SANS GULF REGION DUBAI: NOVEMBER 5 17, 2016 #SANSGULFREGION 6 SANS COURSES. SEC511 Continuous Monitoring and Security Operations

Transcription

1 THE WORLD S LARGEST & MOST TRUSTED PROVIDER OF CYBER URITY TRAINING SANS GULF REGION DUBAI: NOVEMBER 17, 201 #SANSGULFREGION 401 Essentials Bootcamp Style 04 Hacker Tools, Techniques, Exploits and Incident Handling SANS COURSES 11 Continuous Monitoring and Operations 42 Web App Testing and Ethical Hacking 0 Testing and Ethical Hacking 79 Virtualization and Private Cloud Register online and see full course descriptions at Save $300 with discount code EarlyBird1 for any course by 28 September 201.

2 COURSES AT A GLANCE ABOUT SANS CONTENTS COURSES AT A GLANCE p Essentials Bootcamp Style Hidayath Ullah Khan Hacker Tools, Techniques, Exploits and Incident Handling Steve Armstrong Continuous Monitoring and Operations Mark Hofman Web App Testing and Ethical Hacking Hassan El Hadary Testing and Ethical Hacking Erik Van Buggenhout Virtualization and Private Cloud Dave Shackleford SA p8 p9 p13 SU MO 7 TU 8 WE 9 TH 10 FR 11 SA 12 p10 p11 p12 SU 13 MO 14 TU 1 WE 1 TH 17 SANS IS THE MOST TRUSTED AND BY FAR THE LARGEST SOURCE FOR INFORMATION URITY TRAINING AND URITY CERTIFICATION IN THE WORLD. The SANS Institute was established in 1989 as a cooperative research and education organisation. Our training programs now reach more than 200,000 security professionals around the world. SANS provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks against the most dangerous threats - the ones being actively exploited. SANS courses are full of important and immediately useful techniques that you can put to work as soon as you return to the office. They were developed through a consensus process involving hundreds of administrators, security managers and information security professionals. Courses address security fundamentals and awareness as well as the in-depth technical aspects of the most crucial areas of IT security. SANS-certified instructors are recognised as the best in the world. To find the best teachers for each topic, SANS runs a continuous competition for instructors. Last year more than 100 people tried out for the SANS faculty, but only five new potential instructors were selected. SANS provides training through several delivery methods, both live & virtual: classroom-style at a training event, online at your own pace, guided study with a local mentor, or onsite at your workplace. SANS courses are taught in English by our world class SANS instructors, or in French or Spanish if you attend one of our excellent partner training events in France or Spain. In addition to top-notch training, SANS offers certification through the GIAC security certification program and numerous free security resources such as newsletters, whitepapers, and webcasts. Why SANS is the best training and educational investment: Intensive, hands-on immersion training with the highest-quality courseware in the industry. Incomparable instructors and authors who are industry experts and practitioners fighting the same cyber battles as you and discovering new ways to thwart attacks. Training that strengthens a student s ability to achieve a GIAC certification, which is unique in the field of information security certifications because it not only tests a candidate s knowledge, but also the candidate s ability to put that knowledge into practice in the real world. ABOUT SANS WELCOME TO SANS GULF REGION 201 REGISTRATION INFORMATION TRAINING AND YOUR CAREER ROADMAP COURSE CONTENT SUMMARIES SANS GULF REGION 201 INSTRUCTORS SANS EMEA 201 TRAINING EVENTS p3 p4 p p p8 p14 p1 2 NED BALTAGI Managing Director, ME & GCC Regions nbaltagi@sans.org Tel: Mobile: Address: SANS EMEA, PO Box 124, Swansea, SA3 9BB, UK - 17 Nov, Nov, 201 3

3 WELCOME TO SANS GULF REGION 201 SANS GULF REGION 201 RUNS FROM SATURDAY TH NOVEMBER TO THURSDAY 17 TH NOVEMBER AT THE HILTON DUBAI JUMEIRAH RESORT AND HOSTS COURSES DRAWN FROM ACROSS THE SANS CURRICULUM. THREE COURSES RUN IN WEEK ONE AND THREE IN WEEK TWO. REGISTER ONLINE AT: Registration fees include all courseware and training materials plus morning and afternoon break refreshments and lunch served in the hotel restaurant. Accommodation is not included. Students are able to attend free evening functions where available. Please register online as soon as possible to secure a seat at Gulf Region 201. Read on for course summaries or visit 4 SANS GULF REGION EVENT LOCATION Hilton Dubai Jumeirah Resort The Walk, Dubai Marina P.O.Box 2431, Dubai, U.A.E Telephone: