Privesc Playground - SANS Pen Test HackFest Summit 2017
Key Takeaways
The video discusses privilege escalation techniques on Linux systems, including exploiting command histories, abusing sudo permissions, and using set UID programs, with demonstrations of tools like sudo, fine, less, and John the Ripper.
Full Transcript
[Music] ladies and gentlemen Jake Williams thanks so I I was debating on whether or not to do a Who am I slide but I guess I don't know I guess I have to but look you know I like InfoSec and I think I'd kind of mentioned this I really enjoy InfoSec some of you may have seen yesterday although we totally did not time this that I was endorsed by the shadow brokers or some craziness I don't know new york times and some some nastiness that was a horrible photo by the way that they took a ton of photos and that's the one that they used and in fact there was a question about whether or not I had a hoodie available I said yes but under no circumstances was I gonna you know perpetuate the hacker stereotype with the black hoodie right there's no like zero question that's gonna happen so look yeah I think that's pretty much it all right so let's get into the cool stuff right the agenda I want to talk about privilege escalation we get a lot of shells on Linux systems and unfortunately more and more we're not route and I want to be rude because I want to steal all the data and I mean we pull regular user shells a lot and we want to take a look at a few ways that we can start privileged escalating now and we talked yesterday I think it was a derek rook mentioned that we get into the kernel vulnerabilities and those are awesome don't get me wrong but they can make a box really really unstable and if you're doing a pen test gig and you knock over some production server that was doing something big that's it's a career limiting move right particularly if you threw that kernel exploit for the fourth time and and finally you got roots and then all of a sudden you disconnected and you were following the two is one one is none all right verbage there right so you had the you had the two shells but they both disappeared simultaneously then you ping the box and it's not there and you go to re exploit the box and it's not there you get that sinking feeling in your gut pucker factor eight kicks in right and that this this is where you don't want to be right and I'm here to tell you that frequently you don't need to be here if you just take a little bit of creativity look around live off the land a little bit you're gonna find out that there's a lot available for you here from the privilege escalation side so we're gonna look at bash and command histories take a look at sudo we'll take a look at some insecure permissions my favorite has to be set UID because how could it not be right and and then of course give a couple of closing thoughts and break for the day turn it back over of course to mr. ed SCOTUS this is my favorite picture of offense ever because this is what Linux security looks like a lot of cases to me as a pen tester and it's my favorite fence ever because it's a ladder alright as you notice it very clearly you could not make a fence you couldn't design a fence easier to climb over is it in the way yes the speed bump sure right but my daughter right at five six years old would look at that and think playground right which is kind of the theme of my talk the privilege escalation playground the Pervez playground as it were and so again security often looks like this to a pen tester so look you know why are we doing this in the first place well increasingly we're not running as root unless of course you work in medical you work in medical your defibrillator the web interface runs this route yeah I'll let that sink in for a minute your defibrillator has a web interface right your IV pump of course your drug pump probably running his route but but look in general services in most systems that we compromise not running this route anymore app armor profiles or strict what we can do even when we exploit a service in a lot of cases I can't write to specific areas that I'd like to be able to write to this makes me a sad panda right I'm kind of I want to be able to want to be able to go exploit and own stuff and look app configurations we run into this one a lot a lot of app configurations create accounts for users on our Linux servers even when the user will never interactively log on to that server a great example this sometimes we have some mail servers and you know again whether or not these users have a shell whether they should have a shell many of them frequently do have a shell here they sit this Linux servers hanging out there if we have credentials sometimes we can just go log in as that user now I know what you're thinking if the users never logged on here what does that give me and the answer is nothing until you elevate right because I mean there's nothing there you to exploit or nothing therefore your steal because they never log on but but maybe we can find something that can help us elevate to root or elevate to another another user that can get us fruit we could wait for your vulnerability if we get onto a box and we can't exploit it immediately we can wait for new vulnerability and hope that we weaponize it before the target patches if they messed 1710 earlier this year taught us anything I used to go within ISO 800 67 but I mean it's 2017 now people are patching that finally thank goodness look if ms 1710 taught us anything earlier this year with wanna cry and Pecha its then people don't match even when we know the vulnerabilities bad and I think Petya kind