We are excited to announce that the SANS Institute FOR509 Enterprise Cloud Forensics and Incident Response transitioned from a 4-day course to a 6-day course in May 2022. With this release comes new content, updates to existing content, and a multi-cloud capstone challenge that will test your knowledge at the end of the week.
In summary, the major FOR509 enhancements include:
- New Multi-Cloud Intrusion Challenge
- An entire day of new slides and labs on Google Workspace
- New slides on Kubernetes
- New lab on Google Cloud Platform log collection
- New lab involving privilege escalation using the Microsoft Graph API
In order to expand the class to 6 days and include a frequently requested topic, an entire day of content has been added to cover Google Workspace, Google’s SaaS solution for businesses. The new material provides details on the most common Google Workspace attacks and how to investigate such attacks using the logs provided by the platform, with multiple hands-on labs to put the knowledge learned into practice. Other new content includes a section on Kubernetes Forensics and IR, a lab on privilege escalation using the Microsoft Graph API, and a lab on collecting logs from GCP via the CLI.
Along with these major content additions and updates, our new release ensures that, with the ever-evolving nature of the cloud, the material has been updated to reflect the most recent state of the platforms at the time of writing.
.jpg)
Perhaps most exciting, the new 6-day version ends with a multi-cloud intrusion challenge! Students are provided with logs from a corporate environment leveraging Azure, AWS, and GCP in various capacities and tasked with identifying the malicious activity occurring in the environment. Students will team up to tackle this challenge, Find the Storm in the Cloud, and end Day 6 by presenting their findings to the class. One winning team will walk away with the new FOR509 challenge coin!
In this livestream listen to course author David Cowen explain each section of the course, what to expect, and learn about the latest Cloud DFIR trends