info.jumeirah@hilton.com Website: DIRECTIONS FROM THE AIRPORT: Dubai International Airport: Exit Dubai International Airport via Al Quds St/D 91 and take the ramp on the left to E 11. Continue onto Sheikh Zayed Road taking exit 3. Follow the signs to Jumeirah Beach Road. As you turn left, the destination will be on your right. Distance from Hotel: 22 mi. Drive Time: 4 min. Taxi: Typical minimum charge AED Abu Dhabi International Airport: Follow signs to Dubai. When entering Dubai on Sheik Zayed Road, take exit 29 and follow signs for Dubai Marina. Enter Jumeirah Beach Road and as you turn left, the destination will be on your right. Distance from Hotel: 2 mi. Drive Time: 70 min. Taxi: Typical minimum charge AED REGISTER EARLY AND SAVE: Register for and pay before the 28th of September and save $300 USD by entering the code EarlyBird1. GROUP SAVINGS (APPLIES TO TUITION ONLY) -9 people = % 10 or more people = 10% Early bird rates and/or other discounts cannot be combined with the group discount. To obtain a group discount please emea@sans.org. TO REGISTER To register, go to Select your course or courses and indicate whether you plan to test for GIAC certification. How to tell if there is room available in a course: If the course is still open, the secure, online registration server will accept your registration. Soldout courses will be removed from the online registration. Everyone with internet access must complete the online registration form. We do not take registrations by phone. CONFIRMATION Look for confirmation. It will arrive soon after you register. We recommend you register and pay early to ensure you get your first choice of courses. An immediate confirmation is sent to you when the registration is submitted properly. If you have not received confirmation within two business days of registering, please call the SANS Registration office at :00am - 8:00pm Eastern Time or emea@sans.org. CANCELLATION You may subsitute another person in your place at any time by sending an request to emea@ sans.org. Cancellation requests by 19 Oct 201 by ing emea@sans.org - 17 Nov, 201 REGISTER NOW Nov, 201

4 EMEA SANS IT URITY TRAINING AND YOUR CAREER ROAD MAP CORE COURSES NETWORK OPERATIONS CENTRE, SYSTEM ADMIN, URITY ARCHITECTURE A Operations Centre (NOC) is where IT professionals supervise, monitor, and maintain the enterprise network. The NOC is the focal point for network troubleshooting, software distribution and updating, router and system management, performance monitoring, and coordination with affiliated networks. The NOC analysts work hand-in-hand with the Operations Centre, which safeguards the enterprise and continuously monitors threats against it. Analyst / Engineer, SOC Analyst, Cyber Threat Analyst, CERT Member, Malware Analyst 0 Securing Windows with PowerShell and the Critical Controls GCWN 301 GISF CORE COURSES 0 Securing Linux/Unix GCUX 401 G 01 GCED Implementing and Auditing the Critical Controls - In-depth GCCC 79 Virtualisation and Private Cloud The Operations Centre (SOC) is the focal point for safeguarding against cyber-related incidents, monitoring security, and protecting assets of the enterprise network and endpoints. SOC Analysts are responsible for enterprise situational awareness and continuous surveillance, including monitoring traffic, blocking unwanted traffic to and from the Internet, and detecting any type of attack. Point solution security technologies are the starting point for hardening the network against possible intrusion attempts. Endpoint Monitoring 01 Essentials - Enterprise Defender GCED FOR08 URITY OPERATIONS CENTRE/ INTRUSION DETECTION 02 Perimeter Detection GPPA Digital Forensics and Incident Response GCFA CORE COURSES Monitoring 03 Intrusion Detection GCIA FOR72 04 Hacker Tools, Techniques, Exploits, & Incident Handling GCIH Forensics and GCIA 11 Continuous Monitoring and Operations GMON Intrusion Detection Analyst, Operations Centre Analyst / Engineer, CERT Member, Cyber Threat Analyst 0 Threat Intelligence FOR78 Cyber Threat Intelligence Active Defense, Offensive Countermeasurers, & Cyber Deception RISK & COMPLIANCE/AUDITING/ GOVERNANCE These experts assess and report risks to the organisation by measuring compliance with policies, procedures, and standards. They recommend improvements to make the organisation more efficient and profitable through continuous monitoring of risk management. Auditor, Compliance Officer Implementing & Auditing the Critical Controls - GCCC AUD07 Auditing & Monitoring s, Perimeters, and Systems GSNA INFORMATION URITY Information security