of kind of highlights this a little bit I want to cry hits in May a few weeks later Petya kicks off and her not pitching whatever we're calling it today not Petya kicks off and I mean in between we should have seen a lot of people patching we saw some we didn't see nearly as much as we had hoped so again maybe we could wait we could wait and hope we can beat the target to a patch look this may work for apt right the advanced phishing threat may even work for red teamers sorry who have infinite time and space realistically for pen testers that the scope is too short right if I get on the server and I was like well we had a plan to elevate it was to wait for a vulnerability so if you can delay that report by six months I'd be great I don't think it's gonna work right now look pentesters we need more techniques to elevate privileges quickly look the reality here is your demonstrate value that's far beyond necess far beyond being a pen test puppy mill candidate right again you're basically demonstrating that you know how to work through a system you know how to go find custom vulnerabilities in the system so let's start with command histories right so history is very very convenient users love histories they love being able to go find these two up error through their commands the reality is attackers like these two I do a little happy dance every time I see a big shell history popped out because I find all kinds of stuff it's not just bash by the way there are tons of different apps that contain histories my sequel is one that I don't see people talk about a lot or exploit a lot but my sequel if you have something that does like a DBA that does a bunch of command line work they put some really crazy sensitive queries together right including like stuff where they update users passwords in the my sequel database and again that stored in clear text in their history and if their you mask is set wrong the default permissions on that are world readable and when I say it's sent wrong I mean set default right so if it's set default world readable permissions all right so if I can get in there and start doing some world readable permissions game on right bash history of course may point me to a password or a secret file or another host whatever alright so welcome to the playground right so as we get into the you know to the playground and take a look at what can we find with histories let's get in and take a look at a take a look at a bash history demo here so I was talking about good friend Trevor wait friend Trevor wild blue pail go and so anyway Trevor we're able to get Trevor's account on the machine and you can see the Trevor's got quite a history here all he wanted was a milkshake and yeah I mean who knew anyway so as we go through Trevor's command history his shell history you can see Trevor's a developer and and we kind of see it looks like he's building out some secure shell daemon stuff going on it's a little bit difficult to see here kind of scrolling through a little bit more and yeah there's some ports and some houses Trevor up to here okay to do text that seems pretty cool I like that but this is where things get cool because occasionally people try to do something and then don't quite don't quite get there right notice up here he doesn't my skew which is almost my sequel but not quite right now and what Trevor does without realizing it is immediately pops immediately pops it's a secret into the command prompt right and this is the kind of thing that we see occasionally let me see if I can find the spot here back again immediately pops it's a secret into the command party hasn't the copy/paste buffer right he's ready to go this totally makes sense and we see this in command histories and shell histories all the time I've done this I would challenge to find a person in here who hasn't done this right where you mistyped the command if I need to go you pasted it and what do you do in that case nuke the command history but that's not enough because if you're taken 504 you know that when you log out normally it's gonna write your new command history so I'm just nuke the current one you've got to go unset the history and offender on H bucks it's still gonna write it back anyway and then you come back in and nuke it it's ridiculous anyway point being here we now have the opportunity to potentially let's see all right let's see what we can do from here what Trevor can do from here well it's not really Trevor it's an attacker of course pivoting off of Trevor's account so when a login us routes to the log in his route to the my sequel server show databases seems pretty reasonable servers okay cool show tables off okay that seems again reasonable Oh wah-wah as they see that ed has a password of my office as cooler than yours and and it clearly is his office is definitely cooler than mine there is no doubt about that so so look basically here we've pivoted from a an arrant paste in a shell history right to compromise of another machine compromise of another users account are we rude - no but are we getting new data that we shouldn't have access to abso-freakin'-lutely right so again you know granted a couple of good laughs you're and that's cool but the reality is here that we don't want to overestimate or sorry underestimate undersell the ability to go exploit these command histories they are frequently awesome sources of information take a look at sue do I love suit is my favorite xkcd comic ever bar none right for those who are not familiar sue do pseudo is Super User do it allows you to go do something as some other user very often root and so the sudo command is just a plethora