9:15 – 9:45 am | John Hubbard | Modern Phishing Tactics and How to Spot Them
Phishing remains one of the most effective attack vectors, constantly evolving to bypass security measures and exploit human psychology. In this talk, Modern Phishing Tactics and How to Spot Them, we’ll methodically break down the different types of phishing attacks while analyzing the tactics attackers use to deceive their targets. By understanding these evolving techniques, cybersecurity defenders can sharpen their ability to detect and disrupt phishing attempts before they succeed. This session will provide practical insights and real-world examples to help security professionals stay ahead of attackers and protect their organizations. |
9:45 – 10:15 am | Mark Baggett | Hacking Flask: Mastering Command Injection Attacks Through Hands-On Exploitation and Defense
Get ready to dive into the thrilling world of command injection attacks with a live, hands-on journey that every Infosec professional will love! In this fast-paced 25-minute talk, we’ll build a vulnerable Flask web application, expose its weaknesses, and exploit it like a seasoned attacker—executing system commands with nothing but a cleverly crafted input. But the excitement doesn’t stop there! We’ll then flip the script, dissecting the attack step-by-step and hardening the app with practical, real-world fixes you can apply immediately. Whether you’re a penetration tester, developer, or security enthusiast, this session will arm you with the skills to spot, exploit, and eliminate command injection vulnerabilities—leaving you both inspired and ready to tackle your next challenge. Bring your curiosity; leave with a hacker’s mindset and a defender’s toolkit! |
10:15 – 10:45 am | Nick Mitropoulos | Stay Ahead of Attackers: Build a Powerful Detection Lab
Attackers are evolving — are your defenses keeping up? Before investing in new security tools, focus on what truly matters: visibility. The key to staying ahead is crafting effective detection rules that spot threats before it's too late. Join Nick Mitropoulos, SANS Certified Instructor and author of SEC555, for a power-packed webinar on building a detection lab—your foundation for creating, testing, and deploying high-quality detection rules. Don’t just react—anticipate. Secure your spot now! |
10:45 – 11:00 am | BREAK | |
11:00 – 11:30 am | Sean Thomas | Social Engineering – Evaluating Your Organization’s Risk
Today's unfortunate reality is that every organization is under threat from social engineering attacks. The people in our organization are often a primary target – not because of who they are, but because of the systems those people have access to, and that attackers seek to compromise. Understanding the various threats, and the risks they pose, is vital to being able to increase our people's awareness of them. With awareness comes a chance to better defend themselves. This presentation will explore several social engineering attack methods, give ideas for assessing the social engineering threats your organization may face, and look at ways to increase your people's awareness of and resistance to those risks. |
11:30 am – 12:00 pm | Andy Laman | Let's create some Magic(packets)
Recently, there have been several malicious campaigns that are using "magic packets" to wake listening agents to initiate reverse shells or open backdoors for skulking attackers. In this session, we are going to look at the proprieties of a couple of these packets and create them to test on our network. How do we know if our defenses are working if we don't test them? Plus, it's always fun to craft packets! |
12:00 – 12:30 pm | Jeff Lomas | Fraud and Remote Workers - OSINT Solutions
Remote work and AI have brought the globe together to bring the best possible candidates and high levels of productivity to organizations without the logistical challenges of relocation. The simultaneous development of AI and remote work have also created the perfect storm for attackers to infiltrate companies using the latest advancements in AI and the TTPs seen with fraud actors using synethetic identities. Join Jeff has he explores the current threat landscape and identifies how to identify and fend off these threats by melding OSINT and security controls. |
12:30 – 1:00 pm | BREAK | |
1:00 – 1:30 pm | Bryan Simon | Harnessing Hardware-Based Security for Resilient Defenses in 2025
As cyber threats grow increasingly sophisticated, the need for robust defenses has never been greater. In this session, we explore the critical role of hardware-based security in building a resilient cybersecurity strategy for 2025 and beyond. From Secure Boot and Trusted Platform Modules (TPMs) ensuring system integrity, to advanced hardware-based endpoint protection safeguarding sensitive data, this presentation will provide practical insights into the latest innovations for Windows and macOS. Join Bryan Simon, SANS Senior Instructor, to discover how leveraging these cutting-edge solutions can strengthen your defenses and help secure your organization’s digital fortress. |
