WIXLIB

SANS BRUSSELS 2016REGISTRATION INFORMATIONREGISTER ONLINE AT: WWW.SANS.ORG/EVENT/BELGIUM-2016REGISTER EARLYAND SAVEGROUP SAVINGSRegister for #SANSBRUSSELSand pay before the 2nd ofDecember and save 450 byentering the code EarlyBird165-9 people 5%All course prices are listed atsans.org/event/belgium-2016(APPLIES TO TUITION ONLY)10 or more people 10%Early bird rates and/or other discounts cannot becombined with the group discount.To obtain a group discount please email emea@sans.org.TO REGISTERCONFIRMATIONCANCELLATIONTo register, go towww.sans.org/event/belgium-2016Select your course or courses andindicate whether you plan to test forGIAC certification.Look for e-mail confirmation. It willarrive soon after you register. Werecommend you register and payearly to ensure you get your firstchoice of courses.You may subsitute another person inyour place at any time by sending ane-mail request toemea@sans.org.How to tell if there is room availablein a course: If the course is still open,the secure, online registration serverwill accept your registration. Sold-outcourses will be removed from theonline registration. Everyone withinternet access must complete theonline registration form. We do nottake registrations by phone.An immediate e-mail confirmation issent to you when the registration issubmitted properly. If you have notreceived e-mail confirmation withintwo business days of registering,please call the SANS Registrationoffice at 1 301-654-7267,9:00am - 8:00pm Eastern Timeor email emea@sans.org.Register now www.sans.org/event/belgium-2016Cancellation requests by Dec 23rd,2015, by emailing emea@sans.org@SANSEMEA #SANSBrussels7

www.sans.org/SEC401SEC401SECURITY ESSENTIALSBOOTCAMP STYLEInstructor: Dr. Eric ColeSix-Day Programme: Mon 18th – Sat 23rd January 9:00am - 7:00pm36 CPE/CMU Credits GIAC Cert: GSECLaptop RequiredYou will learn.Course details SEC401: Security Essentials Bootcamp Style is focused on teaching you theessential information security skills and techniques you need to protect andsecure your organisation’s critical information assets and business systems. 8 To develop effective securitymetrics that provide a focusedplaybook that IT can implement,auditors can validate, andexecutives can understandTo analyse and assess the riskto your environment in order todrive the creation of a securityroadmap that focuses on theright areas of securityPractical tips and tricks tofocus in on high-prioritysecurity problems within yourorganisation and on doing theright things that will lead tosecurity solutions that workWhy some organisations arewinning and some are losingwhen it comes to security and,most importantly, how to be onthe winning sideThe core areas of security andhow to create a security programthat is anchored on PREVENTDETECT-RESPOND.“Prevention is Ideal but Detection is a Must.”With the advanced persistent threat, it is almost inevitable that organisations willbe targeted. Whether the attacker is successful in penetrating an organisation’snetwork depends on the effectiveness of the organisation’s defence. Defendingagainst attacks is an on going challenge, with new threats emerging all of thetime, including the next generation of threats. Organisations need to understandwhat really works in cybersecurity. What has worked, and will always work, istaking a risk-based approach to cyber defence. Before your organisation spendsa dollar of its IT budget or allocates any resources or time to anything in the nameof cybersecurity, three questions must be answered:1.What is the risk?2.Is it the highest priority risk?3.What is the most cost-effective way to reduce the risk?Security is all about making sure you focus on the right areas of defence. InSEC401 you will learn the language and underlying theory of computer andinformation security. You will gain the essential and effective security knowledgeyou will need if you are given the responsibility for securing systems and/ororganisations.This course meets both of the key promises SANS makes to our students:1.You will learn up-to-the-minute skills you can put into practice immediatelyupon returning to work; and2.You will be taught by the best security instructors in the industry.Register now www.sans.org/event/belgium-2016@SANSEMEA #SANSBrussels“It is making me question my own beliefs. I will be challengingcolleagues and strategies when I return to work. The course isfull of logical, workable solutions.”ANTHONY USHER, HMRC

