The “Rabbott” sent me some free online webinars being offered by the SANs institute, so I though I would share:
WEBCAST 1
SANS Asia-Pacific Series: You can panic now. Host Protection is (mostly)
dead – An Incident Response and Forensics Analysis of an APT attack
WHEN: Tuesday, February 5, 2013 Sydney 12 PM / Seoul 10 AM / Singapore 9 AM
Featuring: Rob Lee
https://www.sans.org/webcasts/panic-now-host-protection-mostly-dead-incident-response-forensics-analysis-o-96177
Sponsored By: AISA, http://www.aisa.org.au/
Is host-based detection dead? No one has been able to see the APT
circumvent common defenses because victims rarely share specific attack
details. Until now. A real world APT Attack results in surprising
findings in how effective sophisticated host based defenses are
ineffective. Starting from an initial attack through data ex-filtration,
this presentation will cover many of the tactics and techniques used by
attackers to bypass many of the host based controls used in many
organizations today.
WEBCAST 2
Special Webcast: Continuous Monitoring using the Critical Controls
WHEN: Tuesday, February 05, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Dr. Eric Cole and Wes Medley
https://www.sans.org/webcasts/continuous-monitoring-critical-controls-95980
Sponsored By: Qualys, http://www.qualys.com/ FireEye, http://www.fireeye.com/
The critical controls is a proven method for increasing security across
an organization. Implementing the critical controls is an important step
but what is also very important is to automate the auditing of the
controls to allow for continuous monitoring across the organization.
Attackers can move very quickly, compromise systems and go undetected
for a long period of time. In a perfect world, organizations would never
be compromised; however, we do not live in a perfect world.
Organizations are going to be compromised, therefore the focus needs to
be on early detection with appropriate remediation. By automating the
controls, continuous monitoring can timely detect unauthorized changes
in an organization which could be indicative of an attack. One of the
best ways to minimize damage to an attack and increase the overall
security is to constantly be aware of the state of an organization,
looking for deviations from the norm. Continuous monitoring via the
critical controls will allow an organization to implement more effective
security.
WEBCAST 3
Wednesday Webcast: The Hidden Risk of Component Based Software Development
WHEN: Wednesday, February 06, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Ryan Berg
https://www.sans.org/webcasts/mitigating-risk-component-based-software-development-96162
Sponsored By: Sonatype, http://www.sonatype.com
To increase the pace of software innovation, organizations have
transitioned from custom building software applications to assembling
applications from “ready made” components. While components provide
great promise, organizations must manage security and resiliency issues
to achieve efficiency and trust in their software supply chain. How do
you accomplish this given the volume, complexity and diversity of
today’s components? How do you manage the version dispersion of open
source components sourced from multiple locations? Join us as we discuss
how you can realize the benefits of component-based software development
while mitigating security, licensing and quality risks.
WEBCAST 4
Special Webcast: Incident Response & Forensics In The Cloud
WHEN: Thursday, February 07, 2013 at 11:30 AM EST (1630 UTC/GMT)
Featuring: Paul Henry
https://www.sans.org/webcasts/incident-response-forensics-cloud-95895
The move to Private and Public Cloud changes many things including how
we respond for IR and Forensics. As an example: Traditionally in a
physical realm we relied upon imaging a servers hard drive as well as
RAM to perform a thorough analysis. Today in the Cloud creating a
forensically sound image of an “instance” of a server to capture the
servers abstracted hard disk and an image of its RAM brings new
technical and legal complications. An additional issue to consider is
that some vendors platforms are simply not fully supported by our
current IR & Forensics Tools; todays commercial tools lack the ability
to perform any analysis at all on a VMware VMFS file system. Lastly,
downloading a large server image may simply be cost prohibitive due to
the high bandwidth costs associated with moving data out of the cloud
environment.
The best course of action may be to perform your analysis within the
cloud – however, the methods used in the analysis within the Cloud must
be forensically sound and as always in computer forensics they must be
repeatable and the result must be the same findings. In this session we
will begin to explore the changes that simply must be made to your IR
and Forensics procedures to properly address IR & Forensics in the
Cloud.
WEBCAST 5
Special Webcast: Knock-off Phone Forensics -Some handsets Aren’t What They Appear To Be
WHEN: Thursday, February 07, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Heather Mahalik
https://www.sans.org/webcasts/knock-off-phone-forensics-some-handsets-96232
Mobile devices are not always what they appear to be. Knock-off handsets
are prevalent in Asia, Europe and are infiltrating the borders of the
United States. Commercial forensic tools do not provide the same amount
of support for knock-off devices as they do for GSM and CDMA handsets.
