1. Moscone South 313 TUT/TRN
  2. Moscone South 313 TUT/TRN

Today, even the most impenetrable security measures aren’t enough to keep skilled adversaries out. Incident response teams must catch intrusions in progress, rather than after attackers have done significant damage. This process of “threat hunting” uses known adversary behaviors to examine the network and endpoints and proactively identify new data breaches.
This course prepares students with the advanced skills needed to hunt down, identify, counter, and recover from a wide range of enterprise network threats, including advanced persistent threats (APTs) from nation-state adversaries, organized crime syndicates, and hacktivists. The course is constantly updated with the rapidly evolving tactics and techniques used by elite responders and hunters in real-world breach cases. Audience:
• Incident Response Team Members who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across endpoints in the enterprise.
• Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter their tradecraft.
• SOC Analysts looking to better understand alerts, build the skills necessary to triage events, and fully leverage advanced endpoint detection and response (EDR) capabilities.
• Experienced Digital Forensic Analysts who want to consolidate and expand their understanding of memory and timeline forensics, investigation of technically advanced individuals, incident response tactics, and advanced intrusion investigations.

By enrolling in this session attendees are opting in to share their details with SANS for certification purposes.

Speaker Joshua Lemon