts of Deletion
Mari DeGrazia; Scott Hanson - Mental Models for Effective Searching
Chris Sanders - OSINT: Not Just Offensive
David Mashburn - Relentless Team Building
Dustin Lee - One Phish, Two Phish, Red Phish, Green Phish
Ryan Kovar; Dave Herrald - Statically Analyzing Infrastructure as Code
Mike Siegel
- SANS Cyber Security Middle East Summit (April 2019)
- In the trails of Windshift APT
Taha Karim, Founder and CTO, tephracore Technologies - Attacking & Defending AWS S3 Bucket
Sapna Singh, Senior Consultant, Deloitte & Touche (M.E.) - The Case for Building Your Own SOC Automations
Nathanael Kenyon, Business Systems Analyst II, Saudi Aramco - Emerging threats by SANS Internet Storm Centre
Bojan Zdrnja, CTO, INFIGO IS - A Knack for NAC: Locking Down Network Access Across a Global Enterprise
Maged Elmenshawy, Global Network Services Manager, Schlumberger - Exploiting relationship between Active Directory Objects
Juned Ahmed Ansari, Senior Security Consultant, DarkMatter - Actionable CTI Not a Pipedream
Javier Velazquez, Cyber Threat Intelligence Analyst, EclecticIQ - Raising the Bar for the Attacker
Greg Scheidel, Chief Cybersecurity Officer, Iron Vine Security
- In the trails of Windshift APT
- ICS Security Summit & Training 2019 (March 2019)
- Summit Agenda
- Evolution of ICS Attacks: From BlackEnergy 3 to TRISIS
Joe Slowik - Securing the Distribution Grid: The State Regulatory Perspective
Andy Bochman, Rachel Goldwasser - CES-21 Technology Achievements: Grid Security and Cyber Automation
Jon Taylor - Practical Solutions to Supply Chain Attacks
David Foose - Scanners, Tunnels, and Sims, Oh My!
Justin Searle - Creating a Security Metrics Program: How to Measure Programmatic Success
Jason Christopher - How Common Network Misconfigurations Impact ICS Reliability and Security
Allen Steagall, Steve Stock - Gaining Buy-In and Resources to Manage Cybersecurity Risk in OT Environments
Maggy Powell, Jason Tugman - Gaining Endpoint Log Visibility in ICS Environments
Michael Hoffman - ICS Risk Management Approaches: Vulnerability vs. Threat vs. Engineering
Brian Proctor, Dr. Nathan Wallace - Intersection of Data Breach Notification and Critical Infrastructure Protection
Bryan Owen - Still Bailing Water Out of the OT Boat Two Years Later
Steven Briggs - Preventing Your Physical Access Control System from Being Used Against You
Valerie Thomas - Assumed Breach Assessments: Using You Against You
Don C. Weber - A "Vital" New Concept for ICS Cybersecurity Programs (ForeScout Lunch & Learn)
Brian Proctor, Chris Triolo
- Open-Source Intelligence Summit & Training 2019 (February 2019)
- So You Want to OSINT Full-Time
Kirby Plessas - OSINT: Data Breach, Ethics, and OpSec... Oh My
Josh Huff - Weaponizing OSINT
Michael James - Hunting Down Malicious Sites Using Certstream Data and Available Web Services
Sean Gallagher - Summit Agenda
- Backdoors to the Kingdom... Changing The Way You Think About Organizational Reconnaissance
David Westcott - Beginners Business and Legal Research
Tracy Maleef - Using OSINT to Improve Critical Business Decision-Making
Tazz
- So You Want to OSINT Full-Time
- Cyber Threat Intelligence Summit & Training 2019 (January 2019)
- Summit Agenda
- CTI 101: Effectively Communicating Threat Intel and Its Value
Rick Holland - CTI 101: Frameworks and Why We Use Them
Katie Nickels - CTI 101: Network Defense - Integrating Threat Intel, IR, and Hunting
Kris McConkey - Analytic Tradecraft in the Real World
Amy Bejtlich - ATT&CK Your CTI: Lessons Learned from Four Years in the Trenches
Brian Beyer, Katie Nickels - Language and Culture in Threat Intelligence
Mitchell Edwards - Meet Me In the Middle: Threat Indications and Warning in Principle and Practice
Joe Slowik - A Brief History of Attribution Mistakes
Sarah Jones - Quality Over Quantity: Determining Your CTI Detection Efficiency
David J. Bianco - Keynote: Applyiing WWII-Era Analytic Techniques to CTI
Jake Williams - How to Get Promoted: Developing Metrics to Show How Threat Intel Works
Marika Chauvin, Toni Gidwani - Schroedinger's Backslash: Tracking the Chinese APT Goblin Panda with RTF Metadata
Michael Raggi - Cloudy with Low Confidence of Threat Intel: How to Use and Create Threat Intelligence in an Office 365 World
Dave Herrald & Ryan Kovar - Untying the Anchor: Countering Unconscious Bias in Threat Intelligence Analysis
Rachel Mullen, Jason Smart
- Tactical Detection & Data Analytics Summit & Training 2018 (December 2018)
- Summit Agenda
- Keynote: Build it Once, Build it Right: Architecting for Detection
Eric Conrad - Unconventional Logging & Detection
Justin Henderson - Rapid Data Analysis Thunderdome
Mick Douglas - Wreck SIEM Noise: How to Build and Measure Effective Alerting
Frank Angiolelli - Machine Learning in Cybersecurity: Fact, Fantasy, and Moving Forward
Dan Liebermann - Detection with MITRE ATT&CK in the Energy Sector
Christian Kopacsi - What's in a (User) Name?
Kevin Wilcox - Top 5 Things to Know About Azure Active Directory Logs
Mark Morowczynski - From Automation to Analytics: Simulating the Adversary to Create Better Detections
Dave Herrald & Ryan Kovar - Using Open Source Tools for Data Analytics: Learning from a Corpus of Endpoint Snapshots
Gabriel Infante-Lopez - Forgotten but Not Gone: Gathering NTFS Artifacts of Detection
Mari DeGrazia & Scott Hanson - Keeping Up With the Joneses: SIEM Rules Edition
Nick Ascoli & Kevin Foster - Sharing is Caring: Improving Your Detection Capability with the Sigma Framework
John Hubbard - Measure Your Bad Self: The SIEMquel
Craig Bowser - Users as a Data Source: Are You Leveraging Security-Aware Employees in Your Detection Strategy?
Tonia Dudley - Applied Data Science and Machine Learning for Cybersecurity
Austin Taylor
- European Security Awareness Summit 2018 (November 2018)
- Future-proofing your Security Awareness Programme
Alison Crockford - Gaining Leadership Support - what do we tell them, and how?
Prof. M Angela Sasse RISCS - Ensuring CyberSecurity Is not a Car Crash
Brian Honan, Owner and CEO at BH Consulting - Wait, Did I Just Learn Something?
Cassie Clark, Security Community Manager at Salesforce - Once Upon a Time: Back to the Future of Security
David Porter, Head of Innovation, Security and Privacy Division - You Shape Security: Supporting the ingenuity of people
Ceri J, NCSC Senior Sociotechnical Researcher - Establishing a Baseline to Measure Behavioural Change
Denise Beardon, Head of Information Security Engagement at Pinsent Masons LLP , Mo Amin, Managing Director at Cyber Guidance Ltd - Managing Your Security Awareness Career
Janet Roberts, Global Head of Security Awareness Education at Zurich Insurance - Workshop - Fun / Cheeky Videos
Javvad Malik - Security Advocate at Alien Vault - Tripping Upwards - Mistakes I've Made
Louise Cockburn, Information Security Culture Manager at Old Mutual Wealth/ Quilter - Leveraging Your Security Operations Center
Matilda McVann, Global Head of Cyber Response at Zurich Insurance - Workshop - OSINT (Open Source Intelligence)
Nico "Dutch_OSINTguy", Dutch Law Enforcement - Information Security Human Risk Level Assessment
Noora Alfayez, Cybersecurity Analyst at Saudi Aramco - A Role-Reversal Learning Approach to Low-Level Security Training
Sarah Muhlemann, Founder at SpyPi - Summit Agenda
- Future-proofing your Security Awareness Programme
- Pen Test HackFest Summit & Training 2018 (November 2018)
- Summit Agenda
- NoSQL Injection: It Isn't Just MongoDB
Adrien de Beaupre - Hatfields & McCoys: Feuds, Anti-Patterns and Other Crossed Connections in the Dev/Sec Relationship
Rachelle Saunders - Timelines: Not Just for Incident Response
Joe Schottman - The Top 10 Reasons It's GREAT to Be a Pen Tester...and How You Can Help Fix That PROBLEM
Ed Skoudis - Wrangling Malware for Fun and Pen Testing
John Freimuth, Alex Stockwell - Keynote: A Year of Gaining Superpowers
Tarah M. Wheeler - The Clouds Are Coming to Get Me!
John Strand - Extending Burp to Find Struts and XXE Vulnerabilities
Chris Elgee - Come to the Dark Side: Python's Sinister Secrets
Mark Baggett - Ubiquitous Shells
Jon Gorenflo - Grape Jelly: How Threat Intel Enhances a Red Team
Lori Stroud - Domain Fronting For the Win!
Matt George - Post Exploitation in Developer Environments
Ian Lee - Hacking in the Future
Moses Frost
- Secure DevOps Summit & Training 2018 (October 2018)
- Summit Agenda
- Lessons Learned from Illumina's SecDevOps Transition
Kenneth G. Hartman - Ship of Fools: Shoring Up Kubernetes Security
Ian Coldwater - Serverless Security: Your Code, Your Responsibility
Ory Segal - Keynote - Fast Forward: Reflecting on a Life Watching Movies and a Career in Security
Jason Chan - Moving Fast & Security Things
Kelly Ann & Nikki Brandt - Unify DevOps and SecOps: Security Without Friction
Matt Alderman - Security Change Through Feedback @ Riot
Zachary Pritchard - Building Cloud Apps Using the Secure DevOps Kit for Azure
Jonathan Trull - SANS Secure DevOps Survey: Sneak Peek
Frank Kim - Top 10 Risks in Cloud Computing
Ben Hagen - Total Chaos: How Experimenting with Chaos Lead to More Control
Aaron Rinehart & Mike Zhou - Detection as Code: Applying the Software Development Lifecycle to Blue Team Operations
Chris Rothe - Threat Modeling as Code with ThreatPlaybook
Nithin Jois - Oh, You Got This? Attacking the Modern Web
Moses Frost
- SANS DFIR Prague Summit & Training 2018 (October 2018)
- Cutting the Wrong Wire: How a Clumsy Attacker Revealed a Global Cryptojacking Campaign
Renato Marinho - Chief Research Officer at Morphus Labs - BYOM - Build Your Own Methodology (in Mobile Forensics)
Mattia Epifani - Digital Forensics Analyst at REALITY NET - Building a Digital Evidence Classification Model
Jason Jordaan - Principal Forensic Analyst at DFIR LABS - Project SIRF - Security Incident Response Framework
Olaf Schwarz - Senior IT-Security Analyst at CERT Austria - Lessons from TheShadowBrokers One Year Later
Matt Suiche - Managing Director at Comae - The X Factor exFAT Talk
Adam Harrison - Principal Consultant at Verizon Threat Research Advisory Center - Automating the Routine Stuff
Kathryn Hedley - Director at Khyrenz Ltd - Comparative Forensic Examination of Three Prominent Ransomware Families
Veronica Schmitt - Partner at DFIR LABS - Statistical Methods for Triaging DFIR Investigations
Ray Strubinger - Managing Consultant DFIR at VerSprite - Chrome Nuts and Bolts: ChromeOS/Chromebook forensics
Jessica Hyde - Director of Forensics at Magnet Forensics, Jad Saliba - Founder and CTO at Magnet Forensics - 1+1 is Not Always 2: Bypassing Multi-Factor Authentication
Jeff Hamm - Technical Director at Mandiant, James Hovious - Senior Consultant at Mandiant
- Cutting the Wrong Wire: How a Clumsy Attacker Revealed a Global Cryptojacking Campaign
- Oil & Gas Cybersecurity Summit & Training 2018 (October 2018)
- Summit Agenda
- Keynote: Blurring the Lines Between IT and OT: Building a Better Defense Through Partnership
Steve Neiers - Using Augmented Reality to Streamline Design, Construction, and Operations of a Major O&G Facility
Ken Nguyen, Steve Mustard - ICS Down! It's Go Time...
Jason Dely - Getting Over a Bad ICS Audit
Paul Piotrowski - Tactics and Techniques for Threat Hunting & Oil Refineries
Dan Gunter - Critical Lessons from TRITON: Protecting Safety-Instrumented Systems from Advanced Malware
Andrea Carcano - Detecting Counterfeit Software in Oil and Gas Control Systems
Eric Byres - How's Our Industrial Cybersecurity? Go Ask the OT Guys!