professionals are responsible for research and analysis of security threats that may effect an organisation s assets, products, or technical specifications. These security professionals will dig deeper into technical protocols and specifications related to security threats than most of their peers, identifying strategies to defend against attacks by gaining an intimate knowledge of the threats. Cyber Analyst, Cyber Engineer, Cyber Architect 301 Intro to Information GISF 401 Essentials Bootcamp Style G 01 Essentials Enterprise Defender GCED When the security of a system or network has been compromised, the incident responder is the first-line defense during the breach. The responder not only has to be technically astute, he/she must be able to handle stress under fire while navigating people, processes, and technology to help respond and mitigate a security incident. 03 Intrusion Detection GCIA FOR72 Forensics and GNFA FOR78 INCIDENT RESPONSE analyst/engineer, SOC analyst, Cyber threat analyst, CERT member, Malware analyst CORE COURSES 301 GISF 04 FOR408 Windows Forensic GCFE 401 G Hacker Tools, Techniques, Exploits and Incident Handling GCIH Endpoint FOR08 Digital Forensics and Incident Response GCFA Malware FOR10 Reverse Engineering Malware: Malware Tools & Techniques GREM PENETRATION TESTING/ VULNERABILITY ASSESSMENT Because offense must inform defense, these experts provide enormous value to an organisation by applying attack techniques to find security vulnerabilities, analyse their business risk implications, and recommend mitigations before they are exploited by real-world attackers. & Exploits 0 Testing and Ethical Hacking GPEN 0 Testing, Exploit Writing, and Ethical Hacking GXPN tester, Vulnerability assessor, Ethical hacker, Red/Blue team member, Cyberspace engineer CORE COURSES 301 GISF Web Mobile / Wireless 42 Web App Testing and Ethical Hacking GWAPT Web App Testing and Ethical Hacking 401 G Hacker Tools, Techniques, Exploits and Incident Handling GCIH 7 Mobile Device and Ethical Hacking GMOB 17 Wireless Ethical Hacking, Testing, and Defenses GAWN Lab Centred 1 Intense Hands-on Pen Testing Skill Development (with SANS NetWars) 2 CyberCity Hands-on Kinetic Cyber Range Exercise URE DEVELOPMENT The security-savvy software developer leads all developers in the creation of secure software, implementing secure programming techniques that are free from logical design and technical implementation flaws. This expert is ultimately responsible for ensuring customer software is free from vulnerabilities that can be exploited by an attacker. Developer, Software Architect, QA Tester, Development Manager Securing the Human for Developers STH.Developer Application Awareness Modules CYBER OR IT URITY MANAGEMENT Management of people, processes, and technologies is critical for maintaining proactive enterprise situational awareness and for the ongoing success of continuous monitoring efforts. These managers must have the leadership skills, current knowledge, and best practice examples to make timely and effective decisions that benefit the entire enterprise information infrastructure. CISO, Cyber Manager / Officer, Director DIGITAL FORENSIC INVESTIGATIONS & MEDIA EXPLOITATION With today s ever-changing technologies and environments, it is inevitable that every organisation will deal with cybercrime, including fraud, insider threats, industrial espionage, and phishing. To help solve these challenges, organisations are hiring digital forensic professionals and relying on cybercrime law enforcement agents to piece together a comprehensive account of what happened. Computer Crime Investigator, Law Enforcement, Digital Investigations Analyst, Media Exploitation Analyst, Information Technology Litigation Support & Consultant, Insider Threat Analyst FOR408 Windows Forensic GCFE FOR08 Digital Forensics and Incident Response GCFA FOR2 Memory Forensics ICS-focused courses are designed to equip both security professionals and control system engineers with the knowledge & skills they need to safeguard critical infrastructure. ICS/SCADA Cyber Threat Intelligence Essentials Specialisations Specialisations GICSP Specialisations FOR2 MGT3 Exploit Metasploit Python for Web App ICS1 Windows Incident Development Kung Fu for Web App ICS Active Memory Response Team for Enterprise Testers Testing & Response and Forensics Management Pen Testing Ethical Hacking Testing & Defense & 7 Testers GWAPT Ethical Hacking Response DEV41 Secure Coding in Java/JEE: Developing Defensible Applications GSSP-JAVA DEV22 Defending Web