Videos

Defeating Attackers with Preventative Security

Defeating Attackers with Preventative Security

Endpoint detection and response faces many challenges, even as most practitioners deploy some kind of EDR solution. For example, many solutions don’t integrate data from other sources, provide low quality data and are too complex to be effective. In this SANS video, SANS Institute instructor’ Jake Williams and McAfee’s Ismael Valenzuela will examine how EDR has evolved into not just alerting on suspicious things but also helping you investigate and respond effectively. They also will talk about use cases for evaluating EDR solutions.

Driving Cyber Resiliency of IoT Devices with Active Management & Cyber Hygiene

Driving Cyber Resiliency of IoT Devices with Active Management & Cyber Hygiene

Michael Howard, Head of WW Security Practice at HP Inc. and Dr. Kimberlee Brannock, Senior Security Advisor at HP Inc. provide a closer look at the challenges IoT devices present in a security environment and the clear need for good cyber hygiene. The HP Inc. duo also shares some valuable insights from the framework they have applied to 100’s of client print security assessments.

Black Hat Asia 2019 Keynote: The Next Arms Race

Black Hat Asia 2019 Keynote: The Next Arms Race

The Internet is not supposed to have borders, but it does. Countries fight and spy on each other on the Internet every day. So, borders still exist on the Internet, and almost all countries are investing into offensive use of cyber power. The new weapons they are developing are different from any other kind of weapon we’ve ever seen, and we are now seeing the very beginning of the next arms race.

Finding and Decoding Malicious Powershell Scripts – SANS DFIR Summit 2018

Finding and Decoding Malicious Powershell Scripts – SANS DFIR Summit 2018

Malicious PowerShell scripts are becoming the tool of choice for attackers. Although sometimes referred to as “fileless malware”, they can leave behind forensic artifacts for examiners to find. In this presentation, learn how to locate and identify the activity of these malicious PowerShell scripts. Once located, these PowerShell scripts may contain several layers of obfuscation that need to be decoded. I will walk through how to decode them, as well as some light malware analysis on any embedded shellcode. I will also demonstrate how to use an open source python script to automate the process once you have discovered the MO of the attacker in your case.
Black Hat USA 2018 Keynote: Parisa Tabriz

Black Hat USA 2018 Keynote: Parisa Tabriz

This talk offers guiding advice that we as security practitioners and leaders must embrace in order to succeed. Drawing on her experiences leading some of the biggest, ongoing security efforts that aim to make technology safer for all users, Parisa will first share how throwing out the rule book on vulnerability disclosure has been moving giants of the software industry toward measurably faster patching and end-user security. Next, she will share how a grassroots side project grew to shift the majority of the web ecosystem to secure transport, nearly 25 years after the technology was first made available. Finally, she will review the major effort to implement an intern’s publication in one of today’s largest open source projects, and how they persevered for 5+ years of refactoring, avoiding efforts to defund the work along the way. (Coincidentally, this project helped the world’s most popular browser mitigate a new class of hardware vulnerabilities earlier this year!)
Business Email Compromise; Office 365 Making Sense of All the Noise

Business Email Compromise; Office 365 Making Sense of All the Noise

Office 365, or O365, has made online applications easier for businesses of all sizes. Its also created a significant attack vector that attackers have been exploiting for years to the tune of BILLIONS a year. Business Email Compromise, or BEC, is the name given to these types of email-based attacks that have cost businesses over $12 billion, and show little sign of slowing down. It's time we turn the tables. In this webcast, we will examine how and why O365 has become such a successful attack vector. Specifically, we are going to examine examples of spoofed and fraudulent emails and how the attackers work to understand the flow of money within your organization. We will also be going to look at attacker infrastructure and examine sample code that they use to pilfer credentials from your organization.
iOS 11 isn’ t all fun and games