Katherine Brocklehurst, Greg Villano - PLC Data Table Misinformation: Finding Vectors for Data Manipulation
Tim Conway, Jeff Shearer
- Threat Hunting & Incident Response Summit & Training 2018 (September 2018)
- Summit Agenda
- Lean Hunting
Ben Johnson - Uncovering and Visualizing Malicious Infrastructure
Josh Pyorre, Andrea Scarfo - The Fastest Way to Hunt Windows Endpoints
Michael Gough - Threat Hunting in Your Supply Chain
Jake Williams - Lunch & Learn Panel: The Future of Incident Response
Carbon Black - ATT&CKing the Status Quo: Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels; Cody Thomas - Cyber Threat Hunting in the Middle East
Kevin Albano - Hunting for Lateral Movement Using Windows Event Log
Mauricio Velazco - Forecast: Sunny, Clear Skies, and 100% Detection
Alissa Torres - Differentiating Evil from Benign in the Normally Abnormal World of InfoSec
Rick McElroy - How to Submit a Threat Profile to MITRE ATT&CK
Walker Johnson - Threat Hunting Using Live Box Forensics
John Moran - Viewing the Nodes in the Noise: Leveraging Data Science to Discover Persistent Threat
David Evenden - Hunting Webshells: Tracking TwoFace
Josh Bryant, Robert Falcone - Threat Hunting or Threat Farming: Finding the Balance in Security Automation
Robert M. Lee, Alex Pinto - Quantify Your Hunt:: Not Your Parents' Red Team
Devon Kerr, Roberto Rodriguez - Launching Threat Hunting From Almost Nothing
Takahiro Kakumaru - Who Done It?: Gaining Visibility and Accountability in the Cloud
Ryan Nolette
- Data Breach Summit & Training 2018 (August 2018)
- Summit Agenda
- Welcome & Summit Roadmap
Ben Wright, Eric Zimmerman - Keynote: Response to High-Profile Incidents
Marc Sachs - Investigation & Notification of Data Breaches: The European Perspective
Alexander Blumrosen - Investigation & Notification of Data Breaches: The US Perspective
Melinda McLellan, James Sherer - How Management Absorbs Information During a Cyber Event
Sara Hall - Incident Response: From Basics to Best Practices
Lucie Hayward, Mike Quinn - Workshop: Advanced Data Breach Exercise
Lucie Hayward, Mike Quinn - Managing the Impact of a Breach
Jim Routh - Beauty & The Breaches: One Organization's Journey Toward a Culture of Confidentiality
Meredith Harper - Getting Data Breach Right: Lessons Learned from Fighting in the Cyber Trenches
John Ansbach - Crossing Borders: Managing a Security Incident Across Multiple Collaborating Organizations
Tom Siu - Global DFIR in a Fractured World: Challenges in Managing International Incidents
R. Jason Straight - Don't Panic! - Tales from the Front Lines
Mary Chaney - Talking to the Techs: Asking the Right Questions
Eric Zimmerman - Developing the Human Sensor
Lance Spitzner - Takeaways and To Do
Eric Zimmerman - FS-ISAC Security Industry Group and Councils
Peter Falco
- Security Awareness Summit & Training 2018 (August 2018)
- Summit Agenda
- Opening Remarks
Lance Spitzner - Keynote: The Dark Arts of Social Engineering
Jen Fox - Open-Source Intelligence (OSINT)
Josh Huff - Communications & Engagement Session: How I Pulled Off an Edgy Security Behavior Change
Lisa Plaggemier - Communications & Engagement Session: Using Motivation to Drive Security Behavior Change
Masha Sedova - Communications & Engagement Session: Communication Lessons from the World of Public Health
Ben Smith - Workshop: Security Awareness Escape Rooms
Scot Fackler & Matthew House - Workshop: Security Awareness Escape Rooms (WORKSHEET)
FedEx - Workshop: Ambassador Programs
Cassie Clark & Jessica Chang - Workshop: Ambassador Programs (WORKSHEET)
Clark/Chang - No User Awareness Budget? No Problem.
Steve Lape - The Science of Security: The Psychological Impacts of Security Awareness Programs
Shayla Treadwell - Metrics Session: Using Metrics to Drive Cyber Security Decisions and Behaviors
Kathi Bellotti - Metrics Session: Want People, Funding, Buy In? Speak Metrics!
Julie Rinehart - Partnering With and Leveraging Threat Intel
Lauren Clark & Angela Pappas - Workshop: Phishing
Cheryl Conley and Tonia Dudley - Workshop: Phishing (WORKSHEET)
Conley/Dudley - Workshop: Creative Writing
Cathy Click and John Scott - Workshop: Creative Writing (WORKSHEET)
Click/Scott - 24 Million Reasons You Should Care About GDPR
Dave Prendergast - 2018 Security Awareness Report
SANS Security Awareness - Managing Your Security Awareness Career
Janet Roberts - Talking Cybersecurity to the Board
SANS Security Awareness - Cybersecurity: Managing Human Risk
SANS Security Awareness
- Security Operations Summit & Training 2018 (July 2018)
- Summit Agenda
- Keynote: Measure Yo' Bad Self
Carson Zimmerman - "Oops!" - Internal IR Communications and Why We Are Still Failing During Incident Response
Brad Garnett, Shelly Giesbrecht - Give Your SOC a SOUL
Alissa Torres - SANS SOC Survey: Results & Perspective
Chris Crowley - Panel - Apples & Oranges?: CompariSIEM
Chris Crowley, Craig Bowser, Justin Henderson, Dave Herrald - How to Nourish Your SOC with FOOD, Not FUD
My-Ngoc Nguyen - What the Follow, The Sun or The Stars?
Kevin Garvey - Hacking Your SOEL: SOC Automation and Orchestration
Rob Gresham - It's All About Your Assets: Inline Vulnerability and Event Management
David Hazar - The Healthy SOC: A Case Study
Richard Noel, Chad Sadosty - Lunch & Learn: Leveraging Orchestration to Facilitate Knowledge Transfer in Security Operations
DF Labs - What the CISO Really Wants Out of Your SOC
Russell Eubanks - Building the SecOps Use Case
Don Murdoch - Back to Basics: There Is No Security Without System Integrity
Scott Alldridge - Getting SecOps Foundations Right with Techniques, Tactics, and Procedures Zero (TTP0)
Rob Gresham, Ismael Valenzuela - How to Turn Your SOC into a Threat Hunting Tour de Force
Joe Moles - Burning Down the Haystack
Tim Frazier - The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard - Chris's Top Takeaways
Chris Crowley
- SANS ICS Europe Summit and Training 2018 (June 2018)
- Lessons From Implementation Projects
Michal Paulski, Accenture Security - The building blocks of good detection and response services for the ICS environment
Soren Egede Knudsen, Ezenta - Working with EU Directive: High Common Level of work & Information Security
Martin Apel - Building a successful ICS Cyber Security Programme
Markus Braendle, Airbus - A Real Cyber Physical Experience: Red Teaming on a Power Plant
Can Demirel, Biznet BiliĆim - When Standards and Regulations Are Not Enough - why industrial cyber security requires a different approach in the protection of critical infrastructures
Samuel Linares, ENISA - DIY Insider Threat Detection / Prevention Within ICS Environments
Dieter Sarrazyn, Secudea - The Human Factor in ICS - why is it important to create awareness?
Daniel Buhmann, Koramis GmbH - Critical Infrastructure Cybersecurity in a Turbulent Region
Andrew Bochman, National & Homeland Security,
- Lessons From Implementation Projects
- Cloud INsecurity Summit - Austin (June 2018)
- Summit Agenda
- Keynote: The State of Security in AWS: Lessons from the Field
Ben Hagen - Case Study: Netflix
Will Bengtson - Case Study: Riot Games
Mark Hillick - Case Study: Lyft
Stephen Woodrow - AWS Core Services and Applying Security Controls (Afternoon Panel)
Ben Hagen - Leveraging the AWS API (Afternoon Workshop II)
Ben Hagen
- Cloud INsecurity Summit - Washington DC (June 2018)
- Summit Agenda
- Keynote: The State of Security in AWS: Lessons from the Field
Ben Hagen - Case Study: Harvard University
Thomas Vachon - Case Study: Netflix
Will Bengtson - Case Study: Riot Games
Mark Hillick - Case Study: Lyft
Stephen Woodrow - AWS Core Services and Applying Security Controls (Afternoon Workshop I)
- Leveraging the AWS API (Afternoon Workshop II)
- DFIR Summit & Training 2018 (June 2018)
- Summit Agenda
- #DFIRFIT or Bust!: A Forensic Exploration of iOS Health Data
Sarah Edwards, Heather Mahalik - Windows Forensics: Event Trace Logs
Nicole Ibrahim - A Planned Methodology fro Forensically Sound Incident Response in Microsoft's Office 365 Cloud Environment
Devon Ackerman - Evidence Generation X
Lee Whitfield - Efficiently Summarizing Web Browsing Activity
Ryan Benson - Mac_apt: The Smarter and Faster Approach to macOS Processing
Yogesh Khatri - Case Study: ModPOS v. RawPOS - A Nerd's-Eye View of Two Malware Frameworks
Brandon Nesbit, Ron Dormido - Practice How You Play: Incident Response War Game (Workshop)
Matt Linton, Francis Perron, Ryan Pittman - A Process is No One: Hunting for Token Manipulation
Jared Atkinson, Robert Winchester - Keynote: Living in the Shadow of the Shadow Brokers
Jake Williams - $SignaturesAreDead =
Daniel Bohannon, Matthew Dunwoody - Finding & Decoding Malicious Powershell Scripts
Mari DeGrazia - Logging, Monitoring, and Alerting in AWS (The TL;DR)
Jonathon Poling - Things I Thought Were Ground Truth in Digital Forensics Until I Found Out I Was Totally Wrong - And What To Do About It Now
Cindy Murphy - Investigating Rebel Scum's Google Home Data
Phill Moore - Every Step You Take: Application and Network Usage in Android
Jessica Hyde - Automating Analysis with Multi-Model Avocados
Matthew Seyer - DNSplice: A New Tool to Deal with Those Super Ugly Microsoft DNS Logs
Shelly Giesbrecht - Advanced Power of the Pivot (Lunch & Learn)
DomainTools
- Automotive Cybersecurity Summit & Training 2018 (May 2018)
- Summit Agenda
- Lifting the Sheets on Automotive Embedded Control (Bonus Session)
Tim Brom - Security Considerations for Connected Autonomous Vehicles
Abe Garza - ISO/SAE 21434 WIP: Overview of Work to Create the First Standard for Automotive Cybersecurity
Angela Barber - Fortifying the Security Assurance Process Using Software Composition Analysis
Jason Gay - Automotive Critical Controls: A Mapping of CIS Critical Controls for Automotive Cybersecurity
Dave Bares - Assuring and Insuring Automotive Cyber Risk
Richard Billyeald - Large-Scale Attack Trees Applied to Connected Transport Systems: Case Studies
Ben Gardiner - Don't Reinvent the Wheel; Re-Use It
Rob Shein - Everything You Wanted to Know About Retail (But Were Afraid to Ask)
Lisa Plaggemier - Preparing for the Autonomous/Connected Vehicle Future: Los Angeles Case Study
Mike Lim - Smart Cities, and What They Mean to Smart Vehicles and Smart Infrastructure
Sid Snitkin - Deploying Uptane Onto Production Infrastructure
Allan Cain - Electric Vehicle Charging System Standards and Security
Craig Rodine - Connecting the Community: Auto-ISAC's Role in the Automotive Industry
Faye Francy - I Am, Therefore IR
Matt Mackay - Automotive Cybersecurity, the C-Suite, and You
Emilian Papadopoulos
- Blue Team Summit & Training 2018 (April 2018)
- Blue Team Summit 2018 Agenda
- Threat Hunting via Windows Event Logs
Eric Conrad - Employing Threat Continuous Testing to Improve Blue Team Visibility
Renato Marinho, Pedro Prudencio - Architecting for Detection
Nik Alleyne - PIE: A PowerShell Active Defense Framework for Phishing
Greg Foss - Into the Fire: Setting Up for Success
Frank McClain - Pack Hunting: Operational Threat Hunting as a Team
Andy Moore, Kristina Sisk - Winning with Whitelisting
Casey Smith - Stashing the SIEM: Saving Time Instead of Sinking It
Kevin Wilcox - Not in MY House!: Layer Alarming to Drive Detection Time to Zero
Mick Douglas - Choice Architecture for Security Practitioners
Chris Sanders - Raising the Bar for the Attacker (Or, You Can Have My Network When You Pry It From My Cold, Stiff Hands)
Greg Scheidel - Stop Searching Like It's 1999!: Save Time with Modern Filtering Techniques
Marc Jeanmougin - Detecting Persistence with the Kansa PowerShell Framework
David Crim - The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
John Hubbard - Roll Your Own Incident Response with PowerShell
Mike Lombardi - Intelligence-Driving Defense: Successfully Embedding Cyber Threat Intel in Security Operations
Ismael Valenzuela - WOULD YOU LIKE TO PLAY A (security) GAME?
Dave Herrald, Ryan Kovar
- ICS Security Summit & Training 2018 (March 2018)
- Summit Agenda
- Modern Malware Demands Modern Defense
Tim Conway, Robert M. Lee - The First Safety Instrumented System Malware: TRISIS
Joe Slowik, Jimmy Wylie - You're Probably Not Red Teaming (and Usually I'm Not, Either)
Deviant Ollam - Securing and Integrating Commercial Off-the-Shelf (COTS) Products for Industrial IoT
Jon Taylor - Sh*t Happens! (But You Still Need to Drink the Water)
Doug Short - Attack-Proof Facilities: Designing and Building in Safeguards Against Cyber Attack
Jim McGlone - Recent APT Campaign Targeting Energy Sector Assets
Jonathan Briney, Jonathan Homer - The Current and Next Generation CybatiWorks Hands-On ICS Models
Matthew E. Luallen - Future Challenges and Changes in Industrial Cybersecurity
Sid Snitkin - ICS Security in the Chemical Sector: Are We Really So Different?
Glenn Aydell - Safety First! Because Injuries Last (A Cybersecurity Perspective)
Fred Cohn - Better Security Lies Beyond Hope and Cyber Hygiene: An Introduction to INL's CCE Methodology
Andy Bochman, Daniel Noyes - Adventures in ICS Asset Identification: Physical Inspection Style
Dean Parsons - Measuring and Evaluating Cyber Risk in ICS Components, Products, and Systems
Ken Modeste - Jumping Air Gaps
Monta Elkins
- CyberThreat Summit 2018 (February 2018)
- Hunting Pastebin for Fun and for Profit
Kevin Breen
- Hunting Pastebin for Fun and for Profit
- Cloud Security Summit & Training 2018 (February 2018)
- Summit Agenda
- DevSecOps: Getting There from Here
Dave Shackleford - Build, Don't Buy: Enable Analytics, ML, and Forensics with a Security Data Lake on AWS
Eric Gifford - Stay in Control: How Moving to the Cloud Really Changes Your Security Requirements
Jeroen Vandeleur - Locking Down Your Cloud
Teri Radichel - SANS Survey: Cloud Security
Dave Shackleford - Cloud Security: Defense in Detail if Not in Depth (Analyst Paper)
Dave Shackleford - Pragmatic Cloud Security Patterns
Rich Mogull - All Your Cloud Are Belong to Us: Hunting Compromise in Azure
Nate Warfield - What Would FedRAMP Do?
John Pescatore - Forensics as a Service: IRDF in the Cloud
Toni de la Fuente - Addressing the Mismatch Between IT and Security in a Cloud-First World
Ben Johnson - Continuous Security: Monitoring & Active Defense in the Cloud
Eric Johnson - Reference Architecture for Identity and Access Management: Role Data Pattern Distribution in AWS
Chad Cloes, Brad Rambur - The Top 3 Risks of Migrating to Cloud
Andrew Hay - Cloud Access Brokers: Bridging the Gap
Dave Shackleford - Building a Defense Strategy for Cloud Workloads
Henrik Johannson - You Can't Secure What You Can't See: Visibility in the Cloud (Luncheon Presentation)
Tony Turner
- Cyber Threat Intelligence Summit & Training 2018 (January 2018)
- Cyber Threat Intelligence Summit 2018 Agenda
- Survival Heuristics: Techniques for Avoiding Intelligence Traps
Carmen Medina - There is MOAR to Structured Analytic Techniques Than Just ACH!