1:30 – 2:00 pm | Ismael Valenzuela | AI-Powered BladeRunners, Part 2: Threat Intelligence Meets Zero Trust
Return to the dystopian world of Tyrell Corp—where ‘more human than human’ AI meets cutting-edge cyberdefense. This session dives deeper into how ‘All Around Defenders’ can harness automation and orchestration to ‘follow the weapons’ and outsmart adversaries. Drawing on SANS Security 530 concepts, we’ll show how Large Language Models (LLMs) can map MITRE ATT&CK coverage, generate test data, and speed up threat analysis. Learn how to integrate AI-driven threat intelligence into your defenses—just like a modern-day BladeRunner. |
2:00 – 2:30 pm | Ben Barnes | Threat(ening) Models
Large Language Models (LLMs) are rapidly transforming software development, offering unprecedented capabilities but also introducing novel security risks. What happens when AI is enabled in your organization and how can it be implemented securely? This talk explores the crucial role of threat modeling in securing software solutions that incorporate LLMs. We will examine the unique threat landscape posed by LLMs and how to design systems that can harness their power without needlessly increasing risk. Attendees will learn how to identify what could go wrong and what can be done about to build secure environments for powerful AI models. |
2:30 – 2:45 pm | BREAK | |
2:45 – 3:15 pm | Tony Turner | Building and Scaling SBOM Programs
Software bill of materials (SBOM) has been a topic of conversation ever since US EO 14028 made them required in federal procurement. As we move from SBOM generation into SBOM management in pursuit of scalable risk management there are several obstacles that stand in our way. This presentation will cover the lifecycle and maturity phases for an SBOM program for suppliers, third party consultants and tool providers, and consumers of software and SBOM and how we can effectively navigate these issues. Attendees will receive a SBOM Maturity and Process Flow infographic to help understand and communicate how to develop, build, and optimize for SBOM scale. |
3:15 – 3:45 pm | Seth Misenar | Exposing the Blind Spots: Mapping the Attack Surface of GenAI & LLM Applications
As organizations race to integrate GenAI and LLM applications, many remain unaware of the expanding cybersecurity and privacy risks beneath the surface. Whether deploying proprietary models, leveraging APIs, fine-tuning open architectures, or implementing RAG and agentic AI, each choice introduces unique attack vectors. In this session, SANS Fellow and Author Seth Misenar demystifies the rapidly evolving GenAI/LLM attack surface, breaking down critical security challenges across different implementation patterns. Through real-world examples and practical security strategies, attendees will learn how to identify vulnerabilities, implement effective safeguards, and maintain resilience against emerging AI threats. AI's potential is undeniable, but realizing its promise requires first understanding its risks. |
3:45 – 4:15 pm | Dave Shackleford | Level Up! A Threat Detection and Response Walkthrough
Boost Your Cybersecurity Skills with a Hands-On Threat Detection & Response Walkthrough! In today’s fast-evolving threat landscape, security operations teams need to be at the top of their game—constantly sharpening their skills to identify vulnerabilities, detect unusual behavior, and respond to threats with precision. The ability to analyze malicious activity at both the system and network levels isn’t just valuable—it’s essential. Join Dave Shackleford, SANS Senior Instructor and co-author of SEC501, for an action-packed, deep-dive session into threat detection and response. This isn’t just theory—Dave will walk you through real-world attack scenarios, covering everything from vulnerability assessment and exploitation to malware execution, network forensics, and incident response. You’ll gain practical insights and hands-on knowledge to elevate your security expertise and stay ahead of attackers. Don’t miss this chance to level up your detection and response skills! |
4:15 – 4:30 pm | BREAK | |
4:30 – 5:00 pm | Dave Hoelzer | Agentic AI and Security
AI continues to have amazing applications and potential. What kinds of things are possible today? Are agents and LLMs the way forward, or are we reaching a limit? Come and see some practical applications of AI in cybersecurity today and hear about where this field is likely going. Equip yourself with the answers to the questions your organization’s leadership are asking you! |
5:00 – 5:30 pm | Matt Edmondson | Removing the Friction Between Us and AI
Face it: AI is going to continue to improve with or without us. As individuals, shouldn't our focus shift to reducing the friction between ourselves and AI capabilities to be as effective and efficient with the technology as possible? In this fun, short talk, I'll demonstrate ways that I've changed how I use AI in 2025 and show some recent examples that prove AI isn't just about improving efficiency, but also adding entirely new capabilities that didn't exist three years ago. |