of awesome right there's a number of linux commands that have extra functionality built in a lot of system admins don't even realize that these commands have the ability to do other things right so we have actually seen people with sudo python before just mind-blowing to me because at that point you can do anything from the Python command line I mean the end of that but look find is one that we see a lot of helpdesk users have right so where the system admins not really comfortable to helpdesk having root but they are comfortable giving them fine because with fine they basically show them the command or like here go delete these big files in the temp directory all right and they have to be route four and like hey just do a sudo find and you can get a show with that turns out that you can get a shell with less and more as well look when you get into abusing sudo and are abusing fine I'll mention fine specifically with sudo I have totally screwed the stuff on a pen test before it's one of those losing kind of moves and what you want to do is you're gonna do a bin bash - I hear basically saying I want to get an interactive prompt and I did one of these Burroughs like find root - exec ooh because that finds everything and it launches a brand-new shell every time and then you control D and you're like gone gone gone and it's every file on the system don't do that actually every file and directory on the system eventually three or four and you're like oh let me go kill that parent process and okay but alas don't do that all right so get something it's only gonna find one file matching because how many root shells do you really I mean is it a competition yeah anyway I like to call this the suitor slide right because very often admins create pseudo permissions for people they end up setting up playgrounds something like this and of course we would never let our kids play here the reality is that of course our system admins let us play here all the time so let's take a look with with less and in this case we've compromised a compromise an account named ELISA and we're gonna go target poor and poreless as a pseudo permissions here see there you go so one of the first things we're going to do when we get on is we're gonna check and we do this regularly to see are there commands we can abused with sudo - L we're gonna West VAR log messages and you can see of course permission denied and this is one of the reasons that admins give away these permissions they say hey look you need to be able to read the log so that before I come in before I get the call in we're good to go now notice here what I'm doing is I'm dropping in editor mode in less which a lot of admins don't realize that you have it all anyway we're dropping in editor mode and once we're in editor mode we are basically saying go spawn a shell and now we're route again the reason your admins are giving this permission away to a lot of - a lot of users and again look for this particularly with helpdesk users write help desk user slash support type personnel right maybe who don't normally have root but they need them to be able to go look at log files they don't normally have permissions - and I've actually had admins come back and like it's less what's the worst that can happen I'm like a shell that's I mean like root total system compromised I don't know where do you want me to go with this I mean how about fine alright so again we're gonna take a look at poor hapless poor hapless user come on at the system and again as you take a look at fine this one is pretty much the same thing we're dropping right into root I mentioned before again a lot of times our admins are giving this permission away because what they want is the ability for people to be able to clear out temp files if you've driven in at 3:00 in the morning before to go clear out temp files because some errant process went went crazy you know what this is all about right so this is the syntax effectively here and you can see of course we get UID and GID if we are effectively route and so again in this case I'm making sure that we find in pharr log the name file messages and then this bash - I and this little guy over here if you're not familiar with fine the semicolon is necessary here basically to terminate the command that fines going to run on each file if you're not familiar with find totally get familiar with mine and by the way there are dozens of commands and Linux that you can do this with that have extra functionality and regularly on pen tests when we do a pseudo minus L and we see a new one we're like let's figure out how we can abuse this and most often there's a way sometimes it's not directly getting a shell someone's overriding a file and then waiting but but again given opportunities but we'll certainly figure out a way so insecure permissions Hammad lovech Ahmad shimada's either my best friend or my worst enemy I'll be honest in a lot of cases it's it's both I mean look as a system admin I love to mod I love to come in and set permissions and of course we should set permissions as restrictive as possible we know the sleaze privilege but system admins oftentimes Han little Aaron Cho mod here and Aaron Cho mod there no big deal I like to think about permissions a lot like this right where again you know if we put security in place actually forget security this is compliance this is PCI in a photo right so as we get into permissions what am I looking for I'm looking for startup scripts cron jobs user bash are sees anything that I can read that's going to get executed at some later time in the context of a user whose account I do not currently own because