Rick Holland - I Can Haz Requirements?: Requirements and Cyber Threat Intelligence Program Success
Michael Rea - Intelligence Preparation of the Cyber Environment
Rob Dartnall - Event Threat Assessments: G20 as a Case Study for Using Strategic Cyber Threat Intelligence to Improve Security
Lincoln Kaffenberger - Hunting Hidden Empires with TLS-Certified Hypotheses
Dave Herrald and Ryan Kovar - Intelligent Hunting: Using Threat Intelligence to Guide Your Hunts
Keith Gilbert - Homemade Ramen & Threat Intelligence: A Recipe for Both
Scott Roberts - The Challenge of Adversary Intent and Deriving Value Out of It
Robert M. Lee - Legal Implications of Threat Intelligence Sharing
Jason Straight - Leveraging Curiosity to Enhance Analytic Technique
Chris Sanders - AlphaBay Market: Lessons from Underground Intelligence Analysis
Christy Quinn - Determining the Fit and Impact of Cyber Threat Intelligence Indicators on Your Monitoring Pipeline (TIQ-Test 2.0)
Alex Pinto - Upgrading Your Cyber Threat Intelligence to Track Down Criminal Hosting Infrastructures
Dhia Mahjoub - ElasticIntel: Building an Open-Source, Low-Cost, Scalable, and Performant Threat Intel Aggregation Platform
Matt Jane - Information Anarchy: A Survival Guide for the Misinformation Age
Rebekah Brown - Getting on the Same Page: Leveraging a Common Framework for Enhanced Intel Sharing
Jim Richberg
- European Security Awareness Summit & Training 2017 (December 2017)
- Program Guide
Lance Spitzer - Security Awareness is Dead; Long Live Security Awareness
Jessica Barker - Building a Security Awareness Community
Martine de Merwe - Ambassador Programs Workshop
Cassie Clark & Jessica Chang - Ambassador Programs Workshop (Labs)
Cassie Clark & Jessica Chang - International Security Awareness Programmes (Handout)
Angela Baudach - GDPR And Your Workforce
Brian Honan - Cyber Ready Game
Daria Catalui - Cyber Ready Game (Handout)
Daria Catalui - Turn Sceptics Into Advocates
David Porter - Turn Sceptics Into Advocates (Handout)
David Porter - Security Awareness Escape Rooms
Matthew House & Scot Fackler - Security Awareness Escape Rooms (Handout)
Matthew House & Scot Fackler - Security Awareness Card Games
Gauthier Bugeon - Security Awareness Skills
Louise Cockburn - Security Awareness Skills (Handout)
Louise Cockburn - A Socialtechnical Approach to Cybersecurity
NCSC - Phishing Workshop
Gavin Duffy - Phishing Workshop (Labs)
Gavin Duffy - How Not to Be a Techie in Awareness
Sue Wade - Engaging Leadership Through Gamification
Veerle Peeters - Offensive Security
Zoe Rose & David Prince - InfoSec Cultural Measurement
Lushin Premji
- Program Guide
- SIEM & Tactical Analytics Summit & Training (November 2017)
- SIEM & Tactical Analytics Summit 2017 Agenda
- Tactical Acceleration
Doug Burks - Lesser-Used Logs: Why We NEED to be Looking at Them
Mick Douglas - Modern Phishing Defeated by Plain Old Logs
Art Azarenko - Actionable Detects: Blue Team Cyber Defense Tactics
Seth Misenar - SIEMple Simon Met a WMIman (Updated November 2017)
Craig Bowser - Deploying Windows Advanced Auditing: Deploying One Incident Responder's Wish List of Events
Mike Lombardi - Exit Night, Enter Light
David Mashburn - Ten Holiday Gift Ideas for the SOC Who Has Everything
Dave Herrald, Ryan Kovar - Taking Your SIEM to the Next Level with Third-Party Tools and Scripts
Austin Taylor - QRadar Community Edition
Peter S14 - This is Not Your Grandfather's SIEM (Keynote)
Carson Zimmerman - Stashing the SIEM
Kevin Wilcox - Detecting Modern PowerShell Attacks with SIEM
Justin Henderson - Active Defense via a Labyrinth of Deception
Nathaniel "Q" Quist - Sinkhole all the Things!: Using a (DNS) Sinkhole to Detect and Respond to Malicious Activity
Stefan Hazenbroek - SIEMtervention (Panel)
Justin Henderson, Mick Douglas, John Hubbard, Ismael Valenzuela - Cracking the Upper Management Code
Kevin Garvey - The Most Dangerous Game: Hunting for Post-Exploitation Stage Attacks with the Elastic Stack and the MITRE ATT&CK Framework
John Hubbard - Open CNA Using rastrea2r and Machine Learning
Ismael Valenzuela
- Pen Test Hackfest Summit & Training 2017 (November 2017)
- Pen Test Hackest Summit Agenda 2017
- Hack Your Head
Tim Medin - How to Defend Against Penetration Testers...and Win
Paul Asadoorian - Using the Metasploit Hardware Bridge to Attack Non-Ethernet Systems
Craig Smith - Searching the Void: IPv6 Network Reconnaissance
Kevin Tyers - Being Offensive in the Workplace
Derek Rook - Introduction to Reverse Engineering for Penetration Testers
Stephen Sims - 2>1: Teaming Up for Social Engineering Adventures
Jen Fox - Emulating Adversary Tactics Safely
Robert M. Lee - Honey, Please Don't Burn Down Your Office
Ed Skoudis - Propelling Your Pen Test Career into the Next Decade
Josh Wright - Escaping Alcatraz: Breaking out of Application Sandboxed Environments
Kirk Hayes - Lies, Damn Lies, and Pen Tests
Tom Liston - WAF-aiki: Pen Test Techniques Against a Web Application Firewall
Greg Owen - Signal Safari: Investigating RF Controls with RTL-SDR
Katie Knowles - Beyond Scanning: Delivering Impact-Driven Vulnerability Assessments
Matthew Toussain
- Secure DevOps Summit & Training (October 2017)
- Summit Agenda
- Summit Agenda
- Demystified DevSecOps (Keynote)
Shannon Lietz - Demystified DevSecOps (Keynote)
Shannon Lietz - Scaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization
David Strauss - Scaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization
David Strauss - Automating Security in DevOps Pipelines
DJ Schleen - Automating Security in DevOps Pipelines
DJ Schleen - Forging Forensic Fortifications
Andrew Hay - Forging Forensic Fortifications
Andrew Hay - Secure DevOps in Regulated Environments: Balancing Speed, Cost, Feedback, and Control
Jim Bird - Secure DevOps in Regulated Environments: Balancing Speed, Cost, Feedback, and Control
Jim Bird - The Art of Securing 100 Products
Nir Valtman - The Art of Securing 100 Products
Nir Valtman - Security in the Cloud: AWS & Cloud Custodian
Kapil Thangavelu - Security in the Cloud: AWS & Cloud Custodian
Kapil Thangavelu - Secure DevOps: A Puma's Tail
Eric Johnson - Secure DevOps: A Puma's Tail
Eric Johnson - Continuous Security and DevOps: Three Keys for Modern Security Success
Frank Kim - Continuous Security and DevOps: Three Keys for Modern Security Success
Frank Kim - API Security: The Past, Present, and Future
Bernard Harguideguy - API Security: The Past, Present, and Future
Bernard Harguideguy - Anatomy of a Technological and Cultural Transformation
Matt Curry - Anatomy of a Technological and Cultural Transformation
Matt Curry - Preparing for Disaster by Integrating BCDR Principles into your DevOps Practice
Jeremy Heffner - Preparing for Disaster by Integrating BCDR Principles into your DevOps Practice
Jeremy Heffner - Pacing Security in the Surging World of Containers
Justin Smith - Pacing Security in the Surging World of Containers
Justin Smith - SDL Unicorns or Thoroughbreds: Application Security in DevOps
Hemanth Srinivasan - SDL Unicorns or Thoroughbreds: Application Security in DevOps
Hemanth Srinivasan - Practical Tips for Defending Web Applications in the Age of Agile/DevOps
Zane Lackey - Practical Tips for Defending Web Applications in the Age of Agile/DevOps
Zane Lackey
- SANS DFIR Prague Summit & Training 2017 (October 2017)
- Forensicating the Apple TV
Mattia Epifani & Claudia Meda - The Impact of the EU General Data Protection Regulation on Digital Forensics & Incident Response
Jason Jordaan - It's About Time!: The Only Timeline Tool You'll Ever Need
Jonathan Tomczak - The Hive: A Scalable Open Source and Free Incident Response Platform
Saad Kadhi - How was that Breach Detected?
Jeff Hamm - Tracking the Attackers' Account Activity
Chema Garcia - Windows Log Forensics to the Next Level: Powershell & WMI
Joe Slowik - (in)Secure Secret Zone
Dr. Francesco Picasso - Summit Programme Guide
- Forensicating the Apple TV
- Data Breach Summit & Training (September 2017)
- Summit Agenda
- Data Breaches: The U.S. Secret Service Perspective
R. Matthew Chevraux - Maintaining Confidentiality During an Investigation
Kristine Green - The Legal Intersection of IT and Privacy: Why IT and Legal Should be BFFs
Fredric E. Roth V - Fighting Ransomware Blindfolded
Renato Marinho - #RUR34DY: The State of Cyber Readiness
Trent Teyema - Managing Risk on Global Scale
James Burns & David Derigiotis - Data Breach Advanced Exercise Scenarios
- It's Not If But When: How to Create Your Cyber Incident Response Plan
Lucie Hayward & Michael Quinn - Data Breach Advanced Exercise - Incident Response Plan Guide (Kroll)
Lucie Hayward & Michael Quinn - The Hitchhiker's Guide to Data Breaches
Josh M. Bryant - The Financial Services Industry Speaks: Key Risk Management and Chief Privacy Officer Perspectives
Kimberly B. Holmes, Esq.; Patrice Brusko; Ethan Harrington - Now What? A Pragmatic Approach to Effective Breach Response for Leaders
Russell Eubanks - Equifax: Get the Facts
Lance Spitzner - Paying the Price: Selling Your CFO on Cybersecurity
Scott Kannry, Sian Schafle - Stories from the War Room: Lessons in Breach Communications
Andrew Liuzzi - Breach Response in a Crazy World
Matt Bromiley
- Security Awareness Summit & Training 2017 (July 2017)
- Know Your Enemy
Robert M. Lee - Phish Me, Phish You
Darren Lynch - Phishing Program Tips & Tricks
Tonia Dudley - Tailoring Lures to Your Target Audience
Ryan Cadwalader - Escape Rooms
FedEx Team - What do Cars and Beer Have to Do with Security Awareness?
Lisa Plaggemier - I Got More Games Than Milton Bradley: Incentivize Positive Change in Your Security Culture
Drew Rose - Getting it Right the First Time: Avoiding the Costs of a Bad Cybersecurity Hire
Max Shuftan - When is it Time to Reboot Your Awareness Program?
Cheryl Conley - Ambassador Programs
Cassie Clark, Jessica Chang, Christine Keung, Julia Knecht - Getting the Board on Board: Gaining Board Support for Your Awareness Program
Kevin Magee - Deploying a National Awareness Campaign
Tiffany Shoenike & Ben Flatgard - It Takes a Village: Hands-On Security Awareness
Taylor Lobb - Is Your ePublication Just Another Castaway on Unread Island?
Cathy Click - Safe Outside the Walls: The Home Visit Programme?
John Scott - How to Produce Funny & Engaging Videos
Jason Hoenich - Rock the Boat: Transforming Security Culture Through Innovation
Graham J. Westbrook - FBI PSA - Business Email Compromise
Federal Bureau of Investigation - FBI Download Resources
Federal Bureau of Investigation - The Security Awareness Community Has Spoken: What's the Word and What's Next?
American University's Kogod Cybersecurity Governance Center (KCGC) - Big Phish, Little Phish
Chrysa Freeman
- Know Your Enemy
- DFIR Summit & Training 2017 (June 2017)
- The Cider Press: Extracting Forensics Artifacts from Apple Continuity
Sarah Edwards and Heather Mahalik - The Forensics of Plagiarism - A Case Study in Cheating
Tim Ball, PhD - Mac Forensics: Looking into the Past with FSEvents
Nicole Ibrahim - Google Drive Forensics
Ashley Holtz - Your Eyes Can Deceive You: Implications of Firmware Trickery in Metamorphic Hard Drives
Courtney Webb - Boot What? Why Tech Invented by IBM in 1983 is Still Relevant Today
Christopher Glyer - Tracking Bitcoin Transactions on the Blockchain
Kevin Perlow - MAC Times, Mac Times, and More
Lee Whitfield - Beats & Bytes: Striking the Right Chord in Digital Forensics (Or: Fiddling with Your Evidence)
Ryan Pittman, Cindy Murphy, Matt Linton - Beats & Bytes White Paper
Pittman, Murphy, Linton - "Alexa, are you Skynet?"