Specialized forensic tools and add-on options to commercial kits are
available, however not all of the data is parsed for the investigator.
This talk will lead an exploration of the different methods for
acquiring and analyzing knock-off handsets, to include a live
acquisition demonstration. A detailed overview of the files contained
within a physical dump of a knock-off device will be provided. Examples
will be provided to demonstrate proper parsing methods and data
interpretation of the knock-off device files.
WEBCAST 6
Special Webcast: An Auditors look at Logging in Oracle Databases
WHEN: Friday, February 15, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Tanya Baccam
https://www.sans.org/webcasts/auditors-logging-oracle-databases-95822
During this presentation, the different options available for auditing
an Oracle database will be discussed, as well as some of the leading
practice recommendations for auditing. Auditors often find it very
difficult to understand what is being audited in a database, and what
should be expected. We’ll look at some of the foundational auditing
requirements that should exist, and the pros and cons of other auditing
solutions that Oracle databases provide.
WEBCAST 7
Ask The Expert Webcast: Mobile Evidence in Modern E-Discovery: Risks,
Techniques and Opportunities
WHEN: Tuesday, February 19, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Paul Henry, Ben Wright and Yuval Ben Moshe
https://www.sans.org/webcasts/mobile-evidence-modern-e-discovery-risks-techniques-opportunities-95990
Sponsored By: Cellebrite, http://www.cellebrite.com
Data stored on mobile devices such as phones and tablets is becoming
increasingly important to the resolution of disputes, lawsuits and all
kinds of investigations. Records such as images, text messages, chat
transcripts and travel routes – along with logs and meta data about
those records – are becoming critical to audits, civil lawsuits,
criminal prosecutions and internal investigations. Communications such
as text messages, chat transcripts, and instant messages – along with
the records of those communications, including call logs and metadata –
are increasingly considered to be responsive ESI during litigation. In
this webinar, SANS instructors Benjamin Wright and Paul Henry provide
leading legal cases involving mobile evidence, and key legal issues,
along with possible solutions that apply to mobile evidence relevant to
a lawyer, a tax auditor, a police officer, an HR investigator, an
e-discovery professional or a government regulatory authority.
Other topics will include:
-Using audits to identify key custodians and image responsive mobile
data before you ever end up in litigation.
-Setting, and enforcing, BYOD policies that will let you collect
responsive data from personal devices.
-The mobile ESI preservation and collection process, from identifying
the custodians to analyzing the collected device images.
-Chain of custody and proper documentation of mobile ESI–and how to
include this documentation together with your other e-discovery efforts.
-Communicating with information technology staff and your digital
forensics contractors throughout the e-discovery process.
WEBCAST 8
Special Webcast: Java Web Security By Example
WHEN: Tuesday, February 19, 2013 at 4:00 PM EST (2100 UTC/GMT)
Featuring: Frank Kim and Andy Chou
https://www.sans.org/webcasts/java-web-security-96227
Sponsored By: Coverity, Inc. http://www.coverity.com/
Learn how to exploit security vulnerabilities that are commonly found
in the arsenal of malicious attackers. We won’t simply talk about issues
like XSS, CSRF and SQL Injection, but will have live demos showing how
hackers exploit these potentially devastating defects using freely
available tools. You’ll see how to hack a real world open source
application and explore bugs in commonly used open source frameworks.
We also look at the source code and see how to fix these issues using
secure coding principles. We will also discuss best practices that can
be used to build security into your SDLC. Java developers and architects
will learn how to find and fix security issues in their applications
before hackers do.
WEBCAST 9
Analyst Webcast: Results of the SANS SCADA Security Survey
WHEN: Wednesday, February 20, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Matt Luallen, Markus Braendle, Walter Sikora, and Mark Seward
https://www.sans.org/webcasts/results-scada-security-survey-95745
Sponsored By: ABB http://www.abb.com/cybersecurity, Industrial Defender
http://www.industrialdefender.com/, Splunk http://www.splunk.com/
Industrial automation and control systems have changed significantly in
the recent past and continue to do so. They are being connected to
internal and external networks or to remote management systems, even
from hand held mobile devices. These systems are now widely exposed to
cyber threats ranging from malware to hacktivists and
government-sponsored war-like attack from automated code such as Duqu
and Stuxnet.
Securing industrial automation and control systems is not an easy task.
