FOR528: SANS Cyber Security Central: September 2022

Provided by

Enquire about this course

What You Will Learn

Learning to thwart the threat of human-operated ransomware once and for all!

Ransomware has become a common occurrence about which we hear in our daily computing lives. The threat of ransomware has evolved over time from being a single machine infection following an ill-advised mouse click to becoming a booming enterprise capable of crippling even large and small networks alike. FOR528 teaches students how to deal with the specifics of ransomware to prepare for, detect, hunt, response to, and deal with the aftermath of ransomware. The class includes multiple hunting methods, a hands-on approach to learning using real-world data, and a full-day, hands-on course capstone to help students solidify their learning.

Ransomware campaigns now follow the Tactics, Techniques, and Procedures (TTPs) of larger-scale, hands-on-the-keyboard attacks. This course shows you what artifacts to collect, how to collect them, how to scale out your collection efforts, how to parse the data, and how to review the parsed results in aggregate. The course also provides in-depth details along with detection methods for each phase of the ransomware attack lifecycle. These phases include Initial Access, Execution, Defense Evasion, Persistence, Privilege Escalation, Credential Access, Lateral Movement, Attacks on Active Directory, Data Access, and Data Exfiltration.

The FOR528 Ransomware for Incident Responders In-Depth Course will help you understand:
  • How ransomware has evolved to become a major business
  • How human-operated ransomware (HumOR) operators have evolved into well-tuned attack teams
  • Who and what verticals are most at risk of becoming a ransomware victim
  • How ransomware operators get into their "victim's" environments
  • How best to prepare your organization against the threat of HumOR
  • How to identify the tools that HumOR operators often use to get into and perform post-exploitation activities during a ransomware attack
  • How to hunt for ransomware operators within your network
  • How to respond when ransomware is running actively within your environment
  • What steps to take following a ransomware attack
  • How to identify data exfiltration
Read more


Start date Location / delivery
19 Sep 2022 Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...