Jessica Hyde, Brian Moran - Open-Source DFIR Made Easy: The Setup
Stephen Hinck and Alan Orlikoski - Incident Response in the Cloud (AWS)
Jonathon Poling - The Audit Log Was Cleared
Austin Baker, Jacob Christie - EXT File System Recovery
Hal Pomeranz - Japanese Manufacturing, Killer Robots, and Effective Incident Handling
Scott J. Roberts, Kevin D. Thompson - Deciphering Browser Hieroglyphics
Ryan Benson - Processing PCI Track Data with CDPO
David Pany - Know Your Creds or Die Tryin'
Chad Tilbury
- The Cider Press: Extracting Forensics Artifacts from Apple Continuity
- Security Operations Center Summit & Training (June 2017)
- Future SOC: SANS 2017 Security Operations Center Survey
Chris Crowley - Good vs Evil: Winning the Age-Old Battle
Doug Burks - Metrics for Justifying SOC Investment to the CEO and Board
John Pescatore - Survey SANS: Actionable Insights from the SANS SOC Survey
Chris Crowley - Stuck in the Box: A SIEM's Tale
Justin Henderson - Storyboard IR Methodology
Gregg Braunton - Siri for SOC: How an Intelligent Assistant Can Augment the SOC Team
Bobby Filar and Rich Seymour - Recipe for Continuous Security Improvement
Scott Alldridge - The Need for Investigation Playbooks in the SOC
Matias Cuenca-Acuna and Ismael Valenzuela - SIEMple Simon Met a WMIman
Craig Bowser - Inattentional Blindness (IB) & Security Monitoring
Ismail Cattaneo - Hunting Adversaries with "rastrea2r" and Machine Learning
Gabriel Infante-Lopez and Ismael Valenzuela - Color My Logs: Understanding the Internet Storm Center
Johannes Ullrich, PhD - Building the Cybersecurity Workforce We Need: Creating Piplines and Pathways Without Poaching
Arlin Halstead and Max Shuftan - SOCs for the Rest of Us
Dave Herrald and Ryan Kovar - DDoS Attacks in Action
Ben Herzberg
- Future SOC: SANS 2017 Security Operations Center Survey
- Automotive Cybersecurity Summit (May 2017)
- Building an Automotive Cybersecurity Testing Lab
Justin Montalbano - Closing the Gap
Kai Thomsen - If You Can't Hack It, You Don't Own It
Craig Smith - NMFTA Handout: Heavy Vehicle Cybersecurity Update
- Road to the Future
Karl Heimer - Using Formal Methods Tools to Improve Security in an Autonomous Military Truck
Dariusz Mikulski, Ph.D. - V2X Security and Privacy
Andre Weimerskirch - Your Car is Trying to Kill You, and Other Reality Checks
Corey Thuen - Applying Cybersecurity Processes to Autonomous Vehicles
Daniel Zajac - Heavy Vehicle Cybersecurity Update
Urban Jonson - Five Cs of the Future
Mike Assante - Auto-ISAC Executive Overview
Faye Francy - RKE (Key Fob) Attack Using Roll Jam Technique
Robert Leale - Safeguarding and Securing Automotive Manufacturing Systems
Jeff Smith - Electric Vehicle Cyber Research
Kenneth Rohde - Securing The Internet of BIG Things
Paul Bierdeman - Secure Product Design Lifecycle for Connected Vehicles
Lisa Boran
- Building an Automotive Cybersecurity Testing Lab
- Threat Hunting and IR Summit (April 2017)
- Hunting on AWS
Alex Maestretti and Forest Monsen - So Many Ducks, So Little Time
Michel Coene and Maxim Deweerdt - Threat Hunting in Security Operations
Chris Crowley - Biting into the Jawbreaker - Pushing the Boundaries of Threat Hunting Automation
Alex Pinto - The Myth of Automated Hunting and Case Studies in ICS-SCADA Networks
Robert M Lee - Toppling the Stack - Outlier Detection for Threat Hunters
David J. Bianco - Hunting Webshells on Microsoft Exchange Server
Josh Bryant - Keynote
Huntworld, Rob Lee - Enrich All the Things - The Future of Threat Hunting
Mark Kendrick - Framing Threat Hunting in the Enterprise
Joe Ten Eyck - Threat Hunting: From Fudd to Terminators
Heather Adkins - Real-Time Threat Hunting
Tim Crothers - ShimCache and AmCache Enterprise-Wide Hunting
Matias Bevilacqua - Sorry, but There is No Magic Fairy Dust
JJ Guy - Taking Hunting to the Next Level - Hunting in Memory
Jared Atkinson and Joe Desimone - The Mind of a Hunter - A Cognitive, Data-Driven Approach
Chris Sanders - Threat Hunting with Network Flow
Austin Whisnant - Deriving Successful Hunting Strategies with the Diamond Model
Sergio Caltagirone - Systemic Threat Hunting: Using Continuous Detection Improvement to Find Bad Things
Joe Moles and Jared Myers
- Hunting on AWS
- ICS Security Summit & Training - Orlando (March 2017)
- Disassembly and Hacking of Firmware Where You Least Expect It In Your Tools
Monta Elkins - Innovating a Brighter ICS Security Future
Mike Assante - Musings of a SCADA Engineer Turned ICS Security Architect
Sanford Rice - Secure SCADA Protocol for the 21st Century SSP21
J. Adam Crain - The 1990s Called They Want Their Technology Back How ICS is Still Using Paging Technologies
Stephen Hilt - ICS Security Lifetime Achievement Award Art Conklin
Ernie Rakaczky - Exploring the Unknown ICS Threat Landscape
Robert M Lee, Ben Miller - From Research to Reality RealWorld Applications of Threat and Vulnerability Data Analysis
Clint Bodungen, Vladimir Dashchenko - How the MISO Moved to Active Defense and Advanced in the Hunting Maturity Model
Jamie Buening - Incentivizing ICS Security The Case for Cyber Insurance
Jason Christopher - Operation BugDrop Stage 1 Cyber Reconnaissance in the Real World
David Atch - Top Down Purpose Based Cybersecurity
Colonel David E. Stone - USACE Control System Cybersecurity Program Prcoesses and Lessons from the Corps
Phillip Copeland, Gregory Garcia
- Disassembly and Hacking of Firmware Where You Least Expect It In Your Tools
- Cyber Threat Intelligence Summit & Training (January 2017)
- Hunting Threat Actors with TLS Certificates
Mark Parsons - Inglorious Threat Intelligence
Rick Holland - Integrating Cyber Threat Intelligence Using Classic Intel Techniques
Elias Fox and Michael Norkus - Location Specific Cyber Risk
Lincoln Kaffenberger and John Kupcinski - Reversing Threat Intelligence Fun with Strings in Malware
Ronnie Tokazowski - Using CTI to Profile and Defend Against the World's Most Successful Email Scam
Matt Bromiley - Beyond Matching - Applying Data Science Techniques to IOC-Based Detection
Alex Pinto - Knowing When to Consume Intelligence and When to Generate It
Robert M. Lee - The Threat Intel Victory Garden - Creating, Capturing, and Using Your Own Threat Intelligence Using Open Source Tools
Dave Herrald and Ryan Kovar - The Use of Conventional Intelligence Analysis Methodologies in Cyber Threat Intelligence
Rob Dartnall - Threat Intelligence at Microsoft - A Look Inside
Sergio Caltagirone - Pen-to-Paper and the Finished Report - The Often-Overlooked Key to Generating Threat Intelligence
Christian Paredes - Accurate Thinking - Analytic Pitfalls and How to Avoid Them
Kyle Maxwell - Effective Threat Intel Management
Aaron Shelmire - Using Intelligence to Heighten Your Defense
Jeremy Johnson
- Hunting Threat Actors with TLS Certificates
- Cloud Security Summit (January 2017)
- Are You Raising Your Internet Assets in a Bad Neighborhood?
Andrew Hay - Barbarians At The Gate(way)
Dave Lewis - Cloud Third-Party Risk Assessment
James Baker - Implementing and maintaining a DevSecOps approach in the cloud
George Gerchow - Launching a Highly-regulated Startup in the Cloud
Poornaprajna Udupi - Security as Code: The Time is Now
Dave Shackleford - Taking Control: Making Sense of the Critical Security Controls in the Cloud
Eric Johnson - Virtualization: Securitys Silver Bullet Lessons from Troy and Byzantium
Simon Crosby
- Are You Raising Your Internet Assets in a Bad Neighborhood?
- European Security Awareness Summit (November 2016)
- Summit Agenda
Summit Agenda - Lessons I Learned from my Dog (and Other Stories)
David Rimmer - Tag Me if You Can
Ido Naor - Speaker Handout
John Scott - But, I'm not a Target! How to Combat the Hidden Bias that Kills Your Awareness Programme
Jordan Schroeder - The Psychology of Information Security Culture
Leron Zinatullin - Baby steps - deep footprints: Building and launching your first security culture program
Magnus Solberg - Improve your results by applying accelerated learning
Martine van de Merwe - Using Gamification to Transform Security Awareness
Masha Sedova - Tackling CFO Fraud
Christopher Boyd - Passwords: Like You Never Knew Them Before
Per Thorsheim - Top Challenges and Solutions for SMEs
Simon Parkin - Industrial Defence In-Depth
Andrey Nikishin - How Do You Know If You're Doing Enough
David Zanetti, Jano Bermudes - Fail to Plan, Plan to Fail
Don Reynolds - The Stale Data Problem
Jason Larsen - Cyber Security Management in Diverse Industrial Control Systems Environments
Luis Parrondo - The ICS Cyber Kill Chain: Active Defense Edition
Robert M. Lee - The Auto Industry's Paradigm Shift^3
Kai Thomsen
- Summit Agenda
- Pen Test HackFest Summit & Training (November 2016)
- Building Your Own Kickass Home Lab
Jeff McJunkin - Everything you wanted to know..
John Strand - Go Ahead, Run Your Own Mail Server
Matt Linton - HTTP/2 & WebSockets Are Gonna Change the Pen Test World. Are You Ready?
Adrien de Beaupre - I Don't Give One IoTA
Larry Pesce - I'll Let Myself In
Deviant Ollam - Link to Demo
Raphael Mudge - Mining Meteor
Tim Medin - Agentless Post Exploita0on
Raphael Mudge - Six Degrees of Domain Admin
Rohan Vazarkar - When Offense, Defense, and Forensics Collide
Ed Skoudis - Your Fly is Open
Tom Liston - Ghost in the Droid
Josh Wright
- Building Your Own Kickass Home Lab
- DFIR Prague Summit & Training 2016 (October 2016)
- How To Rock With DNS
Joao Collier de Mendonca - Investigating Intrusions at Adversary Speed
Christopher Witter - iOS Forensics: Where Are We Now and What are We Missing?
Mattia Epifani and Pasquale Stirparo - I thought I Saw a Haxx0R
Thomas Fischer - "Invoke Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e'Tec'T 'Th'+'em' "
Daniel Bohannon - Targeted SOC Use Cases for Effective Incident Detection and Response
David Gray and Angelo Perniola - Volatility Bot
Martin G. Korman - DFIR Prague Summit & Training 2016 - Complete Archive
- How To Rock With DNS
- Data Breach Summit (August 2016)
- Incidents and Breaches: The Executive Management Decision-Making Process In Higher Education
Sam Segran - How to Determine the Significance of a Security Incident
Rick Kam, Meredith Phillips, and Erika Riethmiller - Legal Responsibilities for a Data Breach
Melissa K. Ventrone - Real Breach Stories from the Trenches
Ondrej Krehel - Relationship Management: Effectively Partnering with Your Cyber Insurer
David Hallstrom - Welcome to the Data Breach Summit
Ben Wright - Two Truths and a Lie, Data Breaches
Jeff Louie
- Incidents and Breaches: The Executive Management Decision-Making Process In Higher Education
- Security Awareness Summit & Training (August 2016)
- Summit Agenda
Summit Agenda - Developing a Culture of Security Awareness Based on Your Culture
Akshay Shetty - Motivating Staff to Join the Awareness Cause Part I
Angela Pappas - Motivating Staff to Join the Awareness Cause - What the Ambassador Pilot Taught Us
Angela Pappas - Building a Security Awareness Program
Angela Pappas - How to Build an Ambassador Program
Angela Pappas - Recipe for a Cyber Fest
Brenda Ianiro - Awareness Events
Cathy Click - Phishing Lessons - Learned for Handling Repeat Clickers
Cheryl Conley - From Ambassadors and Champions to Security Partners of the Month
Deana Elizondo - Exec Assistants: How to Hack Your Way Through the Corp Comms Jungle
Jason Hoenich - Building a Multimedia Awareness Program from Scratch with no Dough
Jennifer Kimberly - The Race for CyberTalent - Finding and Keeping the Talent You Need
Jim Michaud - Speaker Handout
John Scott - Old Becoming New Again
Julie Rinehart - Using OneNote
Lori Rosenberg - Back it Up - The Roadmap in Reverse
Mary Dziorny - Partnering in Education and Awareness
Michael Kaiser, NCSA - Creating an InfoSec Brand and Mascot
Nastassia Tamari - Guess The Security Gap
Rick Phillips - Guess the Security Gap Final Flyer
Rick Phillips - Guess The Security Gaps: Visual Clues
Rick Phillips - Workplace Security Instructions
Rick Phillips - Securing the Human Chapters (Some Assembly Required)
Terri Cihota
- Summit Agenda
- Digital Forensics & Incident Response Summit (June 2016)
- All About that (Data)Base
Matt Bromiley and Jacob Christie - Analyzing Dridex, Getting Owned by Dridez, and Bringing in the New Year with Locky
sudosev - CryptoLocker Ransomware Variants are Lurking In the Shadows; Learn How to Protect Against Them
Ryan Nolette - Defending a Cloud
Troy Larson, Microsoft Security Response Center - Azure - Deleted Evidence - Fill in the Map to Luke Skywalker
David Pany and Mary Singh - Dive into DSL - Digital Response Analysis with Elasticsearch
Brian Marks and Andrea Sancho Silgado - Expanding the Hunt - A Case Study in Pivoting Using Passive DNS and Full PCAP
Gene Stevens and Paul Vixie - FLOSS Every Day - Automatically Extracting Obfuscated Strings from Malware
William Ballenthin and Moritz Raabe - Hadoop Forensics
Kevvie Fowler - Hello Barbie Forensics
Andrew Blaich and Andrew Hay - Incident Response Playbook for Android and iOS
Andrew Hoog - iOS of Sauron - How iOS Tracks Everything You Do
Sarah Edwards - Leveraging Cyber Threat Intelligence in an Active Cyber Defense
Robert M. Lee and Erick Mandt - Plumbing the Depths - Windows Registry Internals
Eric Zimmerman - Potential for False Flag Operations in the DNC Hack
Jake Williams - Puzzle Solving and Science - The Secret Sauce of Innovation in Mobile Forensics
Crowley, Hoog, Leong, Mahalik, and Murphy - Rising from the Ashes - How to Rebuild a Security Program Gone Wrong...with Help from Taylor Swift
Shelly Giesbrecht and Mike Hracs - Rocking Your Windows EventID with ELK Stack
Rodrigo Ribeiro Montoro - Seeing Red - Improving Blue Teams with Red Teaming
- Start-Process PowerShell - Get Forensic Artifact
Jared Atkinson - stoQ'ing Your Splunk
Ryan Kovar and Marcus LaFerrera - To Automate or Not to Automate - That is the Incident Response Question
Brian Carrier - Tracking Threat Actors through YARA Rules and Virus Total
Kevin Perlow and Allen Swackhamer - Trust but Verify - Why, When and How
Mari DeGrazia - UAV Forensic Analysis
David Kovar - Using Endpoint Telemetry to Accelerate the Baseline
Keith McCammon - What Does my SOC Do - A Framework for Defining an InfoSec Ops Strategy
Austin Murphy - What Would You Say You Do Here - Redefining the Role of Intelligence in Investigation
Rebekah Brown, Rapid7 - Who Watches the Smart Watches
Brian Moran
- All About that (Data)Base
- Security Operations Center Summit & Training (May 2016)
- A Belichickian Approach to Security Operations
Justin Grosfelt and Tom Needham - Applying Data Mining Techniques to Identify Malicious Actors
Balaji Balakrishnan - Arbor Networks Spectrum
- Assessing and Securing for Cyber Threat Intelligence
James Billingsley and Rob Gresham - Depth Charges
Donald Warnecke - Enterprise Defense Vs. Security Monitoring and Response in the cloud
Garrett Schubert - Hiring and Firing a SOC
David Nathans - Judo Threat Intelligence
Frank Angiolelli - Security vs Ops Briding the Gap
Craig Bowser - SOC V. SIC
Mary Chaney - Onapsis: The CISO Imperative Taking Control of SAP Cyberattacks
- Preventing the Vicious Cycle of Security Failure by Addressing Root Cause
Ismael Valenzuela - Keeping Your SOCs Full
Jim Michaud
- A Belichickian Approach to Security Operations
- Threat Hunting and Incident Response Summit (April 2016)
- A Longitudinal Study of the Little Endian That Could
Andrew White - Casting a Big Net: Hunting Threats at Scale
Paul Jaramillo and Reed Pochron - Collecting and Hunting for Indications of Compromise with Gusto and Style!