Applications Essentials GWEB DEV44 Secure Coding in.net: Developing Defensible Applications GSSP-.NET Foundational Core Specialisation MGT12 SANS Leadership Essentials For Managers with Knowledge Compression GSLC MGT2 IT Project Management, Effective Communication, and PMP Exam Prep GCPM MGT414 SANS Training Programme for CISSP Certification GISP MGT14 IT Strategic Planning, Policy & Leadership MGT3 Incident Response Team Management LEG23 Law of Data and Investigations GLEG MGT433 Securing The Human: Building and Deploying an Effective Awareness Programme AUD07 Auditing & Monitoring s, Perimeters, and Systems GSNA FOR8 Smartphone Forensics FOR10 Reverse Engineering Malware: Malware Tools & Techniques GREM ICS Hacker Tools, Techniques, Exploits and Incident Handling GCIH INDUSTRIAL CONTROL SYSTEMS / SCADA FOR18 MAC Forensic SAMPLE JOB TITLES: IT & OT Support, IT & OT Cyber, ICS Engineer

5 401 URITY ESSENTIALS BOOTCAMP STYLE HACKER TOOLS, TECHNIQUES, EXPLOITS AND INCIDENT HANDLING 04 HIDAYATH ULLAH KHAN G Certification 4 CPEs Saturday - Thursday 10 November STEVE ARMSTRONG GCIH Certification 37 CPEs Saturday - Thursday 10 November Develop effective security metrics that provide a focused playbook that IT can implement, auditors can validate, and executives can understand Analyse and assess the risk to your environment in order to drive the creation of a security roadmap that focuses on the right areas of security Learn practical tips and tricks to focus in on high-priority security problems within your organisation and on doing the right things that will lead to security solutions that work Learn why some organisations are winning and some are losing when it comes to security and, most importantly, how to be on the winning side Learn the core areas of security and how to create a security program that is anchored on PREVENT-DETECT- RESPOND 401: Essentials Bootcamp Style is focused on teaching you the essential information security skills and techniques you need to protect and secure your organisation s critical information assets and business systems. Prevention is Ideal but Detection is a Must. With the advanced persistent threat, it is almost inevitable that organisations will be targeted. Whether the attacker is successful in penetrating an organisation s network depends on the effectiveness of the organisation s defence. Defending against attacks is an on going challenge, with new threats emerging all of the time, including the next generation of threats. Organisations need to understand what really works in cybersecurity. What has worked, and will always work, is taking a risk-based approach to cyber defence. Before your organisation spends a dollar of its IT budget or allocates any resources or time to anything in the name of cybersecurity, three questions must be answered: 1. What is the risk? 2. Is it the highest priority risk? 3. What is the most cost-effective way to reduce the risk? is all about making sure you focus on the right areas of defence. In 401 you will learn the language and underlying theory of computer and information security. You will gain the essential and effective security knowledge you will need if you are given the responsibility for securing systems and/or organisations. This course meets both of the key promises SANS makes to our students: (1) You will learn up-to-the-minute skills you can put into practice immediately upon returning to work; and (2) You will be taught by the best security instructors in the industry. Organisations systems are likely to get hacked. All that s needed is an internet connection or a disgruntled employee or two. From the five, ten, or even one hundred daily probes against internet infrastructure, to the malicious insider slowly creeping through vital information assets, attackers target systems with increasing viciousness and stealth. SANS 04 helps defenders understand attackers tactics and strategies in detail. It gives hands-on experience of finding vulnerabilities and discovering intrusions. This course equips students with a comprehensive incident handling plan. The in-depth information in this course helps turn the tables on computer attackers. This course addresses the latest cutting-edge, insidious attack vectors, the oldie but-goodie attacks that are still so prevalent, and criminal methods between these extremes. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents. Students receive a detailed description of how attackers undermine systems. This empowers defenders to prepare for, detect, and respond to attacks. The course features hands-on workshops for discovering holes before the bad guys do. Additionally, 04 discusses the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence. This challenging course is particularly well suited to individuals who lead, or are a part of, an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks. Analyse the structure of common attack techniques to be able to evaluate an attacker s spread through a system and network, anticipating and thwarting further attacker activity Utilise tools and evidence to determine the kind of malware used in an attack, including rootkits, backdoors, and trojan horses, choosing appropriate defences and response tactics for each Use built-in command-line tools such as Windows tasklist, wmic, and reg as well as Linux netstat, ps, and lsof to detect an attacker s presence on a machine Analyse router and system ARP tables along with switch CAM tables to track an attacker s activity through a network and identify a suspect Use memory dumps and the Volatility tool to determine an attacker s activities on a machine, the malware installed, and other machines the attacker used as pivot points across the network IT IS MAKING ME QUESTION MY OWN BELIEFS. I WILL BE CHALLENGING COLLEAGUES AND STRATEGIES WHEN I RETURN TO WORK. THE COURSE IS FULL OF LOGICAL, WORKABLE SOLUTIONS. Anthony Usher HMRC VERY STRUCTURED AND WELL PREPARED COURSE. INTERESTING AND ENGAGING FOR PEOPLE NEW TO THE FIELD AS WELL AS EXPERIENCED PROFESSIONALS Ewe Konkolska PRUDENTIAL 8-17 Nov, 201 REGISTER NOW REGISTER NOW Nov, 201

6 11 CONTINUOUS MONITORING AND URITY OPERATIONS WEB APP PENETRATION TESTING AND ETHICAL HACKING 42 MARK HOFMAN 3 CPE/CMU Credits GIAC Cert: GMON Saturday 12 - Thursday 17 November HASSAN EL HADARY 3 CPE/CMU Credits GIAC Cert: GWAPT Saturday 12 - Thursday 17 November Analyse a security architecture for deficiencies Apply the principles learned in the course to design a defensible security architecture Understand the importance of a detection dominant security architecture and security operations centres (SOC) Identify the key components of, Monitoring (NSM)/ Continuous Diagnostics and Mitigation (CDM)/ Continuous Monitoring (CM) Determine appropriate security monitoring needs for organisations of all sizes Implementarobust Monitoring / Continuous Monitoring (NSM/CSM) Determine requisite monitoring capabilities for a SOC environment Determine capabilities required to support continuous monitoring of key Critical Controls Utilisetoolstosupport implementation of Continuous Monitoring (CM) per NIST guidelines SP Organisations invest significant amounts of time and resources trying to combat cyber attacks. Despite this tremendous effort, organisations are still compromised. The traditional perimeter-focused, prevention-dominant approach to security architecture fails to prevent intrusions. No network is impenetrable, a reality that business executives and security professionals alike have to accept. Prevention is crucial, and we can t lose sight of it as the primary goal. However, a new proactive approach to security is needed to enhance the capabilities of organisations to detect threats that will inevitably slip through their defences. The underlying challenge for organisations is timely incident detection. Industry data suggests that most security breaches typically go undiscovered for an average of seven months. Attackers know that a lack of visibility and internal security controls allow them to methodically carry out their mission and achieve their goals. The Defensible Architecture, Monitoring / Continuous Diagnostics and Mitigation / Continuous Monitoring, taught in this course will best position an organisation or Operations Centre to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would be early detection of an intrusion, or successfully thwarting the efforts of attackers altogether. The National Institute of Standards and Technology developed guidelines described in NIST SP for Continuous Monitoring, and day five greatly increase students understanding and enhances their skills in implementing Continuous Monitoring systems utilising NIST framework. 