if the bash RC for instance right when a user logs in other bash RC is gonna get executed well can I can I write to it gosh I hope not if I can we have a fundamentally crazy problem going on but sometimes I can read it and sometimes I read it and I find that it calls some commands somewhere else that I can write to maybe a script or something else I can write to sometimes it calls a script that calls other things that I can write to and I just it's it's like a Pantene commercial right you lather rinse repeat right until you find something and I find something awesome so again we're gonna go abused these and oftentimes this comes through group right permissions right so look I'll tell you in a lot of cases we just shake our heads and god I don't know why this command or why this particular file had more permissions than it should have sometimes I think that it's a system admin with an arrant Hammad - are you're not familiar the - are it's the recursive switch and I think some admins sometimes accidentally like run that is root and and recursively through a directory tree or sometimes through users users home directory caused some problems so alas coming in ssh style take a look at take a look at us abusing ssh here so we've got this account non non root account and we want to take a look at how we can have we can beat up on some stuff notice John's account here is is worried readable right this shouldn't be in a sane environment this wouldn't be but John's account as it turns out totally is and what do you know he's got now his his you mask here is set by default to create world readable files and that's a default in Linux anyway the directory piece is not but that's likely a likely an errant errant shalad from the from the admin and we're gonna create a directory here and a copy over his backups because why wouldn't we right I don't know what they are but I mean they're bound to be fun and so we're going to copy over Jon's backups and take a look at what's in those backups because frequently we find some awesomeness there Wow I thought that I had I thought I'd cleaned that one up a little bit more but apparently I stole the old one in there anyway so look we've got a dot SSH directory and this is never a good thing I notice here we've got a private key and and man known host says local host so we go ahead and give it the I basically the idea for this current current key we're gonna go ahead then and go knock over the uh knock over the Box asked us for a password so we're going to start guessing accounts here and what do you know John's actually a system admin and this is kind of his his backdoor II now look whether it's localhost whatever it doesn't really matter you get the idea here my point here is go scavenge the system look for things you can read and then look at ways you can go about signing keys and backup files is a I don't say every pen test occurrence but but it's a it's a frequent occurrence right and again we can't normally read John's ID RSA or sorry ID underscore RSA in fact SSH won't even allow the key based authentication if anybody but John can read it right but that doesn't apply to backups does not apply to backups and go abused the backups because they're awesome alright let's take a look at another example here this this one's actually a little bit more complicated and we see this a lot with third-party software all right so I'm gonna start this guy up over here on the one terminal here and he's basically monitoring my UID to see if I've elevated the root notice here we do a cron basically looking at our crontab and we see that there's this custom script that runs called IP report SH and here we're taking a look at what is IP report in the first place well I don't know maybe they're troubleshooting something here but it calls this command my IP what is my IP I've never heard of this before and so I'm gonna run which here to find out where is it what does it do and what kind of permissions does it have oh oh this is horrible because look as root right we can see in crontab as root it's running IP report every minute to do some diagnostic when it runs IP report IP report calls my IP my IP as it turns out as world writable look sometimes and it may not be worldwide about maybe group writable to me right here I'm gonna go ahead and run a little script called get root because why not and and and we'll go ahead then and fire up this get root and we're gonna tell it to get root for in addition we put that a my IP and wait and wait and wait and root so again basically what we're doing here is this little get root dot s H and there's dozens of ways to do this this guy basically is resetting my UID in the password file to zero alright so basically log out log back in and I'm automatically root right so again what are we doing here we're looking at third party software we're looking in secure permissions on third party software and things that we know we're gonna automatically execute now listen I know this is a toy example a trivial example in fact we only had to go one layer deep here oftentimes they have to go two or three layers deep sometimes it's not on a cron job we have to go hit some of these bash RC and wait for them to log in and I mean again this is still a demonstration of a great vulnerability so I'll close out with my favorite here set UID the system admins Pandora's Box man sent you ideas so cool if you're not familiar set UID set UID commands run in the context of the file owner not the regular user this find command if you take nothing else away from this talk at all right besides Ed's secret password and definitely copy down the find command