SANS Digital Forensics and Incident Response

Boost your threat intelligence knowledge and skill sets. Join us at SANS CTI Summit on Jan 27-28, in Alexandria, VA, or Live Online. Attend to enjoy in-depth technical talks, panel discussions from industry experts, and exclusive networking opportunities. Join us after the Summit for one of ten closely aligned, immersive cyber security courses. ➡️ Learn More: https://lnkd.in/gNCE-xVt #CTISummit #CTI #ThreatIntel

Join us at #CTISummit when Eli Woodward dives into The Secret Life of Forgotten Malware C2. Discover how custom malware domains persist after exposure, why attackers reuse them, & the long-term intelligence value they hold for defenders. 🏔️ Summit: Jan 27-28 📍 Alexandria, VA & 🌐 Free Live Online ➡️ Learn More & Save Your Spot: https://lnkd.in/gNCE-xVt #ThreatIntel #CTISummit #malware

📣 Starting in 3 Weeks! | Join Katie Nickels, Rebekah Brown, Rick Holland, and the threat intelligence community at SANS CTI Summit for in-depth talks featuring cutting-edge insights, techniques, and solutions in cyber threat intelligence. 🗓️ Summit: Jan 27-28 📍 Alexandria, VA | All-Access 🌐 Free Live Online | Select Talks & Content 💻 Boost your knowledge with one of nine closely aligned courses after the Summit | Jan 29 - Feb 3. Want to attend but know you can't make it? Register Free Live Online to gain first access to recordings and presentations. ➡️ View Agenda & Register Here: https://lnkd.in/gNCE-xVt #CTISummit #CTI #ThreatIntel #IncidentResponse #DFIR

The SANS CTI Summit Solutions Track will feature in-depth talks that share cutting-edge solutions and collaborative approaches that will transform CTI into a critical enabler of cyber resilience for your organization. Join Douglas McKee, invited speakers, and the threat intel community for this free virtual event. Want to attend but know you can't make it? Register anyway for first access to the recordings. Register for Free: Day 1 | Jan 27 | Solutions Track: https://lnkd.in/eighmhzT Day 2 | Jan 28 | Solutions Track: https://lnkd.in/eqecd7Ff #CTISummit #CTI #ThreatIntel #IncidentResponse #DFIR

It feels like the right season to talk about ELF files, even if it is Linux executables, not Santa's Little Helpers. The linked article here is an overview of how ELF file headers are structured, with a view to helping #Linux Incident Responders, and Digital Forensic Investigators, understand the structure better. The ELF header is 64 bytes long (52 bytes for 32-bit binaries) and helps the operating system understand how the application works. This includes pointers to where the program data is, where the symbol tables are, and the architecture it uses. It is worth noting that in most modern Linux distros, 32-bit applications are very rare. It is useful to understand how to get the raw data, even if you rely on tools like readelf or exiftool to parse the data, because this allows you to validate the tool and examine files, even if they are damaged. If you want to know more about Linux incident response, have a look at the awesome #FOR577 Linux Incident Response course from SANS Digital Forensics and Incident Response. This is a six-day course, with five days of instruction on how to rapidly assess potentially compromised Linux systems, and then culminates in a realistic capstone challenge where you investigate a potentially compromised environment. You can attend FOR577 from home with OnDemand, which allows you to study at your own pace or via Live Online with the benefit of real-time interaction. Or, for the absolute gold-standard experience, you can attend an in-person event, which includes a lot of added benefits, opportunities to interact and a dedicated, distraction-free, study environment. The next in-person classes of FOR577 are: 📆 13 January 2025, 🌍 Grand Connaught Rooms, London UK 📆 3 March 2025, 🌎SANS SECEAST, Baltimore, USA with the awesome Jim Clausing 📆 13 April 2025, 🌎 SANS 2025, Orlando USA Seats fill quickly, so don't miss out on your chance! There is a $300 discount if you book and pay for SANS SECEAST before 29 Jan 2025 and a $500 discount for SANS 2025 until 13 Jan. #dfir #incidentresponse #ir #cybersecurity #sans #security #cyber #training #development #cpe

📢 Miss December’s SANS Threat Analysis Rundown? Don’t worry—we’ve got you covered! Katie Nickels was joined by the Splunk team to introduce the groundbreaking PEAK framework! Learn how Prepare, Execute, and Act with Knowledge is shaping the future of cyber. From hypothesis-driven hunts to Model-Assisted Threat Hunting (MATH), this blog will get you all up to speed. Check it out → https://buff.ly/4a4pnct #DFIR #ThreatIntel #ThreatHunting

Join us at #CTISummit when Jono Davis dives into threat actor collaboration, sharing tools & TTPs, and the challenge of attribution. Learn from a China-based case study and gain a framework to analyze and navigate competing narratives. 🏔️ Summit: Jan 27-28 📍 Alexandria, VA & 🌐 Free Live Online ➡️ Learn More & Save Your Spot: https://lnkd.in/gNCE-xVt #ThreatIntel #CTISummit

🏂💨 Time is running out! Complete your challenges and submit your write-ups by January 3 (TOMORROW) to enter the #HolidayHack Challenge contest. Compete for amazing prizes like a SANS Self-paced Course, a #NetWars Continuous subscription, and exclusive swag. 🤩 Submit your report now: https://lnkd.in/eduwXKmx

Join us at SANS CTI Summit when Gert-Jan Bruggink and Sherman Chu will discuss: 🌳 Decoding cyber threats with Attack Trees 🔗 Visualizing attack chains for stakeholders 🛡️ Practical defense strategies 🏔️ Summit: Jan 27-28 📍 Alexandria, VA & 🌐 Free Live Online ➡️ Learn More & Save Your Spot: https://lnkd.in/gNCE-xVt #ThreatIntel #CTISummit

Don't miss the chance to connect with some of the best minds in #Cybersecurity at the SANS #RansomwareSummit in June to discuss #Ransomware prevention, detection, response, and recovery. Join Ryan Chapman and Mari DeGrazia Live Online for FREE! 🎯 Register Today: https://lnkd.in/e-ZFEjZE