42 helps students move beyond push-button scanning to professional, thorough, high-value web application penetration testing. Customers expect web applications to provide significant functionality and data access. Even beyond the importance of customer-facing web applications, internal web applications increasingly represent the most commonly used business tools within any organisation. Unfortunately, there is no patch Tuesday for custom web applications. As a result, major industry studies find that web application flaws play a major role in significant breaches and intrusions. Adversaries increasingly focus on these high-value targets either by directly abusing public-facing applications, or by focusing on web apps as targets after an initial break-in. 42 enables students to assess a web application s security posture and convincingly demonstrate the impact of inadequate security that plagues most organisations. Students come to understand major web application flaws and their exploitation. More importantly, students learn a field-tested and repeatable process to consistently find these flaws and to convey what they have learned to their organisations. Pen testing is a technical discipline. A high value penetration test doesn t however end with pure security findings. Rather, the best pen testers are able to explain what their discoveries mean to business leaders and budget holders. Organisations need to understand security flaws and they need to take them seriously. Apply a detailed, four-step methodology to your web application penetration tests, including Recon, Mapping, Discovery, and Exploitation Analyse the results from automated web testing tools to remove false positives and validate findings Use Python to create testing and exploitation scripts during a penetration test Create configurations and test payloads within Burp Intruder to perform SQL injection, XSS, and other web attacks Use FuzzDB to generate attack traffic to find flaws such as Command Injection and File Include issues Assess the logic and transaction flaw within a target application to find logic flaws and business vulnerabilities Use Durzosploit to obfuscate XSS payloads to bypass WAFs and application filtering Analyse traffic between the client and the server application using tools such as Ratproxy and Zed Attack Proxy to find security issues within the clientside application code VERY COMPREHENSIVE, HANDS-ON AND CAN BE APPLIED TO WORKING ENVIRONMENT. Ewa Konkolska PRUDENTIAL, PGDS CTF IS A GREAT WAY TO PRACTICE THE COURSE CONTENT, REALLY ENJOYED IT. Chris Campbell RBS Nov, 201 REGISTER NOW REGISTER NOW Nov, 201

7 0 NETWORK PENETRATION TESTING AND ETHICAL HACKING VIRTUALISATION AND PRIVATE CLOUD URITY 79 ERIK VAN BUGGENHOUT 37 CPE/CMU Credits GIAC Cert: GPEN Saturday 12 - Thursday 17 November DAVE SHACKLEFORD 3 CPE/CMU Credits Saturday 12 - Thursday 17 November Develop tailored scoping and rules of engagement for penetration testing projects to ensure the work is focused, well defined and conducted in a safe manner Conduct detailed reconnaissance using document metadata, search engines and other publicly available information sources to build a technical and organisational understanding of the target environment Utilise the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting and version scanning to develop a map of target environments Configure and launch the Nessus vulnerability scanner so that it discovers vulnerabilities through both authenticated and unauthenticated scans in a safe manner, and customise the output from such tools to represent the business risk to the organisation professionals have critical responsibilities: finding and understanding an organisation s vulnerabilities, and working diligently to mitigate these risks before criminals exploit them. 0 prepares practitioners to fulfill these duties, and more. 0 starts with proper planning, scoping and recon, then dives deep into scanning, target exploitation, password attacks and wireless and web apps. The course has over 30 detailed hands-on labs. 0 prepares students to perform detailed reconnaissance by examining a target s infrastructure and mining blogs, search engines, social networking sites and other internet and intranet infrastructure. The course offers many real-world, hands-on tips all from the world s leading pen testers. Students learn to scan target networks using best-of-breed tools. In these tools, the course explores run- of-the-mill options and configurations. Lessons and units discuss these tools more advanced capabilities. After scanning, students learn dozens of methods for exploiting target systems. 