www.sans.org/SEC504SEC504HACKER TOOLS,TECHNIQUES, EXPLOITSAND INCIDENT HANDLINGInstructor: Steve ArmstrongSix-Day Programme: Mon 18th – Sat 23rd January 9:00am - 5:00pm36 CPE/CMU Credits GIAC Cert: GCIHLaptop RequiredCourse detailsYou will learn.The Internet is full of powerful hacking tools and bad guys using them extensively. Ifyour organisation has an Internet connection or one or two disgruntled employees(and whose doesn’t!), your computer systems will get attacked. From the five, ten, oreven one hundred daily probes against your Internet infrastructure to the maliciousinsider slowly creeping through your most vital information assets, attackers aretargeting your systems with increasing viciousness and stealth. As defenders, it isessential we understand these hacking tools and techniques. By helping you understand attackers’ tactics and strategies in detail, giving youhands-on experience in finding vulnerabilities and discovering intrusions, andequipping you with a comprehensive incident handling plan, this course helpsyou turn the tables on computer attackers. It addresses the latest cutting-edgeinsidious attack vectors, the “oldie-but-goodie” attacks that are still prevalent, andeverything in between. Instead of merely teaching a few hack attack tricks, thiscourse provides a time-tested, step-by-step process for responding to computerincidents, and a detailed description of how attackers undermine systems so youcan prepare, detect, and respond to them. In addition, the course explores thelegal issues associated with responding to computer attacks, including employeemonitoring, working with law enforcement, and handling evidence. Finally, studentswill participate in a hands-on workshop that focuses on scanning for, exploiting, anddefending systems. It will enable you to discover the holes in your system before thebad guys do! The course is particularly well-suited to individuals who lead or are a part of anincident handling team. General security practitioners, system administrators, andsecurity architects will benefit by understanding how to design, build, and operatetheir systems to prevent, detect, and respond to attacks. Register now www.sans.org/event/belgium-2016@SANSEMEA #SANSBrussels“Allows me to improve and understand the technical side in moredetail, learning about attacks before, when and after they happen”CHRIS CLARK, INMARSATHow best to prepare for aneventual breachThe step-by-step approach used bymany computer attackersProactive and reactive defences foreach stage of a computer attackHow to identify active attacks andcompromisesThe latest computer attack vectorsand how you can stop themHow to properly contain attacksHow to ensure that attackers donot returnHow to recover from computerattacks and restore systems forbusinessHow to understand and usehacking tools and techniquesStrategies and tools for detectingeach type of attackAttacks and defences for Windows,Unix, switches, routers, and othersystemsApplication-level vulnerabilities,attacks, and defencesHow to develop an incidenthandling process and prepare ateam for battleLegal issues in incident handling9

www.sans.org/SEC542SEC542WEB APP PENETRATIONTESTING AND ETHICALHACKINGInstructor: Raul SilesSix-Day Programme: Mon 18th – Sat 23rd January 9:00am - 5:00pm36 CPE/CMU Credits GIAC Cert: GWAPTLaptop RequiredYou will learn.Course details SEC542 helps students move beyond push-button scanning to professional,thorough, high-value web application penetration testing. 10 To apply a repeatable methodology to deliver high-valuepenetration tests.How to discover and exploit keyweb application flaws.How to explain the potentialimpact of web applicationvulnerabilities.The importance of webapplication security to an overallsecurity posture.How to wield key web application attack tools more efficiently.Customers expect web applications to provide significant functionality and dataaccess. Even beyond the importance of customer-facing web applications, internalweb applications increasingly represent the most commonly used business toolswithin any organisation. Unfortunately, there is no “patch Tuesday” for customweb applications, so major industry studies find that web application flaws play amajor role in significant breaches and intrusions. Adversaries increasingly focuson these high-value targets either by directly abusing public-facing applications orby focusing on web apps as targets after an initial break-in.Modern cyber defence requires a realistic and thorough understanding of webapplication security issues. Anyone can learn to sling a few web hacks, buteffective web application penetration testing requires something deeper.SEC542 enables students to assess a web application’s security posture andconvincingly demonstrate the impact of inadequate security that plagues mostorganisations.Students will come to understand major web application flaws and theirexploitation and, most importantly, learn a field-tested and repeatable processto consistently find these flaws and convey what they have learned to theirorganisations. Even technically gifted security geeks often struggle with helpingorganisations understand risk in terms relatable to business. Much of the art ofpenetration testing has less to do with learning how adversaries are breakingin than it does with convincing an organisation to take the risk seriously andemploy appropriate countermeasures. The goal of SEC542 is to better secureorganisations through penetration testing, and not just show off hacking skills.The course will help you demonstrate the true impact of web application flawsthrough exploitation.Register now www.sans.org/event/belgium-2016@SANSEMEA #SANSBrussels“Fun while you learn! Just don’t tell your manager. Every classgives you invaluable information from realworld testing youcannot find in a book.”DAVID FAVA, THE BOEING COMPANY