or take a screenshot or whatever we'll publish the slides for sure but look we're looking for here or set u ID and set GID programs because they run in the context of the user and not the converse re the contacts of the owner and not the context of the current user these things are freaking awesome because if they've got a vulnerability any kind of vulnerability we have a privilege escalation we can look for buffer overflows format string vulnerabilities insecure API usage etc coming back to the playgrounds I mean again how can you not my set UID playground again it's literally littered with bodies right so let's take a look at take a look at a vulnerability here so I hop onto my machine here and you can see that I don't have root I've got the regular little dollar sign guy there let me go and user bin and I'm gonna look for and in this case I'm only looking for set UID I'm not looking for set GID as well and notice down here I see something I know but this check host guy is brand-new to me so we're gonna see is he set UID and if so set UID what whoa root ok so say UID root what now well it says that the usage for this is check IP or check host IP or hostname let's run it and see what happens normally ok cool we're gonna run a command called L trace and L trace is magic because it goes in and looks at the libraries that are actually being library calls that are actually being made and now this is pretty noisy but notice what happens here system all right the API calls system calls ping with no path there's no path right now the way this should have happened one is nobody should have ever done this it's an insane program you should never write one like this and practically every one of you has one of these running currently on one of your system someplace I mean custom apps your app developers your contracted stuff your your I'm not going to name names like Oracle or lot anyways so different vendors write horrible stuff like this right and so again we don't have a path here that that's really going to be the root of the root of our problem so let's take a look at how to exploit this because if we control the path we control when we control where that command runs from right so we come in here and we're gonna go and do a oh here we go sorry I went one too far there so let's start by getting getting an etsy shadow alright so what are we gonna do here I'm gonna make a little temporary directory for myself and if you recall we had ping and grep and neither of them how to path now here I'm using Dash and oftentimes I have to bring - with me - is a magical shell it doesn't have all the fully featured awesomeness of bash but it does something very very important it's that it doesn't drop set UID permissions bash hates set UID right and I mess with bash a bunch and it just fights me and forget it I'll just bring all that I just bring - with me just bring it with him so check host good to go here I'm an export path equals dot : dollar sign path so now anything in my current directory gets called first and what do you know now we've got the password hashes right so we can begin cracking those offline using John the Ripper I'm contractually obligated in a sans course to mention John the Ripper and netcat in context at some point during the course we've now talked about John the Ripper in context and as far as context from netcat of course if we have bash instead of - we could just use the dev tcp option and then of course to replace netcat so contractual contractual obligation fulfilled okay so finally one more here and we'll close it out I want to show you going to auto route because cracking hashes is just I mean and there's dozens of ways to do this but cracking hashes it's a pain in the butt all right so I mean it can be a pain in the butt and so what I prefer to do here is why don't I just copy - over here I'm gonna call back door and and well-well chote it to route because remember this is going to run in the context of a root right and so how much mod you plus s cool back to backdoor yeah I say I try to take back door right yeah okay so will path equals dot again and drop the path and then we'll go run our check host and there's backdoor and revert okay so look closing thoughts right we got to wrap this up because dad's got a closing to do I've got boxes to go pone someplace else I'm sure so look creativity and persistence are key here I have to highlight here Nessus will not find a single one of these vulnerabilities for you rapid7 expose will not find a single one of these for you st. will not find these for you there is not a there's not a vulnerability scanner on the planet that finds these for you now before somebody jumps up and tells me runs brushes the stage and tells me hey nessus can find sent you ID I totally got a tracking but you have to understand how to go exploit those how to take advantage of those there's no scanner on the market that's gonna find these for you there's no scanner on the markets gonna help you elevate to route like this right by the way to notice that I had zero chance ever of crash in the box ever unlike a kernel vulnerability zero chance of crashing the box ever which means my paycheck is intact right my job is intact I don't have a resume updating event look there's a lot of techniques these are the techniques that we typically use to go escalate privileges on Nix machines look you know combining techniques you can you can get past the big bag of fail right because that happens a lot unfortunately look as far as wrap ups I would love to spend more time doing this I have dozens of other techniques we could talk about there's trust relationships