iOS 11 isn’ t all fun and games

The topic discussed in this webcast is just one of the subjects we cover in SANS FOR585: Advanced Smartphone Forensics (http://www.sans.org/u/xt0). For more information, please check a previous webcast regarding the recent FOR585 course content additions here (http://dfir.to/NewFOR585) Overview: SANS instructors Heather Mahalik and Domenica "Lee" Crognale discuss iOS 11 messages and the differences they have seen compared to older iOS versions. They walk you through their methods for testing and creating data sets for examination, as well as provide attendees with tips on how to better understand iOS 11 messages. Additionally, they will discuss procedures used for developing the query and how your mobile forensics tools might be blurring the lines on what the data represents. Speaker Bios Heather Mahalik Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to Osama Bin Laden’s media. She has helped law enforcement, eDiscovery firms, and the federal government extract and manually decode artifacts used in solving investigations around the world. All told she has more than 14 years of experience in digital forensics, including eight years focused on mobile forensics – there’s hardly a device or platform she hasn’t researched or examined or a commercial tool she hasn’t used. These days Heather is the Director of Forensic Engineering at ManTech CARD. Heather previously led the mobile device team for Basis Technology, where she focused on mobile device exploitation in support of the federal government. She also worked as a forensic examiner at Stroz Friedberg and the U.S. State Department Computer Investigations and Forensics Lab, where she handled a number of high-profile cases. She has also developed and implemented forensic training programs and standard operating procedures. @HeatherMahalik Domenica Crognale Domenica is one of the course co-authors of SANS FOR585: Advanced Smartphone Forensics. She has been working in digital forensics for more than 10 years and specializing in mobile devices since 2009. In previous jobs she has provided training to military and government agencies, worked on high-profile cases, tested and validated various mobile forensics utilities, and provided security assessments for many mobile applications. In her day job, she spends time dissecting third-party mobile applications, where there is no shortage of interesting data left behind. She maintains multiple certifications including the GASF, EnCE, CCE, and CISSP. @domenicacrognal
Getting Started with the SIFT Workstation Webcast with Rob Lee

Getting Started with the SIFT Workstation Webcast with Rob Lee

An international team of forensics experts helped create the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS FOR508: Advanced Threat Hunting and Incident Response course (http://www.sans.org/FOR508). It demonstrates that advanced investigations and responding to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. The SANS Investigative Forensic Toolkit has become the most popular download on the SANS website. Over the past year, 20,000 individuals have downloaded the SIFT workstation and has become a staple in many organizations key tools to perform investigations. This session will demonstrate some of the key tools and capabilities of the suite. You will learn how to leverage this powerful tool in your incident response capability in your organizations. To download the SIFT Workstation please visit: http://dfir.to/SIFT-Download Speaker Bio Rob Lee is the curriculum lead and author for digital forensic and incident response at the SANS Institute (http://dfir.to/2yx0W5U) With more than 19 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services via HARBINGERS LLC. in the Boston, MA. area. Before directing services at HARBINGERS, Rob worked with government agencies in law enforcement, defense, and intelligence communities as a lead for vulnerability discovery and exploit development teams supporting Title10/50 cyber operations. Following his work in the intel community, he worked at the incident response firm MANDIANT for 5 years. Notably, he co-authored MANDIANT's first detail threat intelligence reports on Chinese APT activity titled "M-Trends: The Advanced Persistent Threat."
CyberSecurity: With great power comes great responsibility | Ryan Heiob | TEDxSaintThomas

CyberSecurity: With great power comes great responsibility | Ryan Heiob | TEDxSaintThomas

In his TEDxSaintThomas talk entitled, "CyberSecurity: With great power comes great responsibility," Ryan will explore what is happening in the cyber world today and the ways to protect ourselves. What are the actual threats that present themselves that ordinary computer users may not know exist? Ryan Heiob, originally from Michigan, Ryan moved to the Virgin Islands in 2008. Ryan has worked in all fields of Technology over the past 17 years and believes in continuous education to keep up with the ever-changing technology landscape. His main focus is now Internet Security and how we can protect our privacy by education and being aware of the new threats that we’re facing. This talk was given at a TEDx event using the TED conference format but independently organized by a local community.
The Homeland Security Information Network Celebrates 10 Years!

The Homeland Security Information Network Celebrates 10 Years!

This video highlights the HSIN Program’s mission goals and achievements over the past decade. As the designated sensitive-but-unclassified information sharing and collaboration system for DHS and its partners since 2006, HSIN senior leadership reflect on 10 years of HSIN growth and success.