Ismael Valenzuela - Detecting and Responding to Pandas and Bears
Christopher Scott and Wendi Whitmore - DIY DNS DFIR: You're Doing it WRONG
Andrew Hay - Hunting and Dissecting Weevely
Kiel Wadner - Hunting as a Culture (HaaC)
Ben Johnson - Hunting on the Cheap
Jamie Butler, Andrew Morris, and Anjum Ahuja - Hunting Your Memory
Heather Adkins - Must Collect IOCs... Now What?!
William M. Phillips IV - APT Hunter: "Enabling the hunt for abnormalities"
Hao Wang and Joshua Theimer - Threat Hunting Survey Results Preview
Rob Lee - The Remediation Ballet
Matt Linton - Threat Hunting, Defined
Bamm Visscher - To Catch an APT: YARA
Jay DiMartino - Train Like You Fight
Casey Smith - Using Open Tools to Convert Threat Intelligence into Practical Defenses: A Practical Approach
James Tarala - Threat Hunting and Incident Response Summit - Complete Archive
- A Longitudinal Study of the Little Endian That Could
- ICS Security Summit & Training - Orlando (February 2016)
- Car Wars: Episode I: Hacker Menace
Matt Carpenter - Connectivity Surprise Factor: What's in your ICS?
Doug Wylie - Critical Infrastructure ICS Attack Targeting
Jason Dely and Jeff Gellner - Cyber Security: How Much Is Enough?
Michael H. Firstenberg - ICS Sec for n00bz: An Introduction to ICS Security by Defending the Death Star
Kara Turner - Industry 4.0
Mike Assante, David Foose, Ernie Hayden, and Bryan Owen - No Stone Unturned: Stories from the Aftermath of Cyber Incidents
Bryan S. Owen - Physical Protection of Critical Electric Infrastructure
Securicon - Powering Up Your ICS Knowledge in as Easy as 4-5-6
Tim Conway - So You've Just Been Asked to Brief the Board of Directors on Cybersecurity
Alan Paller - The ICS Cyber Kill Chain: Active Defense Edition
Robert M. Lee - The View from the ICS Wall
Tom VanNorman - Whats the DFIRence for ICS?
Chris Sistrunk - It's My Job To Secure Our Control Systems: Should I Patch?
Dale Peterson - Why does the Ukrainian power outage news still get so much attention?
Walter Sikora
- Car Wars: Episode I: Hacker Menace
- Cyber Threat Intelligence Summit & Training (February 2016)
- An End User's Perspective on the Threat Intelligence Industry
Rohan Amin - Anticipating Novel Cyber Espionage Threats
John Hultquist - Borderless Threat Intelligence: Proactive Supply Chain Monitoring for Signs of Compromise
Jason Trost and Nicholas Albright - Community Intelligence & Open Source Tools: Building an Actionable Pipeline
Scott J. Roberts - Cyber Threat Intelligence: Maturity and Metrics
Mark Arena - Data - Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
Alex Pinto - Data Mining for Fun and Profit: Building an Historical Database of Adversary Information
John Bambenek - DomainTools Iris Datasheet
- Multivariate Solutions to Emerging Passive DNS Challenges
Dr. Paul Vixie - Plumbing's Done! Now What Do We Do With All This Water?
Richard Struse - SIX YEARS OF THREAT INTEL: Have we learned nothing?
David Bianco - The Levels of Threat Intelligence
Michael Cloppert - There Can Be Only One!: Last CTI Vendor Standing Pitch
Mark Kendrick and Jess Parnell - The Revolution in Private Sector Intelligence
Richard Bejtlich - Threat Intelligence Awakens
Rick Holland - We Have the Technology; We Can Rebuild Him
Rich Barger and Rob Simmons - YOU'VE GOT 99 PROBLEMS AND A BUDGET'S ONE
Rebekah Brown - Cyber Threat Intelligence Summit & Training 2016 - Complete Archive
- An End User's Perspective on the Threat Intelligence Industry
- Pen Test Hackfest Summit & Training (November 2015)
- Car Wars: Episode I: Hacker Menace
Matt Carpenter - DLL Hijacking Like a Boss!
Jake Williams - DLP Fail! Using Encoding, Steganography and Covert Channels to Evade DLP and other Critical Controls
Kevin Fiscus - Drones for PenTesting?
Larry Pesce - Evading Defenses with Acidrain, Powershell, Github and Pastebin
Mike Poor and Jay Beale - Evil DNS Tricks
Ron Bowes - Flying a Cylon Raider
Raphael Mudge - From Salmon to Scarlet: Getting The Most Out of The Many Shades of Red
Ed Skoudis - Hacking Ugly
Tom Liston - IoT Devices Fall Like Backward Capacitors
Joshua Wright - My password cracking brings all the hashes to the yard..
Larry Pesce - What Goes In, Must Come Out: Egress-Assess and Data Exfiltration
Christopher Truncer and Stephan Borosh
- Car Wars: Episode I: Hacker Menace
- DFIR Prague Summit & Training 2015 (October 2015)
- Back to the Future with Document Malware
Tyler Halfpop - Windows Phone 8 Case Study: Forensic Artifacts & Challenges
Cindy Murphy and Mattia Epifani - Exchange Forensics for Incident Response
Owen O'Connor - New Generation Timelining
Daniel White - ReVaulting
Francesco Picasso - Temet Nosce: Know Thy Endpoint Through and Through
Thomas V. Fischer - The Fool, The BeEF and The Butcher
Pasquale Stirparo - There's Something About WMI
Christopher Glyer and Devon Kerr - DFIR Prague Summit & Training 2015 - Complete Archive
- Back to the Future with Document Malware
- SANS ICS Amsterdam Summit & Training 2015 (September 2015)
- Integrating ICS Safety and Security
Anna Ellis - Deconstructing ICS Cyber A3acks And Lessons Learned
Robert M. Lee - Industrial revolution 4.0
Andrey Nikishin - Exercise Is Good For You
Elliot Atkins - ICS Security Survey 2015 Highlights
Derek Harp - Developing Situational Awareness for Industrial Control System Networks
Jarkko Holappa - Don't Forget the People
A. Jones & E. Selvina - Modeling Hard vs Measurement Hard
Jason Larson - ICS Security Rapid Digital Risk Assessment
Dieter Sarrazyn - Maturity assessment on Cybersecurity for critical infrastructures
Dr. Thieyacine Fall - Maturity assessment on Cybersecurity for critical infrastructures #2
Dr. Thieyacine Fall - Im Watching My ICS, Now What Do I Do?
Rob Caldwell - Harnessing Industrial Control Systems Security in a Global Organization
Maarten Oosterink
- Integrating ICS Safety and Security
- Security Awareness Summit & Training (August 2015)
- Summit Agenda
Summit Agenda - How Story Can Change Behavior
Bridget Brown - Extending Your Human Sensor Network: Measurable Threat Defense
Ellen Powers - Branding Security: The Heart of Your Security Awareness Program
Judy Forrest - Information Security Awareness Communication
Rhonda Kelly - The What, The Why and The How of Learning: Building a Learning Architecture
Lisa Murray-Johnson - Enabling The Human: Using Gamification to Transform Security Mindset of an Organization
Masha Sedova
- Summit Agenda
- Cyber Defense Summit & Training (August 2015)
- Adaptive Monitoring and Detection for Today's Landscape
Jamie Murdock - Building a Security Operations Center
Randy Marchany - How Not to Fail at Cyber Defense
Mark Burnette - Game Changer: Identifying and Defending Against Data Exfiltration Attempts
Ismael Valenzuela - Logrythm's Security Intelligence Platform
- Offense Must Inform Defense: Why Proper Incident Response is SO Important!
Jonathan Ham - Today's Threat Landscape
Ken Swain - Views from the IR Trenches: SANS 2015 Incident Response Survey Results
Alissa Torres - Maturing and Specializing: Incident Response Capabilities Needed
Alissa Torres - Network Security and Operations When the Network is Already Compromised
Dr. Eric Cole - The Power of the Human Shield in Cyber Defense
David Cawley - Quick Win, Industry Agnostic, SIEM Dashboards
Craig Bowser - Surprisingly Successful: What Really Works in Cyber Defense
John Pescatore - Surfacing Critical Cyber Threats Through Security Intelligence
Christopher Petersen
- Adaptive Monitoring and Detection for Today's Landscape
- European Security Awareness Summit (July 2015)
- Summit Agenda
Summit Agenda - A New Approach to Transforming Security Behaviour
Angela Sasse - Spotting Them is Never Easy
Cheryl Conley - ENISA CERT Training Programme
Daria Catalui - Behaviour Modelling Using Cognitive Frameworks
Geordie Stewart - Creating a Security Champions' Network at Diageo
John Haren - The What, The Why and The How of Learning: Building a Learning Architecture
Lisa Murray-Johnson
- Summit Agenda
- Digital Forensics & Incident Response Summit (July 2015)
- Digital Forensics - The Human Cost
Lee Whitfield - Forensic Analysis of sUAS aka Drones
David Kovar - Gaining Control of Incident Costs
Jim Raine (Bit9) - In the Lair of the Beholder - Extrusion Detection in 2015
Kyle Maxwell - Investigation and Intelligence Framework
Alan Ho and Kelvin Wong - No SQL Forensics What to Do with No Artifacts
Matt Bromiley - Plumbing the Depths Shell Bags
Eric Zimmerman - Power Shelling Through the Timeline
Jon Turner - Scaling Incident Response From a 1-Person Shop to a Full SOC Carrier
Moran, McClain, Wallace - Theres Something About WMI
Devon Kerr - Think Again Are We Doing it Wrong
Jordi Sanchez - This Isn't Your Father's Remediation
Wendi Rafferty and Christopher Scott - Threat Analysis of Complex Attacks
Dmitry Bestuzhev - Toward Forensicator Pro Bringing a DevOps Mindset to DFIR to Produce an Assistive Toolchain CADFIR
Barry Anderson - Ubiquity Forensics Your iCloud and You
Sarah Edwards - Walk Softly and Carry 26 Trillion Sticks
Andrew Hay - Windows 8 SRUM Forensics
Yogesh Khatri - Windows Phone 8 Forensic Artifacts and Case Study
Cindy Murphy - Digital Forensics and Incident Response Summit 2015 - Complete Archive
- Digital Forensics - The Human Cost
- Security Operations Center Summit & Training (April 2015)
- 10 Biggest Mistakes in Implementing Continuous Monitoring
Ismael Valenzuela - After the Breach: 4 Years of Lessons Learned
Garrett Schubert - Building extended teams For Security Operations (Win executive support)
David Nathans - Building a Security Operations Center
Randy Marchany - Building the Team for a Successful SOC
Donald Warneck - Security Operations Center (SOC) Certification Overview
Courtney Imbert and Jeff Pike - Extreme Makeover: Metrics Edition
Mary N. Chaney - Gaining and Maintaining Support for a SOC
Jim Goddard - Hunting Your Adversary How to Operate and Leverage an Incident Response Hunt Team
Rob Lee - False Positive Reduction
Michael Cloppert - Key Strategies for Running a World-Class Security Operations Center
Dr. Eric Cole - Metrics: Beyond ROI
Shawn Chakravarty & Kevin Tyers - Threat Detection & Response: Control Point Management
Nancy Thompson - Quick Win, Industry Agnostic, SIEM Dashboards
Craig Bowser
- 10 Biggest Mistakes in Implementing Continuous Monitoring
- 10th Annual ICS Security Summit (February 2015)
- Stuxnet and Beyond: The Age of Cyberwarfare
Kim Zetter - Condition-Based Kill Chains and the Maturity of Next-Gen Attackers
Mark Fabro and Matt Carpenter - Security Transformation for Industrial Control Environments
KMPG LLP - Cybersecuring DoD Industrial Control Systems One Year Later....