0 explores how to gain access and how to measure real business risk. Students learn to examine post-exploitation situations, password attacks, wireless, and web apps. 0 moves through the target environment to model real-world attacks too. After building skills in five days of challenging labs, the course culminates in a fullday, real-world network penetration test scenario. Students conduct an end-to-end penetration test, applying the knowledge, tools and principles from 0. Students discover and exploit vulnerabilities in a realistic sample target organisation. IT INTRODUCES THE WHOLE PROCESS OF PEN TESTING FROM START OF ENGAGEMENT TO END. Barry Tsang DELOITTE Server virtualisation is one of today s most rapidly evolving and widely deployed technologies. Many organisations are already realising the cost savings from implementing virtualised servers. What s more, administrators love virtualised systems ease of deployment and management. With these benefits comes a dark side. Virtualisation technology is the focus of many new potential threats and exploits, and presents new vulnerabilities that must be managed. In addition, there are a vast number of configuration options that security and system administrators need to understand, with an added layer of complexity that has to be managed by operations teams. 79 starts with two days of architecture and security design for both virtual and private cloud infrastructures. The entire range of components is covered, ranging from hypervisor platforms to virtual networking, storage security, and locking down the individual virtual machine files. The third and fourth days of 79 detail offense and defence - how virtualised environments can be assessed using scanning and penetration testing tools and techniques. The course also asks: how do things change when we move to a cloud model? Once offense has been covered, 79 takes the opposite approach and goes into detail on performing intrusion detection and logging within the virtual environment, as well as covering anti-malware advances and changes within virtual infrastructure. Day five helps students adapt existing security policies and practices to the new virtualised or cloud-based infrastructure. 79 shows how to design a foundational risk assessment program and then build on this with policies, governance, and compliance considerations within an environment. Day six covers the top virtualisation configuration and hardening guides from Defense Information Agency (DISA), Center for Internet (CIS), Microsoft, and VMware. The course focusses on the most critical lessons and instructions from these guides. Students then perform a scripted, hands-on audit of VMware technology using controls guidance from the VMware hardening guide. Lock down and maintain a secure configuration for all components of a virtualisation environment Design a secure virtual network architecture Evaluate virtual firewalls, intrusion detection and prevention systems, and other security infrastructure Evaluate security for private cloud environments Perform vulnerability assessments and pen tests in virtual and private cloud environments, and acquire forensic evidence Perform audits and risk assessments within a virtual or private cloud environment EVERY SINGLE VIRTUALISATION ADMIN (IN OUR ORGANISATION) SHOULD TAKE THIS COURSE. I AM GOING TO PROMOTE THIS COURSE! Cory Verboom DMO Nov, 201 REGISTER NOW REGISTER NOW Nov, 201

8 SANS GULF REGION 201 INSTRUCTORS WE HAVE AN OUTSTANDING LINE UP OF EUROPEAN AND US-BASED INSTRUCTORS AT SANS GULF REGION 201. Steve Armstrong CERTIFIED INSTRUCTOR Erik Van Buggenhout Hassan El Hadar Mark Hofman CERTIFIED INSTRUCTOR Hidayath Ullah Khan Dave Shackleford SENIOR INSTRUCTOR Steve began working in the security arena in 1994 whilst serving in the UK Royal Air Force. He specialised in the technical aspects of IT security from 1997 onward, and before retiring from active duty, he lead the RAF s penetration and TEMPEST testing teams. He founded Logically Secure in 200 to provide specialist security advice to government departments, defence contractors, the online video gaming industry, and both music and film labels worldwide. When not teaching for SANS, Steve provides penetration testing and incident response services for some of the biggest household names in gaming and music media. To relax Steve enjoys playing Battlefield to loud music and developing collaborative DFIR tools. Erik is an instructor for the SANS 42 Web Application Testing & Ethical Hacking and SANS 0 Testing & Ethical Hacking courses. Next to his teaching activities for SANS, Erik is the head of technical security services at nviso. NViso is a Brussels-based IT security firm founded in early At nviso, Erik mainly focuses on security assessments (both on a network and application level). Next to security assessments, he also advises clients on how they can improve their IT