SANS Offensive Operations

If you don’t understand how attackers break systems, you can’t defend them. #SEC504 is where defenders become strategists — learning real adversary tradecraft step-by-step. 🛠️ Learn more: go.sans.org/vQDGZo

Get 25% discount on our #RedTeam course in Beta! #SEC665 is a modern, detection-aware training designed for operators who must execute campaigns in environments where visibility is high, and #OPSEC matters. 🥷 Seats are limited: sans.org/cyber-security…

AI is accelerating attackers. Join us in Arlington at #AISummit (Apr 20–21) for 2 days of talks & workshops, including a hands-on session with Andy Dennis on exploiting vulnerable apps with AI-powered tools and how attacks scale in real environments. ➡️ sans.org/u/1CNB

Red teamers + CTI analysts: this one’s for you. Turn threat reports into adversary profiles using ATT&CK + AI workflows. Mar 26 with Jean-François Maes. 📅 10AM–12PM ET 🔗 go.sans.org/s7OjDr #SEC565 #RedTeam #ThreatIntel #AI

📢 Major update alert! Co-authored by Eric Conrad, Timothy McKenzie, and Bojan Zdrnja, now with more API exploitation, modern injection techniques, client-side attacks, AuthN/AuthZ bypass, and advanced vulnerability chaining. 🕷️ Check out the update: sans.org/sec542

Research HAFNIUM. Extract TTPs. Map to ATT&CK. Then automate it with AI agents. Hands-on workshop with Jean-François Maes on Mar 26. 📅 10AM–12PM ET 🔗 go.sans.org/s7OjDr #ThreatIntel #MITREATTACK #RedTeam #SEC565

📺 Now OnDemand: SEC665 Preview Watch the walkthrough of Advanced Red Team Operations and see the live lab demo anytime. If you’re ready to level up, start here. 🔗 go.sans.org/msyoQW #OnDemand #SEC665 #RedTeam

🚨 LIVE in 1 hour! SEC665 preview + live lab demo starts soon. If you’re a serious red team operator, this one’s a must-see. 🔗 go.sans.org/msyoQW #SEC665 #RedTeamOps #OffensiveSecurity

Major updates in SEC588: Cloud Penetration Testing teaches you to uncover risk hidden in IaC templates, CI/CD workflows, and serverless functions, before attackers weaponize your cloud automation. ☁️ Watch the course preview: sans.org/u/1Dip

Red teamers: how would you break the AI in your stack? Exploit agentic systems. Abuse LLM apps. Stress-test modern AI architectures. Get hands-on at the SANS AI Cybersecurity Summit. 📍 Arlington, VA | Apr 20–21 Learn more: sans.org/u/1CNB

🛰️ Tomorrow: Get a first look at SEC665: Advanced Red Team Operations. If you’re ready to go deeper into security product internals and kernel reversing, don’t miss this preview + live lab demo with Jonathan Reiter. 📅 Mar 11 | 2:30–4:30 PM ET 🔗 go.sans.org/msyoQW

New course‼️ An advanced #RedTeam training built for operators in DoD, intelligence, and enterprise environments who must continuously adapt and simulate the capabilities of advanced adversaries with precision and discipline. 🛸Learn more, go.sans.org/ljR4NW

The hybrid frontier of current enterprise penetration testing is here! #SEC560 features revamped AD & Azure labs, new persistence and evasion techniques (AMSI & AppLocker Bypass), and updated Sliver & Metasploit C2 exercises. 🏹️ Check out the update: sans.org/sec560

🧠 AI meets adversary emulation. Mar 26, learn how to extract TTPs, map to MITRE ATT&CK, and build AI-assisted red team workflows with CrewAI. 📅 10AM–12PM ET 🔗 go.sans.org/s7OjDr #RedTeam #ThreatIntel #AI #SEC565

🛠️ Ready to reverse security products at the kernel level? Mar 11, see what’s inside SEC665 with a live lab demo from Jonathan Reiter. 📅 2:30PM ET 🔗 go.sans.org/msyoQW #SEC665 #RedTeam #KernelDebugging

🏃💨 STARTING in 1 hour! If you manage, assess, or defend #wireless environments, this webcast is for you. Join #SEC617 authors Larry Pesce and James Leyte-Vidal live in a bit as they break down impact, risk, and what to test related to #AirSnitch 🛜 go.sans.org/mDQufx

Presented at NDSS last week, #AirSnitch is a group of attacks that demonstrate weaknesses in how Wi-Fi client isolation is implemented. What’s real? What’s hype? 🤷 🛜 Watch live today: go.sans.org/mDQufx

The University of California, Riverside research demonstrates how a malicious client connected to a Wi-Fi #network can bypass some isolation mechanisms with potential implications for access points hosting multiple #SSIDs with different security levels. ✍️ go.sans.org/mDQufx

#AirSnitch research demonstrates techniques such as: exploiting weak binding between MAC, IP, and authentication identity, manipulating traffic flows to achieve #MitM positioning, and others that James and Larry will talk about in this webcast. ✍️ go.sans.org/mDQufx

#AirSnitch is making headlines after its presentation at NDSS Symposium this week. How concerned should you actually be? Join Larry and James, authors of #SEC617: Wireless Penetration Testing and Ethical Hacking as they walk you through this research. 🛜 go.sans.org/mDQufx