Michael Chipley - Cybersecurity Procurement Language for Energy Delivery Systems
ESCSWG - Developing an Industrial Controls Security Framework
Ernie Hayden - Emerging Solutions for Evolving Threats Panel
- Fides SCADA Anomaly Detection System Has Your Six
Dennis Murphy - Harmonizing ICS Security and Compliance Panel
- ICS Active Defense
Robert M. Lee - Live ICS Attack Demonstration
David Lawrence, Steve Lusk, Tim Collins, and Nick Saunders - Managing Risk in the Supply Chain Panel
- Missing the Obvious: Network Security Monitoring for ICS
Chris Sistrunk and Rob Caldwell - Gaming your Career: Using Online Challenges to Develop Yourself and Your Career
Tim Medin - Project SHINE (SHodan INtelligence Extraction)
Bob Radvanovsky - System-Wide Cybersecurity Failures: Are We Entering a New Phase? Panel
- Dragonfly: Energy Companies Under Sabotage Threat
Symantec Security Response
- Stuxnet and Beyond: The Age of Cyberwarfare
- Cyber Threat Intelligence Summit & Training (February 2015)
- A Case Study in Competing Hypotheses
Mike Cloppert, Lockheed Martin - Big Data Big Mess
Sound Risk Intelligence Through Complete Context (SurfWatch Labs) - Cyber Risk Report December 2014
SurfWatch Labs - Cyber Threat Intelligence SANS360
- DNS As a Control Point for Cyber Risk
Dr Paul Vixie, Farsight Security - From Threat Intelligence to Defense Cleverness - A Data Science Approach
Alex Pinto, Niddel - Maltego Kung Fu Exploiting Open Source Threat Intelligence
Matt Kodama, Recorded Future - Reconciling Objective Data with Analytical Uncertainty
Ruth Cuddyer, Lockheed Martin CIRT - Results and Analysis of the SANS 2014 Analytics and Intelligence Survey
Mike Cloppert - Taming Your Indicator Consumption Pipeline
Ryan Stillions, Vigilant LLC - The Most Dangerous Game - Hunting Adversaries Across the Internet
Kyle Maxwell, Verisign iDefense and Scott Roberts, GitHub - Tumble, Twiddle, Spin and Roll the Black Hat - Incorporating CTI into Security Assessment Programs
Michael Willburn - Cyber Threat Intelligence Summit & Training 2015 - Complete Archive
- State of Cyber Threat Intelligence Address
Rick Holland, Forrester Research
- A Case Study in Competing Hypotheses
- Pen Test Hackfest Summit & Training (November 2014)
- Crazy Sexy Hacking
Mark Baggett - Hacking in Meatspace
Matt Linton - How to Give the Best Pen Test of Your Life
Ed Skoudis - How I Ruled the the Worl^Hd
Joshua Wright - Attacking Kerberos
Tim Medin - Penetration Testing Is Dead! (Long Live Penetration Testing!)
Katie Moussouris - Pentesting Web Frameworks
Justin Searle - Secret Pen Testing Techniques Part 2
David Kennedy - The State of the Veil Framework
Will Schroeder and Christopher Truncer - Use of Malware by Penetration Testers
Wesley McGrew
- Crazy Sexy Hacking
- DFIR Prague Summit & Training 2014 (September 2014)
- Collaborative Timeline Analysis in Large Incidents
Johan Berggren - DFIR Prague 2014 Programme Agenda
- Finding the Needle in the Haystack with FLK
Christophe Vandeplas - Forensic Analysis of MySql DB Systems
Marcel Niefindt - Give Me the Password and I'll Rule the World
Francesco Picasso - One Location to Rule Them All
Pasquale Stirparo - Rekall Memory Forensics
Michael Cohen - Tor Forensics on Windows OS
Mattia Epifani - Windows Shellbags Forensics in Depth
Vincent Lo
- Collaborative Timeline Analysis in Large Incidents
- SANS ICS Amsterdam Summit & Training 2014 (September 2014)
- Attacking Critical Infrastructure
Justin Searle - Smart Grid Security: A roadmap
Klaus Kursawe - 10 Steps on the Road to a Successful Cyber Security Program
Markus Braendle - The RIPE Cyber Security and Robustness Program
Ralph Langner - The Heartbleed Bug and Its Buddies: Where They Come From and How to Get Rid of Them
Rauli Kaksonen - You Dont Know What You Cant See: Network Security Monitoring in ICS
Rob Caldwell - BACnet Security & Smart Building Botnets
Steffen Wendzel - Patch Management in Smart Grids the challenge in patching large SCADA/EMS/DMS systems
Sebastian Ranft - BACnet Security & Smart Building Botnets
Steffen Wendzel - Cyber Security, or Cyber Safety Culture? Convert the weakest link into the force
Slava Borilin
- Attacking Critical Infrastructure
- Cyber Defense Summit & Training (August 2014)
- Antivirus is NOT Dead
Mike Murr - Back to the Basics
Dr. Eric Cole - Cyber Exploits: Improving Defenses Against Penetration Attempts
Mark Burnette - Delivering Security From The Cloud: Turning a Risk into a Weapon
John Pescatore - Developing Cyber Threat Intelligence... or not failing in battle.
Adrien de BeaupreÌ - Identifying Targeted Attacks
Matt Hastings - SANS Incident Response Survey Incident Techniques and Processes: Where We Are in the Six-Step Process
Alissa Torres - Its (Always) About the Money
Peter Kuper - Mind the Gap: Building a Bridge From Intrusion to Dection
Bart Hopper - OODA Security
Kevin Fiscus - Prevent, Detect, Respond
Dr. Eric Cole - Human Metrics: Measuring Behavior
Lance Spitzner - Will The Real Next Generation Security Please Stand Up?
John Pescatore
- Antivirus is NOT Dead
- Digital Forensics & Incident Response Summit (June 2014)
- 10 Ways to Make Your SOC More Awesome
Shelly Giesbrecht - Anatomy of a Breach - The Lifecycle of Cyber Crime
Jonathan Spruill - Automating Linux Memory Capture
Hal Pomeranz - Best Finds for 2014
David Cowen and Matthew Seyer - BlackBerry Forensic Nuggets
Shafik Punja and Cindy Murphy - Closing the Door on Web Shells
Anuj Soni - Don't Drop That Table - A Case Study in MySQL Forensics
Jeff Hamm - Don't Let Your Tools Make You Look Bad
Troy Larson - Forensic 4cast Awards
Lee Whitfield - Incident Response Patterns
Kyle Maxwell and Kevin Thompson - Modern Incident Response
JJ Guy - Peeling the Application Like An Onion
Lee Reiber - Pillars of Incident Response
Brandie Anderson - Public Research - Influencing Change in DFIR Tools
Dan Pullega - Reverse Engineering Mac Malware
Sarah Edwards - Supersize Your Internet Timeline with Google Analytic Artifacts
Mari DeGrazia - Targeted Campaign Analysis and Tracking
Christopher Witter - To Silo or Not to Silo
Frank McClain - USB Devices and Media Transfer Protocol
Nicole Ibrahim - Why Hunt When You Can Seine
Dave Hull - Windows 8 File History Analysis
Kausar Khizra and Nasa Quba - SANS 360
- 10 Ways to Make Your SOC More Awesome
- 9th Annual ICS Security Summit (March 2014)
- Bridging the Security Governance Divide in Utilities
Andy Bochman - Building Security Into ICS/SCADA Products
George Wrenn - Energy Sector Control Systems Working Group
Ed Goff - Information and Communication Technology (ICT) Supply Chain Security
Nadya Bartol - Just Trust me! Internet Enabled Devices with Integrity
Stacy Cannady - NIST Cybersecurity Framework Implementation
Jason D. Christopher, Ed Goff, and Nadya Bartol - Cybersecuring DoD Industrial Control Systems
Michael Chipley - Cybersecuring DoD Industrial Control Systems
Michael Chipley - So Easy a Child Could Do It: Teaching Your Management About SCADA
Rob Lee - Surviving the ICS Vulnerability Avalanche
Eric Byres - The SCADA That Didn't Cry Wolf: Who's Really Attacking Your SCADA Devices
Kyle Wilhoit - NextGen Performance and Cyber Protection In YOUR WORLD
Michael Seymour - Whats all the fuzz about?
Adam Crain and Chris Sistrunk
- Bridging the Security Governance Divide in Utilities
- SANS Cyber Threat Intelligence Summit (February 2014)
- Agile Defensive Technologies
Robert Johnston - Building an Effective Corporate Cyber Threat Intelligence Practice
Greg Rattray - Cyber Threat Intelligence 360
- Emergent Ideas in Cyber Threat Intelligence
Mike Cloppert - Leveraging File Artifacts for Threat Intelligence
David Dorsey - Moving from SIEM to Security Analytics Evolution or Starting Over Panel
- Recent Threat Trend Analysis
Scott Montgomery - The Diamond Model for Intrusion Analysis A Primer
Andy Pendergast - The Dollars and Sense Behind Threat Intelligence Sharing
Rich Barger - Threat Intelligence Buyers Guide
Rick Holland - Threat Intelligence for Incident Response
Kyle Maxwell
- Agile Defensive Technologies
- AppSec 2014 (February 2014)
- Building a Content Security Policy (CSP)
Eric Johnson - DevOps, CI, APIs, Oh My
Matt Tesauro - Legends - Security Awareness Myths and Their Realities
Kevin Johnson - REST Security by Example
Frank Kim - What Star Trek TNG Can Teach Us About the Future of Computer Security
RSnake Hansen
- Building a Content Security Policy (CSP)
- Asia Pacific ICS Security Summit & Training (December 2013)
- 10 Steps on the Road to a Successful Cyber Security Program
Dr. Markus Braendle - Absence of the Normal, Presence of the Abnormal
Tim Harwood - Dream Team: Building the perfect ICS Team
Tyler Williams & Paul Piotrowski - Codenomicon
Kai Jalonen - Compass for the Compliance World
Tim Conway - Cyber Attack Video Link
- Global Industrial Cyber Security Professional GICSP
- ICS Attack Surfaces
Dr. Eric Cole - ICS Security Innovation
Mike Assante - Innovation in Industrial Perimeter Security
Lior Frenkel - SCADA Security Assessment Methodology, The Malaysia Experience
Muhammad Reza Shariff - SMART Security: Strengthening Information Protection in your ICS
Charles Liang - The Good, the Bad and the Ugly
Graham Speake - The State of Control System Security in Japan
Diasuke Noguchi - When a SOC is more than a SOC
Christina Kubecka
- 10 Steps on the Road to a Successful Cyber Security Program
- SANS Pen Test Hackfest Training Event and Summit (November 2013)
- Android Application Assessment
Christopher Crowley - Anti-virus No Thanks
Mark Baggett - Retina Network Security Scanner
- Getting Creative - A story of thinking outside of the box...
David Kennedy - grok
- Hacking ASP.Net: Tips and Tricks
James Jardine - How Not to Suck at Penetration Testing
John Strand - How to Build a Completely Hackable City in Five Steps: And Why You Should Build Your Skills in this Arena
Ed Skoudis - Offense in Depth
Raphael Mudge - Pentesting with Metasploit
Josh Abraham - Post Exploitation Operations with Cloud Synchronization Services
Jake Williams
- Android Application Assessment
- SANS Forensics Prague Summit & Training 2013 (October 2013)
- Applications Credentials Harvesting from Android Memory
Pasquale Stirparo - Blue Team Perspectives
David Kovar - Catching Bayas on the wire
Ismael Valenzuela - Cloud Storage Forensics
Mattia Epifani - EVTXtract
Willi Ballenthin - Exchange in the Cloud - Investigative and Forensic Aspects of Office 365
Owen O'Connor - Expert Witness Testimony
Prickaerts - Hypervisor Memory Forensics
Mariano Graziano and David Balzarotti - New School Forensics
Chad Tilbury - Open Source Tools for Mobile Forensics
Mattia Epifani - Proc Dot Visual Malware Analysis
Christian Wojner - SANS 360 ICS Forenscis
Rob Lee - Underwater Mobile Forensics
Arturo Rodriguez Olmedo - Week in the Life of a DFIR
Elizabeth Schweinsberg - Your Workflow is NOT my workflow
Joachim Metz - Acquisition and Analysis of iOS Devices
Mattia Epifani - Common analysis Mistakes and Pitfalls
Christian Prickaerts
- Applications Credentials Harvesting from Android Memory
- Digital Forensics & Incident Response Summit 2013 (July 2013)
- 7 Sins of Malware Analysis
Dominique Kilman - A Day in the Life of a Cyber Tool Developer
Jonathan Tomczak - Autopsy 3 Extensible Open Source Forensics
Brian Carrier - Building, Maturing & Rocking a Security Operations Center
Brandie Anderson - Cyber Nightmares - Red October & Shamoon
Harold Rodriguez - Detecting Data Loss from Cloud Synchronization Applications
Jake Williams - Facilitating Fluffy Forensics
Andrew Hay - File System Journaling Forensics Theory, Procedures and Analysis Impacts
David Cowen with Matthew Seyer - Finding Malware Like Iron Man
Corey Harrell - Forensic 4Cast Awards
Lee Whitfield - Hunting Attackers with Network Audit Trails
Tom Cross and Charles Herring - ICS, SCADA and Non-Traditional Incident Response
Kyle Wilhoit - Johnny AppCompatCache - the Ring of Malware
Brice Daniels and Mary Singh - Mining for Evil
John McLeod Mike Pilkington - My Name is Hunter - Ponmocup Hunter
Tom Ueltschi - Offense Informs Defense - Or Does It
Jeff Brown - Open Source Threat Intelligence
Kyle Maxwell - Plaso - Reinventing the Super Timeline
Kristinn Gudjonsson - Proactive Defense
Jason Geffner - Volatile IOCs for Fast Incident Response
Haruyama - DFIR SANS360
- 7 Sins of Malware Analysis
- AppSec 2013 (April 2013)
- A Decade of Web Application Security What have we learned
Jason Kent - Compliance Security and Innovation Can They Co-Exist
Josh-Brown White - Do you have a Scanner or do you have a Scanning Problem
Dan Cornell - Mobile Security2013 Phenomenal Cosmic Power Itty Bitty Living Space
Joel Scambray - Testing at Cloud Speed
Matt Tesauro
- A Decade of Web Application Security What have we learned
- What Works in Cyber Threat Intelligence Summit (March 2013)
- Intelligence-Driven Security
Adam Meyers, CrowdStrike - Better Tools Through Intelligence, Better Intelligence through Tools
Reid Gilman, MITRE - Leveraging CTI to take the fight to adversary
Rick Holland - Non APT Trends by Vertical
John Ramsey, SecureWorks - SANS 360
- The Evolution of Cyber Threats and Cyber Threat Intelligence
Greg Rattray
- Intelligence-Driven Security
- North American SCADA and Process Control Summit 2013 (February 2013)
- 13 Ways Through A Firewall What you dont know will hurt you
Andrew Ginter - Growing up in Operations
- Putting SCADA Security to the Test
Chris Sistrunk - SANS NetWars & CyberCity Overview for the SCADA Summit
- SANS Security Awareness for Utilities
- NERC CIP Standard Mapping to the Critical Security Controls
- Security Expansion through Risk Analysis
Rob McComber - Security vs Compliance and SANS Securing the Utility (STU) Training and Awareness
Chris Humphreys - Threats Defined: Updates from INL
Bri Rolston - Water/Wastewater Plant Process Protection
Mr. McGovern
- 13 Ways Through A Firewall What you dont know will hurt you
- SANS Forensics Prague Summit & Training 2012 (October 2012)
- (Everyday) Malware Gone APT
Bojan Zdrnja - Malware Analysis Tools
Christian Wojner - The WOW Effect - or how Microsoft's WOW64 technology unintentionally fools IT Security analysts
Christian Wojner - Toward More Effective Incident Response Portable Incident Response Environment and Incident Response Management
David Kovar - Carve for Records Not Files
Jeff Ham - ACAD/Medre.A A Case Study of an Individual Attack
Righard J. Zwienenberg - Challenges in Physical Extraction of Modern Smartphones and Advance Methods to Overcome
Yuval Ben-Moshe
- (Everyday) Malware Gone APT
- Forensics and Incident Response Summit (June 2012)
- Recovering Digital Evidence in a Cloud Computing Paradigm
Jad Saliba - Sniper Forensics v3 Hunt
Christopher Pogue - Why not to stay in your lane as a digital forensic examiner
Alissa Torres - Windows 8 Recovery Forensics - Understanding the Three R's
W. Kenneth Johnson - Decade of Agression
Christopher Witter - Exfiltration Forensics in the Age of the Cloud
Frank McClain - Passwords are Everywhere!