www.sans.org/FOR408FOR408WINDOWS FORENSICANALYSISInstructor: Jess GarciaSix-Day Programme: Mon 18th – Sat 23rd January 9:00am - 5:00pm36 CPE/CMU Credits GIAC Cert: GCFELaptop RequiredCourse detailsYou will learn.FOR408: Windows Forensic Analysis focuses on building in-depth digital forensicsknowledge of the Microsoft Windows operating systems. You can’t protect whatyou don’t know about, and understanding forensic capabilities and artefacts is acore component of information security. Learn to recover, analyse, and authenticateforensic data on Windows systems. Understand how to track detailed user activityon your network and how to organise findings for use in incident response, internalinvestigations, and civil/criminal litigation. Use your new skills for validating securitytools, enhancing vulnerability assessments, identifying insider threats, trackinghackers, and improving security policies. Whether you know it or not, Windowsis silently recording an unimaginable amount of data about you and your users.FOR408 teaches you how to mine this mountain of data. Proper analysis requires real data for students to examine. The completely updatedFOR408 course trains digital forensic analysts through a series of new handson laboratory exercises that incorporate evidence found on the latest Microsofttechnologies (Windows 7, Windows 8/8.1, Windows 10, Office and Office365,cloud storage, Sharepoint, Exchange, Outlook,). Students leave the course armedwith the latest tools and techniques and prepared to investigate even the mostcomplicated systems they might encounter. Nothing is left out - attendees learn toanalyse everything from legacy Windows XP systems to just discovered Windows 8.1artefacts.FOR408 is continually updated: This course utilises a brand-new intellectualproperty theft and corporate espionage case that took over 6 months to create.You work in the real world and your training should include real practice data. Ourdevelopment team used incidents from their own experiences and investigationsand created an incredibly rich and detailed scenario designed to immerse studentsin a true investigation. The case demonstrates the latest artefacts and technologiesan investigator can encounter while analysing Windows systems. The incrediblydetailed workbook details the tools and techniques step-by-step that eachinvestigator should follow to solve a forensic case.Register now www.sans.org/event/belgium-2016“Hands down the BEST forensics class EVER!!Blew my mind at least once a day for 6 days!”JASON JONES, USAF To conduct in-depth forensicanalysis of Windows operatingsystems and media exploitationfocusing on Windows 7, Windows8/8.1, Windows 10, and WindowsServer 2008/2012To identify artifact and evidencelocations to answer criticalquestions, including applicationexecution, file access, datatheft, external device usage,cloud services, geo-location, filedownload, anti-forensics, anddetailed system usageTo focus your capabilities onanalysis instead of how to usea specific toolTo extract key answers and buildan in-house forensic capabilityvia a variety of free, open-source,and commercial tools providedwithin the SANS Windows SIFTWorkstation@SANSEMEA #SANSBrussels11

www.sans.org/FOR572FOR572ADVANCED NETWORKFORENSICS ANDANALYSISInstructor: George BakosSix-Day Programme: Mon 18th – Sat 23rd January 9:00am - 5:00pm36 CPE/CMU Credits GIAC Cert: GNFALaptop RequiredYou will learn.Course details FOR572: Advanced Network Forensics and Analysis was built from the groundup to cover the most critical skills needed to mount efficient and effectivepost-incident response investigations. We focus on the knowledge necessaryto expand the forensic mind-set from residual data on the storage media froma system or device to the transient communications that occurred in the pastor continue to occur. Even if the most skilled remote attacker compromised asystem with an undetectable exploit, the system still has to communicate over thenetwork. Without command-and-control and data extraction channels, the value ofa compromised computer system drops to almost zero. Put another way: Bad guysare talking - we’ll teach you to listen. 12 Extract files from network packetcaptures and proxy cache files,allowing follow-on malwareanalysis or definitive data lossdeterminationsUse historical NetFlow data toidentify relevant past networkoccurrences, allowing accurateincident scopingReverse engineer customnetwork protocols to identify anattacker’s command-and-controlabilities and actionsDecrypt captured SSL traffic toidentify attackers’ actions andwhat data they extracted fromthe victimUse data from typical networkprotocols to increase the fidelityof the investigation’s findingsIdentify opportunities to collectadditional evidence based on theexisting systems and platformswithin a network architectureExamine traffic using commonnetwork protocols to identifypatterns of activity or specificactions that warrant furtherinvestigationThis course covers the tools, technology, and processes required to integratenetwork evidence sources into your investigations, with a focus on efficiencyand effectiveness. You will leave this week with a well-stocked toolbox andthe knowledge to use it on your first day back on the job. We will cover the fullspectrum of network evidence, including high-level NetFlow analysis, low-levelpcap exploration, ancillary network log examination, and more. We cover howto leverage existing infrastructure devices that may contain months or years ofvaluable evidence as well as how to place new collection platforms while anincident is already under way.Whether you are a consultant responding to a client’s site, a law enforcementprofessional assisting victims of cybercrime and seeking prosecution of thoseresponsible, or an on-staff forensic practitioner, this course offers hands-onexperience with real-world scenarios that will help take your work to the nextlevel. Previous SANS SEC curriculum students and other network defenders willbenefit from the FOR572 perspective on security operations as they take onmore incident response and investigative responsibilities. SANS Forensic alumnifrom 408 and 508 can take their existing knowledge and apply it directly to thenetwork-based attacks that occur daily. In FOR572, we solve the same calibre ofreal-world problems without any convenient hard drive or memory images.Register now www.sans.org/event/belgium-2016@SANSEMEA #SANSBrussels“The SANS Institu

security professionals around the world. SANS provides intensive, immersion training designed to help you and your sta! master the practical steps necessary for defending systems and networks against the most dangerous threats - the ones being actively exploited. SANS courses are ful