A big challenge, for instance, is dealing with legacy systems in the
installed base that often do not have security mechanisms built in and
run on old operating systems left unpatched due to the sensitivity of
their operations. With no means to protect themselves from attack, and
with the difficulties in monitoring these systems, how are control
system operators managing risk and compliance?
In this webcast, SANS will release results of the first SANS survey into
the security practices of SCADA system operators. Learn their level of
awareness around cyber risk, their attempts to manage that risk, and how
their efforts are working out so far. Also learn what standards,
frameworks and protections are available, including from longtime SCADA
security providers, Industrial Defender and ABB (a global leader in
power and automation technologies).
Register for this webcast and be among the first to receive a
complimentary copy of the associated whitepaper developed by SANS
instructor, Matt Luallen.
WEBCAST 10
Special Webcast: Ninja Developers: Discretely Scan Your Functional Testing
WHEN: Thursday, February 21, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Kevin Johnson and James Jardine
https://www.sans.org/webcasts/ninja-developers-discretely-scan-functional-testing-96080
Application security has been a hot topic for the past few years and is
only getting hotter. In an effort to help developers write secure code,
this three part series will discuss how security testing can be
performed during development. In this second part of this trilogy, we
will explore passive scanners that developers can use to help identify
security vulnerabilities during their regular functionality testing.
Identifying which scanners are available, as well as their pros and
cons, a developer will understand how to actively scan their
applications.
WEBCAST 11
Special Webcast: How memory forensics will help you lose weight and look
ten years younger
WHEN: Monday, February 25, 2013 at 8:00 PM EST (0100 UTC/GMT)
Featuring: Jesse Kornblum
https://www.sans.org/webcasts/memory-forensics-lose-weight-ten-years-younger-96237
Ok, so maybe not quite those things, but memory forensics can help your
investigation in ways which no other technique can match. Memory images
contain user data which is unavailable from other sources, such as
encryption keys and full-content network traffic. Previously existing
memory images on your system may give you these kinds of details from
an earlier time in the computer’s history. Those of you looking for
malware will be pleased to know that programs and drivers simply cannot
hide in memory. We will suss them out no matter where they go. All of
this adds up to faster and better results in your cases, leaving you
with time to lose weight and look younger naturally!
WEBCAST 12
Wednesday Webcast: Leveraging What’s Already There: A Scripting Process
for IT Audits
WHEN: Thursday, March 28, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Paul Wiggins
https://www.sans.org/webcasts/leveraging-there-scripting-process-audits-96065
This presentation focuses on several aspects of implementing a scripted
information gathering process for IT audits, as well as provide examples
of several useful commands and a few scripting tips. The presentation
will demonstrate a process for script creation and testing, as well as
some of the advantages to using scripts. Examples shown may include
commands used to gather information from Windows and Linux/UNIX
operating systems, and queries useful for Oracle reviews. Some insights
into the analysis of the data will be discussed as well.
WEBCAST 13
Special Webcast: Ninja Developers: Is There a Framework for That?
WHEN: Thursday, April 04, 2013 at 1:00 PM EST (1800 UTC/GMT)
Featuring: Kevin Johnson and James Jardine
https://www.sans.org/webcasts/ninja-developers-framework-that-96085
Application security has been a hot topic for the past few years and is
only getting hotter. In an effort to help developers write secure code,
this three part series will discuss how security testing can be
performed during development. In this third part of this trilogy, we
will explore a web testing framework that developers can use to help
identify security vulnerabilities and learn security testing techniques.
First we will look at some tools that exist in the framework, then we
will identify vulnerable targets to learn how attacks work.
WEBCAST 14
Analyst Webcast: Securing Help Desks: A SANS Survey
WHEN: Wednesday, June 26, 2013 at 1:00 PM EDT (1700 UTC/GMT)
Featuring: Barbara Filkins
https://www.sans.org/webcasts/securing-desks-survey-96157
The help desk is a magnet for attackers both casual and deliberate,
using social engineering techniques to penetrate an organization. These
intruders enlist help desk and other support staff as unwitting allies
and subvert networked systems for kicks or worse.
This webcast will examine a SANS survey on help desk security that asks
about the key issues associated with securing help desk and related
support operations, and how IT organizations are responding to the
challenge. The discussion will cover those areas that generally need the
most attention, as seen through the experiences of help desk and support
managers taking the survey.
Register now for this webcast, and be among the first to receive a new
SANS Analyst Whitepaper on this subject.