Hal Pomeranz - Security Cameras - The Corporate DFIR Tool of the Future
Michael Viscuso - DFIR SANS360 Talks
Andrew Case, Ken Johson, Cindy Murphy, Harlan Carvey, Hal Pomeranz, Kristinn Gudjonsson, Corey Harrell, Melia Kelley, Tim Ray, Alissa Torres, David Nides - Practical use of cryptographic hashes in forensic investigations
Pr sterberg Medina - Digital Forensics for IaaS Cloud Computing
Josiah Dykstra - Taking Registry Analysis to the Next Level
Elizabeth Schweinsberg - Tales from the Crypt - TrueCrypt Analysis
Hal Pomeranz - Windows 7 Forensic Analysis
H. Carvey - Evidence is Data - Why you have the advantage
Jon Stewart - 6-blind-monks
Det. Cindy Murphy, M.Sc. - Analysis and Correlation of Macintosh Logs
Sarah Edwards - Android Mind Reading - Memory Acquisition and Analysis with LiME and Volatility
Joe Sylve - Digital Dumpster Diving an investigative analysis
- Anti-Incident Response
Nick Harbour - Automating File Analysis
Pr sterberg Medina - Building and Maintaining a Digital Forensic Lab - Panel
Art Ehuan - Building and Maintaining a Digital Forensic Lab - Panel
Willy Straubhaar - Building and Maintaining a Digital Forensics Lab - Panel
Jeff Hamm - Building and Maintaining a Digital Forensics Lab - Panel
David Nides - Carve for Record not Files
Jeff Hamm - Mac Memory Analysis with Volatility
Andrew Case - When Macs get Hacked
Sarah Edwards
- Recovering Digital Evidence in a Cloud Computing Paradigm
- SANS AppSec 2012: Summit and Training (April 2012)
- 7 Ways to Scale Web Security
Jeremiah Grossman - 10,000 Apps in 18 Months
Chris Eng - Bust a Cap in a Mobile App
Aditya K. Sood - Bust a Cap in a Mobile App
Georgia Weidman - Bust a Cap in a Mobile App
Subu Ramanathan - Future of XSS Defense
Jim Manico - Get Smart AMI Security on the Smart Grid
John Sawyer & Don Weber - How to Build an AppSec Program without Getting Fired
Michele Guel - How to Build an AppSec Program without Getting Fired
Monica Bush - How to Get the Most out of your Tools
Will Bechtel - How to get the Most out of your Tools
Jim Manico - How to get the Most out of your Tools
Michele Guel - Rate Limiting in Action
Nick Galbreath - Secure Programming - A Way of Life or Death
Matt Bishop - Security at Scale - Web Application Security in a Continuous Deployment Environment
Zane Lackey - Taking the Modular View - Extracting Security from the Application
Chenxi Wang - What you can learn from Small Companies about AppSec
Cameron Morris - What you can learn from Small Companies about AppSec
Jim Bird - What you can learn from Small Companies about AppSec
Nick Galbreath
- 7 Ways to Scale Web Security
- North American SCADA Summit & Training 2012 (January 2012)
- 20 Critical Controls
- Access Control and CIP
- Building Detection Capabilities
Ben Miller - Electric Sector Cybersecurity Risk Management Maturity Initiative
Samara Moore - Progress in implementing the Roadmap to Achieve Energy Delivery Systems Cybersecurity
Hank Kenchington - Implementing Application Whitelisting A Case Study
Andrew Wadsworth and Bryan Parker - Incident Management Workshop
Jonathan Pollet - The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers
Mike Assante - Needle in a Haystack? Getting to Attribution in Control Systems
Matt Luallen - Real-Life Users Talk the Talk
Michael Karl - Hacking SCADA: 2011 A Year in Review
Jonathan Pollet - Practical Applications for Automation Systems Management
Walter Sikora and Mike Dugent - Security Monitoring
Ron Simmons - SOPHIA
Robert Erbes - Working Smarter: Job Performance Metrics For the Smart Grid
- 2011 European Digital Forensics and Incident Response Summit (September 2011)
- Ad-hoc File System Forensics
Andreas Schuster - All the Gear..and No Idea.. - Scalable, fast & forensically sound incident response using "NOOBS"
Andrew Sheldon MSc. - Detecting and Stopping Malware & Exploit Packages on the Wire - Case Study: SCADA Environments (Part 1)
Righard J. Zwienenberg - Detecting and Stopping Malware & Exploit Packages on the Wire - Case Study: SCADA Environments (Part 2)
Righard J. Zwienenberg - Retrieving Internet Chat History with the Same Ease as a Squirrel Cracks Nuts
Yuri Gubanov CEO, Belkasoft - A Hacker's Guide To Incident Response
David Stubley - Memory Analysis Update Tools & Techniques 2011
Andreas Schuster - Rock Around the Clock
Lee Whitfield - Turning Android Inside Out - DFRWS 2011 Challenge
Ivo Pooters, Fox-IT - The Fight Against eCrime - A Small Nation's story
Peter Gwyn Williams
- Ad-hoc File System Forensics
- SANS What Works in Forensics and Incident Response Summit 2011 (June 2011)
- Bamm Visscher General Electric Company
Bamm Visscher - Building a team from within
Detective Joe Garcia - Computer Incident Response Team
Richard Bejtlich - Digital Forensics and Flux Capacitors
Lee Whitfield - EXT3 File Recovery via Indirect Blocks
Hal Pomeranz - EXT4 Bit by Bit
Hal Pomeranz - Five Point Palm Exploding Heart Technique for Forensics
Andrew Hay - Forensic 4cast Awards
- Forensics in the New Cloud Frontier
Andrew Hay - Incident Response from Computer Network Defense
Michael Cloppert - iOS Forensics
Sean Morrissey - IR Process and Smart Phones
Terrance Maguire - log2timeline Since 2009
Kristinn Gujnsson - Priorities: Personal and Professional
Ken Dunham - Protecting Privileged Domain Accounts during Live Response
Mike Pilkington - Sniper Forensics V2.0 Target Acquisition
Christopher E. Pogue
- Bamm Visscher General Electric Company
- AppSec 2011 Vendor Expo (March 2011)
- SANS AppSec 2011: Summit & Training (March 2011)
- War Made New: Changing the IT Battlefield
Mary Ann Davidson, Oracle - How to Turn Crisis Into Opportunity
Brad Arkin, Adobe - What is the key to successful Application Security?
Chris Peterson, Zynga - How Real World Software Security Programs Work
Greg Ruddell, RBC - Why is most software not designed with security in mind and never will be?
James Bach, Satisfice - Building Bridges between Dev and AppSec
Jim Bird, BIDS Trading - So you wanna be a botmaster?
Billy Rios, Google - Hacking and Securing Next Generation iPhone and iPad Apps
Nitesh Dhanjani & Sean Pennline, Ernst & Young - How Do You Achieve Developer Buy-In for Your Software Security Initiative?
Mike Hryekewicz, Standard Insurance - How can we get business to buy into application security?
Travis Ruff, Cargill - Paradigm Shift: The changing security ground on which we stand
Brook Schoenfield, Cisco - Web Hacking Incidents Revealed: Trends, Stats and How to Defend
Ryan Barnett, Trustwave - Mobile Security Application Challenges
Don Williams, Verizon Wireless - What's So Different about Mobile Applications?
Sam Quigley, Square - OWASP Goes Mobile
Mike Zusman, Intrepidus Group - What can the industry do to improve the state of mobile security?
Chris Palmer, EFF - Building a Security Ecosystem
Robert Fly, Salesforce.com - Which Vulnerabilities Should I Fix First?
Ryan Barnett, Trustwave - 2011: Web Application Security Metrics Landscape: Actionable Software Security Metrics that Clarify instead of Confuse
2011: Web Application Security Metrics Landscape: Actionable Software Security Metrics that Clarify instead of Confuse - Calculating Security Debt: Meaningful Software Security Metrics Panel
Chris Wysopal, Veracode - Dosh4Vulns: Google's Vulnerability Reward Programs
Adam Mein & Chris Evans, Google - Fraud Detection @salesforce
Robery Fly, Saleforce.com - Application Fraud: An attacker's introduction
Cory Scott, Matasano Security - Intuit Fraud Management Oversight
David Hahn, Intuit - Real-Time Hybrid Analysis
Brian Chess, HP - Application Security Tools in 2012: We already live in the future.
Eric Heitzman, IBM - Why are you not running a WAF?
Ivan Ristic, Qualys - What is the Future of Automated XSS Defense Tools?
Jim Manico, Infrared Security
- War Made New: Changing the IT Battlefield
- North American SCADA Summit & Training 2011 (February 2011)
- SANS SCADA & Process Control Summit
Markus Braendle - Beyond Compliance
Jim Brenton - Black Box Testing Methodologies
Joe Cummins - Cyber Security and Critical Infrastructure Resilience
Miles McQueen and Craig Rieger - Cyber Security Stuff n Junk
Kenneth Rohde - Define & Assess Skills - Smart Grid Security Specialists
Mike Assante - Electric Sector Panel - Beyond Compliance
- Enhancing ICS Security
Bradford H. Hegrat - FBI and Cyber Security
SSA John Caruthers, SSA Tom Winterhalter, and SSA Ken Schmutz - How Control System Vendors are Responding to Emerging Vulnerabilities and Threats
Netwitness - ICS Research Projects
David Kuipers - Learning: Build processes to learn from real world incidents
- NERC Critical Infrastructure Department (CID) and CIP Compliance Update
- Beyond Compliance
Greg Goodrich - Practical Steps to Securing Process Control Systems
Bradford H. Hegrat - RCMP Technological Crime Branch
Darren Sabourin - Emerging and Continuing Threats
Jonathan Pollet - Smart Grid Security Efforts @ Illinois
Bill Sanders - Stuxnet Modus Operandi
Liam O. Murchu - The Most Promising New Control System Research Projects
Paul Skare - US Cyber Challenge: Finding the people who canwin in cyberspace?
Alan Paller - Waterfall One Way Unidirectional connectivity for securing critical networks
- SANS SCADA & Process Control Summit
- EU Process Control and SCADA Security Summit 2010 (October 2010)
- Waterfall One Way Unidirectional connectivity for securing critical networks
EuroScada - Protecting CII using the Fox DataDiode
Jeremy Butcher - The value of Information Exchanges
Deputy Director CPNI - Industrial Information and Control Systems Security
Dr. Ake J. Holmgren - What weve learned from Stuxnet
Eric Knapp - What weve learned from Stuxnet
Thomas Brandsetter - Challenges to Vendors
INL - WIB Requirements & APC Update
Dr. Nate Kube - The journey of the WIB cyber security requirements
Peter Kwaspen - Certifying Control Systems Vendors' Security
Dr. Markus Braendle - Industrial Security: Going Beyond Defense in Depth
Bradford H. Hegrat - Idaho National Laboratory National SCADA Test Bed
David Kuipers - SCADA security lab/center
Mikael Welden - Online Distributed Interdependency Estimation
Dr. Gabriele Oliva - Industry and the SCSIE
Tony Phipps - CNI Boundary IT Security Assessments
Jonathan Cowlard - Unleash the Power of Business Activities
ViCiSi - Capturing a Cyber defence exercise
Dennis Anderson - Advanced Persistent Threat: Evolution of the attacker
Joe Cummins and Jonathan Pollet - SCADA SAT (SSAT): UK
Sandra C. - SCADA security benchmarks
Eric Luiijf - The People to Secure Our Future
Judy Baker - Cyber Espionage: The Internet is Gods gift to spies Plus: The New Security Heroes
Alan Paller - APT and Impact to SCADA Systems
Mark Fabro - Incident response and vulnerability analysis
Sean Paul McGurk - Viking City Simulator
Gitte Bergknut
- Waterfall One Way Unidirectional connectivity for securing critical networks
- SANS What Works in Forensics and Incident Response Summit 2010 (July 2010)
- Answering the Call - Fighting Digital Crime
Christopher E. Pogue & Major Carole Newell - Sniper Forensics - "One Shot, One Kill"
Christopher E. Pogue - Combating Malware in the age of APT
Jason Garman - Registry and Timeline Analysis
Harlan Carvey - How to Analyze Drive-by Exploit Frameworks
Ken Dunham - Evolution of Binary Code Analysis
Jason Garman - Malware Analysis Panel
Nick Harbour - ExFAT (Extended FAT) File System: Revealed and Dissected
Jonathan Ham - Windows 7: Current Events in the World of Windows Forensics
Troy Larson - Network Payload Analysis for Advanced Persistent Threats
Charles Smutz - Next Generation Windows Forensics Panel
Harlan Carvey - What Windows Area Needs Additional Research and Development?
Jesse Kornblum - Drive Encryption
Jason A. Lord - Encryption V20.10
Jason A. Lord - Beyond Fuzzy Hashing
Jesse Kornblum - Bringing a Knife to a Gun Fight: The Arsenal Required for Modern Forensic Combat!
Andrew Hay - Sourcefire Presentation
Matt Olney - Network Forensics Panel
Andrew Hay - How has the APT changed the way we approach network forensics?
Charles Smutz - CIRT-Level Response to Advanced Persistent Threat
Richard Bejtlich - APT Panel
Richard Bejtlich - What can organizations do immediately to put them in a better position to investigate an APT breach?
