•  

Sessions at SANS Security West 2013 on Wednesday 15th May

Your current filters are…

  • MGT535: Incident Response Team Management

    by Staff

    This course will take you to the next level of managing an incident response team. Given the frequency and complexity of today's attacks, incident response has become a critical function for organizations. Detecting and efficiently responding to incidents, especially those where critical resources are exposed to elevated risks, has become paramount, and to be effective, incident response efforts must have strong management processes to facilitate and guide them. Managing an incident response team requires special skills and knowledge. A background in information security management or security engineering is not sufficient for managing incidents. Furthermore, incident responders with strong technical skills do not necessarily become effective incident response managers. Special training is necessary.

    This course was developed by an information security professional with over 26 years of experience, much of it in incident response. He was the founder of the first U.S. government incident response team. Students will learn by applying course content through hands-on skill-building exercises. These exercises range from: writing and evaluating incident response procedures, to the table-top validation of procedures, incident response management role playing in hypothetical scenarios, and hands-on experience in tracking incident status in hypothetical scenarios.

    At 9:00am to 5:00pm, Wednesday 15th May

    In Manchester Grand Hyatt Hotel

  • AUD521: Meeting the Minimum: PCI/DSS 2.0: Becoming and Staying Compliant

    by David Hoelzer

    This class is a lot of fun. In this short course we have the opportunity to examine a well written security standard and wrap an easy to use tool kit around it, allowing anyone who comes to perform fairly advanced technical validations through an exceedingly simple process. I think that any organization that has to adhere to PCI, any organization that performs external compliance validations and even the people who are maintaining the standard in the payment card industry will see immense value from attending.
    - David Hoelzer

    The payment card industry has been working over the past several years to formalize a standard for security practices that are required for organizations that process or handle payment card transactions. The fruit of this labor is the Payment Card Industry Data Security Standard (currently at version 2.0).

    This standard, which started life as the Visa Digital Dozen, is a set of focused comprehensive controls for managing the risks surrounding payment card transactions, particularly over the Internet. Of course, compliance validation is one of the requirements. This course was created to allow organizations to exercise due care by performing internal validations through a repeatable, objective process. While the course will cover all of the requirements of the standard, the primary focus is on the technical controls and how they can be measured. Every student will leave the class with a toolkit that can be used to validate any PCI/DSS environment technically and the knowledge of how to use it.

    On Wednesday 15th May

    In Manchester Grand Hyatt Hotel

  • MGT433: Securing The Human: Building and Deploying an Effective Security Awareness Program

    by Lance Spitzner

    Organizations have invested in information security for years now. Unfortunately, almost all of this effort has been focused on technology with little, if any, effort on the human factor. As a result, the human is now the weakest link. From RSA and Epsilon to Oak Ridge National Labs and Google, the simplest way for cyber attackers to bypass security is to target your employees. One of the most effective ways to secure the human is an active awareness and education program that goes beyond compliance and changes to behaviors. In this challenging course you will learn the key concepts and skills to plan, implement, and maintain an effective security awareness program that makes your organization both more secure and compliant. In addition, you will develop metrics to measure the impact of your program and demonstrate value. Finally, through a series of labs and exercises, you will develop your own project and execution plan, so you can immediately implement your customized awareness program upon returning to your organization.

    On Wednesday 15th May

    In Manchester Grand Hyatt Hotel

  • SEC434: Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting

    by Dr. Eric Cole

    Message from the Author:

    Logs and log analysis have long been one of the most challenging areas of security; they are also closely tied to proper system and network administration practices. With regulatory compliance added on top with specific requirements on log collection, retention, and analysis (such as those found in PCI DSS), there has never been a better time to FINALLY get your logs under control. This class is the first-ever dedicated class on getting your log management project right. If you know that "you need to have those logs handled!", sign up and learn exactly how to do that. Many years of experience with logs went into this class and so you, an attendee, have a chance to avoid the most damaging mistakes and learn from many years of the author's experience with logging, log management, log tools, and the use of logs for various purposes.

    - Anton Chuvakin

    On Wednesday 15th May

    In Manchester Grand Hyatt Hotel

  • SEC546: IPv6 Essentials

    by Staff

    The first time I heard about IPv6, I heard about things like "unlimited address space", and "all your traffic will be encrypted". However, I knew little about the meaning of these statements. As I delved deeper into IPv6 and started to deploy it in some of my networks, I found that much of what was said about IPv6 was more myth than reality. Implementing IPv6, and in particular securing IPv6, turned out to be a much larger challenge then I originally planned. While many networks are already "IPv6 ready", you as a network administrator are likely not. This course should make you "IPv6 ready" as well.

    The course covers various security technologies like firewalls and Intrusion Detection and Prevention Systems (IDS/IPS). It also addresses the challenges in adequately configuring these systems and makes suggestions as to how apply existing best practices to IPv6. Upcoming IPv6 attacks are discussed using tools like the THC IPv6 attack suite and others as an example.This course will introduce network administrators and security professionals to the basic concepts of IPv6. While it is an introduction to IPv6, it is not an introduction to networking concepts. You should understand and be aware of the basic concepts of IPv4, and networking in general. It is an ideal refresher if you took SEC503 Intrusion Detection in Depth. However, you do not need to know IPv4 in the full detail in which it is presented in SEC503. The networking and IPv4 principles taught in SEC401 Security Essentials should prepare you for this course.

    On Wednesday 15th May

    In Manchester Grand Hyatt Hotel

  • SEC580: Metasploit Kung Fu for Enterprise Pen Testing

    by Staff

    Metasploit is the most popular free exploitation tool available today. It is in widespread use by penetration testers, vulnerability assessment personnel, and auditors. However, most of its users rely on only about 10 percent of its functionality, not realizing the immensely useful, but often poorly understood, features that Metasploit offers. This course will enable students to master the 10 percent they currently rely on (applying it in a more comprehensive and safe manner), while unlocking the other 90 percent of features they can then apply to make their tests more effective. By attending the course, they will learn how to make a free tool achieve the power of many much more costly commercial tools.

    - Ed Skoudis and John Strand

    On Wednesday 15th May

    In Manchester Grand Hyatt Hotel

  • SEC710: Advanced Exploit Development

    by Stephen Sims

    s a perpetual student of information security, I am excited to offer this course on advanced exploit development. This course complements SEC660 Advanced Penetration Testing, Exploits and Ethical Hacking. The goal of the course is to take students wishing to get into more advanced exploit discovery and writing to the next level. It is a fast-paced two days with the expectation that students are well-versed in stack-based bug discovery and exploitation, as well as the ability to disassemble C code and utilize debuggers. Heap exploitation and patch reversal are hot topics in today's client-side exploits and common attack techniques. This is a fun course for those who are ready! Contact me at stephen@deadlisting.com if you have any questions about the course.SANS SEC710 is an advanced two-day course on exploit development. Students attending this course should know their way around a debugger and have prior experience exploiting basic stack overflows on both Windows and Linux. Terms such as "jmp esp" and "pop/pop/ret" should be nothing new to you. We will move beyond these attack techniques to explore more advanced topics on heap exploitation, format string attacks, and Microsoft patch reversal and exploitation. We will be taking a real Microsoft security patch, reversing it to model the discovery of an undisclosed vulnerability, and developing a client-side exploit that defeats controls such as Address Space Layout Randomization (ASLR).

    On Wednesday 15th May

    In Manchester Grand Hyatt Hotel