security posture. Before co-founding nviso, Erik was a manager at Ernst & Young, where he led a team of technical security experts in the Diegem (Brussels) office. Together with his team, he delivered technical security advisory services to major clients in the EMEA financial services industry. Hassan is currently a Lead Consultant at SecureMisr heading the application security assessment and code review team. He is also responsible for performing penetration tests as well as advising customers in the areas of PCI-DSS and PCI-PIN Compliance Requirements. He started his career as a programmer, during which he developed his passion for Information. Hassan received his Masters degree in Computer Science from the American University in Cairo with a Thesis in the field of Secure Software Engineering. He is certified with GWAPT and GCIH. Hassan is an active participant in bug bounty programs. He was acknowledged and rewarded by several vendors such as Google, Apple, Facebook, Twitter, PayPal, ebay, Etsy, AT&T, Gift Cards, Cisco Meraki, and Groupon. He has publications and talks in several events such as SANS Pen Test Berlin, US - Egypt Cyber Workshop, Middle East Info Summit, ADPoly Cyber Bootcamp, OWASP Cairo Chapter, CSCAMP and SKLABS. Mark Hofman is a director and founder of Shearwater Solutions and has over 1 years experience in ICT. He has worked for both private industry and government and has provided a wide range of information security consulting services to numerous organisations, including the financial sector, private sector, and government organisations. Mark is currently a certified instructor for the SANS Institute. He has had a number of publications, has trained and lectured internationally, and is a handler for the Internet Storm Center. Mark holds professional certifications, including CISSP, GIAC GCFW, CompTIA + and BSI lead auditor accreditations. Jess Garcia is the founder and technical lead of One e, a global Information company specialised in Incident Response and Digital Forensics. With near 20 years in the field, and an active researcher in the area of innovation for Digital Forensics, Incident Response and Malware, Jess is today an internationally recognised Digital Forensics and Cybersecurity expert, having led the response and forensic investigation of some of the world s biggest incidents in recent times. In his career Jess has worked in a myriad of highly sensitive projects with top global customers in sectors such as financial & insurance, corporate, media, health, communications, law firms or government, in other Cybersecurity areas as well such as Architecture Design and Review, Tests, Vulnerability Assessments, etc. A Principal SANS Instructor with almost 1 years of SANS instructing experience, Jess is also a regular invited speaker at and DFIR conferences. Dave Shackleford is the owner and principal consultant of Voodoo and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organisations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vexpert with extensive experience designing and configuring secure virtualised infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Centre for Internet, and as a security architect, analyst, and manager for several Fortune 00 companies. Dave is the author of the Sybex book Virtualisation : Protecting Virtualized Environments, as well as the co-author of Hands-On Information from Course Technology. Recently Dave co-authored the first published course on virtualisation security for the SANS Institute. Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Alliance Nov, 201 REGISTER NOW REGISTER NOW Nov, 201

9 V19 - A Most courses are also available online, via SANS OnDemand. Contact emea@sans.org for information. Dates, Locations and Courses offered subject to change FRANKFURT, 201 DEC 12 TH - 17 TH AMSTERDAM, 201 DEC 12 TH - 17 TH DUBLIN, 201 DEC TH - 10 TH LONDON, 201 NOV 14 TH - 19 TH EUROPEAN URITY AWARENESS SUMMIT NOV 9 TH - 11 TH GULF REGION, 201 NOV TH - 17 TH MUNICH AUTUMN, 201 OCT 24 TH - 29 TH DFIR PRAGUE, 201 OCT 3 RD - 1 TH OSLO, 201 OCT 3 RD - 8 TH LONDON AUTUMN, 201 SEP 19 TH - 24 TH ICS LONDON, 201 SEP 19 TH - 2 TH BRUSSELS AUTUMN, 201 SEP TH - 10 TH VIENNA, 201 AUG 1 ST - TH LONDON SUMMER, 201 JUL 9 TH - 1 TH PEN TEST BERLIN, 201 JUN 20 TH - 2 TH STOCKHOLM, 201 MAY 9 TH - 14 TH LOCATION DATE AUD07 DEV22 DEV41 MGT433 MGT12 MGT14 FOR408 FOR08 FOR18 FOR2 FOR72 FOR78 FOR8 FOR10 ICS410 ICS IT AUDIT DEVELOPER MANAGE FORENSICS ICS/SCADA URITY EMEA SANS EMEA TRAINING EVENTS For a full list of training events, please visit 201