there are a ton of these like help desk helper programs that we have just pwned the tar out of there's something called LD preload if you're not familiar with that you should totally become familiar with it because that's awesome there's script path injection flaws that we haven't really talked about I'm sure that there's well we've got lots of other stuff it's not on the list here as far as stuff we did cover and we talked about histories we talked about suet and gooood specifically here suet set UID but set GID is is also good pseudo and then of course unsecure permissions so I'm going to close it out here if you come hit me up Ed's gonna do is closing here but if you come see me before you go I've got the attend commandments of exploit mitigation card as well as the twelve twelve step program for overcoming an insecurity addiction and if you want one of those stop by up front here after head does its closing ad there's plenty of time for questions for Jake yes Derek oh do I have a blog post man I have dozens of blog posts that are in development this one I will take one there is one that was written I think it was two maybe three years ago by Jeff McJunkin fact pretty sure it was three years ago on escaping restricted shells it's on the sands pentester blog and we release that one as a hint for holiday hack challenge 2014 by the way everything that our team does is a hint for holiday chat hack challenge when we do it in November in December Josh that presentation was fantastic this morning by the way you know it was amazing holiday hack challenge also I just the show of hands for those of you who've played net were for or who have written net worths challenges did Jake's presentation there just kind of feel like a partial tutorial on how to get through some of network's challenges raise your hand if you think that thank you Jake yeah all those who haven't played tonight those who haven't played yeah what he just did that's great for networks also I really liked your talk and how it sort of kind of went hand in hand with Kirk Hayes's earlier talk on Windows right so that was kind of neat how that that did a great job I really appreciate it other questions though for for Jake look at Jeff McJunkin pull up blog oh that's good stuff is Sims in here by chance Stephens on here no he even mentioned yesterday as he got up here I mentioned Cole and a couple of other era Cole and a couple of other people if you have the chance to sit down with Steven Sims he is bar none one of the smartest people that I know and it is a he's the exactly the same person that Cole is you know basically him to me is what you know what Cole is to him I took a sans class with Steven back in o8 and I've never looked back if not for him I wouldn't be here so very good perfect thank you so much ladies Joan and Jake Williams [Applause]
Original Description
SANS Summit & Training event schedule: http://www.sans.org/u/DuS
Speaker: Jake Williams, Founder, Rendition Infosec; Certified Instructor and Course Author, SANS Institute
As organizations increase security postures, it's increasingly likely that we'll gain initial access as an unprivileged user. Sure, metasploit has "getsystem," but what happens when that doesn't work? Better yet, what if you're on Linux? In this session, Jake walks you through hands-on demonstrations of privilege escalation, using the techniques that he uses most in his engagements.
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from SANS Institute · SANS Institute · 37 of 60
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
▶
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
SANS NetWars
SANS Institute
SANS DFIR NetWars
SANS Institute
Hack The Drone - SANS Cyber Academy UK
SANS Institute
SANS VetSuccess Immersion Academy
SANS Institute
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
The 2015 SANS Holiday Hack Challenge
SANS Institute
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
SANS VetSuccess Academy Overview
SANS Institute
SANS ICS Security Summit & Training 2017
SANS Institute
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
WannaCry recap, patches, and analysis
SANS Institute
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
SANS Data Breach Summit & Training 2017
SANS Institute
SANS Secure DevOps Summit & Training 2017
SANS Institute
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
SANS Institute
SANS Institute
ICS515: ICS Active Defense and Incident Response
SANS Institute
SANS Institute
SANS Institute
Introducing the NEW SANS Pen Test Poster
SANS Institute
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
SANS ICS Security Training, Munich, Germany
SANS Institute
SANS Automotive Summit Webcast
SANS Institute
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
SANS Security Operations Summit & Training 2018
SANS Institute
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
A Sneak Peak at the New ICS410
SANS Institute
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
Introduction to Linux
SANS Institute
Introduction to Malware Analysis
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
SANS Webcast - Zero Trust Architecture
SANS Institute
SANS STX Cyber Range
SANS Institute
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Why I built Contextia: stopping secrets before they reach AI chats
Dev.to AI
A clean vulnerability scan doesn't mean you're secure: a Security+ Domain 4 breakdown
Dev.to · TiltedLunar123
The Complete Web Application Penetration Testing Guide (2026)— Part 2
Medium · Cybersecurity
The Networking Problem Nobody Talks About (Until It’s Too Late)
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI