Thank You to Our Sponsors
This webinar is offered free of charge through collaboration between SANS and its sponsor(s). If you prefer not to share your registration details with sponsor(s), a recorded webinar will be available approximately 30 days after its initial release through the SANS archive. To access the recording, you will need to create a SANS account, but your information will not be shared with the sponsor(s).
Full Agenda (MT)
| Timeline (ET) | Session Details |
|---|---|
| 10:30am - 10:40am | Event Kickoff & Introduction Doug McKee, Event Chairperson & SANS Certified Instructor Candidate |
| 10:40am - 11:15am | So you need a Threat Profile… now what? This talk is designed to illuminate how Mandiant contextualizes Threat Profiles and provide implementation ideas on how they can be leveraged to bolster organizational security. We will discuss the strategy behind creating a Threat Profile, highlight the types of information Mandiant considers key to enable successful defender advantage, and then explain how to build a proactive strategy with the Threat Profile as the foundation. Steven Savoldelli, Sr. Intelligence Consultant, Mandiant Intelligence at Google Cloud Security |
| 11:15am - 11:50am | Optimizing Suspicious File Triage The 3 Questions you Should be Asking About Every Suspicious File This session is aimed at SOC managers and other cybersecurity professionals who are responsible for convicting and contextualizing numerous suspicious files daily. We will explore various approaches and discuss the pros and cons of each method. Additionally, we will cover the associated costs in terms of time, licenses, resources, and required skills. We will present a multi-layer triage approach to dealing with these files to optimize your SOC operations, reduce operational costs, and provide solid verdicts. Whether you examine ten files a day or over a million, please join us as we address real-world problems with best-practice solutions. Aaron Hoffman, SOAR Architect at Reversing Labs Stuart Phillips, Sr. Cybersecurity Marketing Strategist at Reversing Labs |
| 11:50am - 12:25pm | Exposing Triad Nexus: How FUNNULL CDN Facilitates Widespread Cyber Threats Silent Push's investigation into the FUNNULL CDN has revealed an enormous cluster of malicious infrastructure and exposed the pivotal role it plays in facilitating a wide array of cyber criminal activities, many of which are orchestrated by Chinese Triad groups. In this presentation we will cover our findings on the various criminal networks involved and how threat hunters can map them, dive into the hosting providers supporting this network, and take a peek at the retail phishing scams hosted by FUNNULL CDN that target some of the world's largest brands. Noah Plotkin, Solutions Engineer at Silent Push |
| 12:25pm - 12:40pm | Break Time - we'll be back in 15 min. |
| 12:40pm - 1:15pm | How the Rebels Beat the Empire: Cyber Threat Intelligence Lessons from Star Wars How did an advanced, persistent threat like the Galactic Empire fall to the ragtag Rebel Alliance? Why was the Empire initially unstoppable, only to be brought down in the end? In this session, we'll journey to a galaxy far, far away to learn how the answers to those questions can help threat intelligence teams more effectively contextualize, prioritize, and adapt to threats. Dan Cole, VP of Product Marketing at ThreatConnect |
| 1:15pm - 1:50pm | Unlocking Cyber Resilience: Censys ASM + Search Solutions for Modern Threat Intelligence Join us for an insightful session, Unlocking Cyber Resilience: Censys ASM + Search Solutions for Modern Threat Intelligence, where we’ll dive into strategies for overcoming these challenges. Discover how Censys’ Attack Surface Management (ASM) and Search Solutions empower organizations to integrate CTI into existing infrastructures, streamline intelligence dissemination, and bridge resource gaps. Through expert insights and real-world examples, this session will showcase how leveraging advanced tools and frameworks fosters collaboration, combats sophisticated adversaries, and ensures CTI programs align with your organization's strategic objectives. This presentation is tailored for CTI professionals, security leaders, and anyone looking to enhance their organization’s cyber resilience in the face of increasingly complex threats. Paul Lambert, Sr. Solutions Engineer at Censys |
| 1:50pm - 2:25pm | Using Customizable Vulnerability Intelligence to See Threats Faster and Act Smarter In today’s fast-paced threat landscape, not all vulnerabilities are created equal. Effective vulnerability management requires the ability to prioritize risks intelligently, focusing on the threats most likely to impact your organization. This talk explores how customizable vulnerability intelligence can help empower teams to identify critical risks faster and make smarter decisions. By leveraging tailored insights and context-driven analysis, security professionals can focus on the most critical issues, align mitigation efforts with organizational goals, and enhance their threat response strategies. Learn how to stay ahead of attackers by defending faster and defending smarter. Kasimir Schulz, Co-Founder at Rapid Risk Radar |
| 2:25pm - 2:30pm | Event Recap & Closing Remarks Doug McKee, Event Chairperson & SANS Certified Instructor Candidate |