Shawn Carpenter - Evolution of APT State of the ART
Michael Cloppert - Examples of Recent APT Persistence Mechanisms
Christopher Glyer - Cloppert Example Deck
Michael Cloppert - Intelligence-Driven Response
Michael Cloppert - Shadow Warriors
Lee Whitfield & Mark McKinnon - Vendor Solutions Panel
David Nardoni - SIEM @ CAP
Nick Levay - CIRT-Level Response to Advanced Persistent Threat
Richard Bejtlich - SANS Forensic Challenge: "Ann's Aurora"
Sherri Davidoff, Eric Fulton & Jonathan Ham - Locating Live Kits
Ken Dunham - NetWitness Investigator Freeware: Network Intelligence, Threat Indicators and Session Exploitation
Brian Girardi - NextGen Architechture
NetWitness
- Answering the Call - Fighting Digital Crime
- The 2010 European Digital Forensics and Incident Response Summit (April 2010)
- Advanced File Carving
Bas Kloet - New Computer Forensics Techniques Panel
Bas Kloet - Legal and Law Enforcement Panel
Bev Nutter - New Computer Forensics Techniques Panel
Dr. Katrin Franke - Trends and Challenges in Applying Artificial Intelligence Methodologies to Digital Forensics
Dr. Katrin Franke - New Computer Forensics Techniques Panel
Emma Webb Hobson - Legal and Law Enforcement Panel
Henrik Kaspersen - Beyond Fuzzy Hashing
Jesse Kornblum - Computer Forensic Tool Panel
Kristinn Gudjonsson - Mastering the Super Timeline
Kristinn Gudjonsson - Verizon Data Breach
Matt van de Wel - Blue Screen of Death is Dead
Matthieu Suiche - Computer Forensics Tool Panel
Matthieu Suiche - Legal and Law Enforcement Panel
Maury Shenk - Computer Forensics Tool Panel
Righard Zwienenberg - Retrieving Information Then What
Righard Zwienenberg - User Panel
Wayne Micklethwaite
- Advanced File Carving
- SANS Process Control & SCADA Security Summit 2010 (February 2010)
- Reducing Cyber Risk in the Bulk Power System: The Cyber Risk Preparedness Assessment (CRPA)
Mike Assante, Tim Roxey, and Mark Fabro - National SCADA Test Bed
Gordon Rueff - Supporting our customers with NERC CIP compliance
James McQuiggan - Debunking the Myths of SCADA Security
Jasvir Gill - AlertEnterprise Smart Grid Security
AlertEnterprise White Paper - AlertEnterprise Smart Grid Security
Mike Assante - Refining Security: A Case Study of Public/Private Collaboration to Further PCS Security in the Energy Sector
Martha Austin - Non-obtrusive Authentication of Critical Infrastructure Operators
Sam Clements, Mark Hadley, Tom Edgar, and Cliff Glantz - Waterfall One Way Unidirectional connectivity for securing critical networks
Colin Blou - From Concept to Reality SCEs secure implementation of AMI program, SmartConnect
Darrin Highfill - Security Convergence for the Smarter Grid
Kashmit Dixit - Innovative Waterfall Implementation at NB Power
Gregory L. Wright - Best Practices in Grid Security
Jeff Kimmelman - Lessons Learned: Applying Security to new and existing Ovation systems.
John Duronio - Virtual Control Systems for Operator Awareness Training and Cyber Threat Understanding
Michael J. McDonald and Bryan T. Richardson - Vulnerabilities in Power Systems, Critical Infrastructure and Mitigation Techniques
Michael Milvich - About NitroSecurity
Mo Ramanathan - Non-obtrusive Authentication of Critical Infrastructure Operators
Sam Clements, Mark Hadley, Tom Edgar, and Cliff Glantz - Control System Security: Threat Detection and Management in the Critical Infrastructure
Eric D. Knapp - Securing a Smarter Grid: Risk Management in Power Utility Networks
Matt Luallen - The New Security Heroes
Alan Paller - Smart Grid Security - Procurement
Rita Wells - Defending Against Advanced Threats
Robert Huber - Coordinating and Guiding Federal, State, and Private Sector Cybersecurity Initiatives
Sean Paul McGurk - A Progressive Vision for Security and Compliance
Shelley Cottrill - How we support our customers with NERC CIP
James McQuiggan - FBI and Cyber Security for ICS/SCADA Systems
Tom Winterhalter - Waterfall for NRC Compliance Whitepaper
- Cyber Security for Energy Delivery Systems
Bill Hunteman
- Reducing Cyber Risk in the Bulk Power System: The Cyber Risk Preparedness Assessment (CRPA)
- The 2009 European Community SCADA and Process Control Summit (October 2009)
- Security in the Smart Grid
ABB White Paper - Handling Modern Security Issues
ArcSight White Paper - Virtualization in Control Systems: Possibilities and Challenges
Erik Johansson - The process to securing smart meters
Gitte Bergknut - Open Sourced Intelligence and Industrial Control Systems
Joe Cummins - Wireless AMR Case Study for US Military Bases
Jonathan Pollet - Control System Security: Threat Detection and Management in the Critical Infrastructure
NitroSecurity White Paper - Protecting the Energy Infrastructure
Sandro Bologna - Securing a Smarter Grid: Risk Management in Power Utility Networks
Matt Luallen
- Security in the Smart Grid
- SANS WhatWorks Summit in Forensics and Incident Response (July 2009)
- SANS IR and Forensics Summit Keynote
Richard Bejtlich - Rapid Analysis of Live Response Data
Kris Harms - Essential Incident Response Panel
Ken Bradley - Essential Incident Response
Harlan Carvey - Essential Incident Response Panel
Kris Harms - Essential Incident Response
Dave Hull - Essential Incident Response Panel
Chris Pogue - Incident Response Panel
Ken Bradley - Modern Enterprise Incident Response
Dave Merkel - Forensics Tools Panel
Jesse Kornblum - Forensics Tools Panel
Troy Larson - Forensics Tools Panel
Mark McKinnon - Forensics Tools Panel
Jess Garcia - Registry Analysis
Harlan Carvey - Memory Forensics Analysis Essentials
Jamie Butler & Peter Silberman - Registry Analysis and Memory Forensics
Dolan Gavitt - Solutions for Memory Forensics & Automated Malware Reversing
Rich Cummings - Lessons Learned from the Financial InfoSec Trenches
Alex Cox - Digital Evidence: A New Generation in Criminal Investigations
Chris Kelly - Working With Law Enforcement
Jennifer Kolde - Working With Law Enforcement
Cindy Murphy - Working With Law Enforcement
Ken Privette - Working With Law Enforcement
Paul Vitchock - Working With Law Enforcement
Doug White - Working With Law Enforcement
Beth Whitney - Forensic Challenges in the Courtroom
Craig Ball - Forensic Challenges in the Courtroom
Larry Daniel - Forensic Challenges in the Courtroom
Stroz Friedberg - Forensic Challenges in the Courtroom
Gary Kessler - Forensic Challenges in the Courtroom
Doug White - Mobile Forensics Behind Bars
Sterling Bryan - Mobile Device Forensic Essentials
Eoghan Casey - The Case for Network Forensics
Joe Levy - F-Response, 9 Months Later...
Matthew Shannon - User Panel
Richard Brittson - User Panel
Nolan Clifford - User Panel
James Zinn - Vendor Panel: Briefing on EnCase Portable
Jim Butterworth - An Ocean of Data
Ken Privette
- SANS IR and Forensics Summit Keynote
- SANS Process Control & SCADA Security Summit 2009 (February 2009)
- Implementation of Operator Authentication Processes on an Enterprise Level
Mark Heard - How to Upgrade the Security of the Control Systems You Already Own
Markus Braendle - The CAG An Earthquake in Security Compliance and How Security Is Measured
Alan Paller - AMI Security
Joel Garmon - Control System Vulnerabilities > Analysis of 5 Years of Field Data
Jonathan Pollet - Hacking AMI
Matt Carpenter - INL Assessments
Curtis St. Michel - Offense Trains Defense: Training Cyber Warriors
Juan Lopez - Keynote Panel
Ken Rohde - Advantages of an Adversarial Mindset
Wesley McGrew - Control System Cyber Incident Handling: A Law Enforcement Perspective
Jeff Morgan - AMI-SEC ASAP Red-Team Initiative
Matt Carpenter - Serial Security
Michael Milvich - Cyber Security Standards Drafting Team Update
Mike Assante - Advanced Network Toolkit for Assessments and Remote Mapping
Bryan Richardson - Bandolier Auditing Control System Security with Vulnerability Scanners
Dale Peterson - Three Years Down Range: Promising Results from the Roadmap to Secure Control Systems in the Energy Sector
Thomas R. Flowers - Patch Management
Kevin Staggs - Update Management for Control Systems
Kevin Sullivan - Cyber Security Procurement Language for Control Systems
Rita Wells - Access Policy Tool (APT): Verification of Security Policy Implementation
David Nicol - Field-level Situational Awareness: Challenges and Solutions
Mauricio Papa - Detection and Analysis of Threats to the Energy Sector (DATES)
Alfonso Valdes - Secure and Reliable Wireless Networks for Critical Infrastructure Facilities
Bryan Richardson - Lightning talks on research projects directly relevant to users and vendors of SCADA and process control systems
Ulf Lindqvist and Zach Tudor - The S4 Papers
Dale Peterson - Sample IT Change Management Policies and Procedures Guide
Evergreen Systems, Inc. - Creating User Manageable Security Zones
Craig Dupler and Eric Byres - Cyber Security Standards Drafting Team Update
Mike Assante - Special SCADA Overview (aka SCADA-Bowl)
Matt Luallen - The SCADA & Control System Information Exchange
Sheridan - What Works in SCADA Security
Joel Garmon - What Works in Sec Control Systems
Mike Firstenberg - Implementation of Operator Authentication Processes on an Enterprise Level
Mark Heard - Emergency Security
Thomas R. Flowers - What Works?
Troy Embree - Common security practices do apply
Stacy Bresler
- Implementation of Operator Authentication Processes on an Enterprise Level
- SANS WhatWorks Summit in Forensics, and Incident Response (October 2008)
- Upping the 'Anti': Using Memory Analysis to Fight Malware
Aaron Walters - Technology Pathways Product Overview
Chris Brown - IR/Forensics Team Strategy Panel
Chris Novak - Using the Home Advantage: Combating Anti-Forensics and Linkage Blindness
Chris Daywalt & Eoghan Casey - Summit Table of Contents
SANS - Strategy Panel
Harlan Carvey - Tactics Panel
Harlan Carvey - The Secrets of Registry Analysis
Harlan Carvey - Strategy Panel
Ken Bradley & Kris Harms - Tactics Panel
Ken Bradley & Kris Harms - ManTech Presentation
Henri Van Goethem - Forensics Panel
Mike Poor & Tom Liston - Tactics Panel
Mike Poor & Tom Liston - iPhone Forensics
Forward Discovery - User Panel
Lance Mueller - Mandiant Tactical Incident Response Panel
Ken Bradley & Kris Harms - F-Response: Extend Your Arsenal
Matt Shannon - Successful Strategies in Enterprise Intrusion Investigations
Michael Cloppert - Castle Warrior
Monty McDougal - Forensic Trends & Future: Shifting the Forensics Paradigm
Ovie Carroll - Forensic Summit 2008 Keynote
Richard Bejtlich - Forensics and IR Counterinsurgency Field Manual
Rob Lee - Slaying the Red Dragon: Remediating the China Cyber Threat
Ken Bradley & Wendi Rafferty - Strategy Panel
Stroz Friedberg - IR/Forensics Team Tactics Panel
Chris Novak - IR/Forensics Team Tactics Panel
Eric Gentry - 7-Minute Presentation
Ovie Carroll - 7-Minute Presentation
Ovie Carroll
- Upping the 'Anti': Using Memory Analysis to Fight Malware
- The 2008 European Community SCADA and Process Control Summit (September 2008)
- Information Sharing and Cooperation
Dr. Ake J. Holmgren - The Changing Face of Cyber Crime Top Cyber Menaces for 2008 and Promising Initiatives to Fight Back
Alan Paller - Gaining Support of Top Management for Investments In Improved Control Systems Security: What Works?
Eric Verheul - An end-user perspective on implementing process control security services
Frans Martens - Attention: SCADA security awareness
Gitte Bergknut - Panel: Government and Industry Experts Discuss the Proposed Global Strategy
Goran Ericsson - Keynote
Goran Ericsson - Automation, Process Control and SCADA Systems in Critical Infrastructures Future Threats and Requirements
Hans Honecker - What works in securing control systems
Helle Stoltz - Critical Infrastructure Protection Solutions
Karl Henderson - VIKING
Mattias Ekstedt - How Sophisticated Penetration Testers Get Through the Defenses
P. Schaeffer - Control System Security ABBs Vendor Perspective
Ragnar Schierholz - Vulnerabilities, Recommended Mitigations and NERC CIP 002-1/009-1 Rita Wells Idaho National Laboratory
Rita Wells - Cyber Security Procurement Language for Control Systems
Rita Wells - Vulnerability Disclosure
Rita Wells - Some notes on pentesting
Robert Malmgren - Penetration Testing of control systems, is it a good idea?
Roelof Klein - SCADA: A New Direction
CPNI - SCADA Table of Contents
- The vendor security challenge
Sinclair Koelemij - SCADA: A New Direction
Dr. Ake J. Holmgren
- Information Sharing and Cooperation
- SANS Process Control & SCADA Security Summit 2008 (January 2008)
- The Noise
Jason Larson - INL Assessment Team On-Site General Findings
Ken Rohde - Common SCADA Security Issues
Jeff Fay - You dont know how strong your defenses are until you test them...
Jonathan Pollet - Engineering Security
Paul Dorey - Cyber Security for Process Control
Larry Spoonemore - How To Implement Security Effectively Without Impacting Reliability: Lessons From the Trenches
Patrick Miller - Vulnerabilities, Recommended Mitigations and NERC CIP 002-1/009-1
Rita Wells - Process Control Security Research Projects
Ulf Lindqvist - Intrusion Detection Technologies within Process Control
Sean Kujawa - Trustworthy Cyber-Infrastructure for the Power Grid (TCIP)
David Nicol - Trustworthy Cyber-Infrastructure for the Power Grid (TCIP)
Tom Stogdale - SCADA Cyber Attack Alert Tool
Simon Hennin and Teh-Kuang Lung - Network Situational Awareness and Correlation Products
Vincent Berk - National Cyber Security Division Control Systems Efforts
Cheri McGuire - Control Systems Security in the Energy Sector
Hank Kenchington - How to Upgrade the Security of Existing Control Systems?
Joe Bucciero - Securing Your System: Today and in the Future
Sharon Xia - Information Sharing in Critical Infrastructure: How electric utilities in the West have found ways to work together to share experiences and best practices
Stacy Bresler - NERC Cyber Security Standards
Stan Johnson
- The Noise
