I wrote a quick wrap-up of the SANS London 2012 edition while waiting for my train back to Belgium on Saturday evening but I published it only today… Tomorrow was an off-line day! This was my first edition and, honestly, I hope not the last one! This event was not a conference like others: the major part of the time is dedicated to high-level trainings: pen testing, forensics, intrusion detection, etc. Have a look at the SANS website and search for “SEC*” training (those who are security oriented).
In my case, I attended the SEC504 (“Hackers Techniques, Exploits & Incidents Handling“) given by Steve Armstrong (@Nebulator). All trainers are certified guys and, trust me, they know what they’re talking about! What about my training? The first day was a (boring) mandatory: it was about the legal aspects related to computer investigations. Yes, an incident handler must follow rules. At the beginning of the second day, I was a little bit afraid. My reaction was “but I already know this!?“. Fortunately, it changed hours after hours and the interest was growing until yesterday. This was a six days training but today was dedicated to a CTF (“capture the flag“) game to help students to deploy all the tools and techniques reviewed during the week. The big difference with pentesters, incident investigators don’t try to break things by all means but try to react “as an attacker” and to replay step by step what they did. Being more a defensive guy, I liked this!
But the SANS conference is not only training organised during “office hours“. Every evening, other events are organised during “SANS @ Night”. We had great speaker (example: Dr Eric Cole) with interesting topics. The other major event was a NetWars sessions split over two days. This is a classic CTF competition where you have to successfully complete a level to access the next ones. In this case, everybody has to follow the same path. You can’t win just by resolving the more complex challenges. On a 5-levels scale, I reach the 3rd one and finished in the first half of participants. For not being a CTF addict, I’m very happy with this!
No time to write a wrap-up for the conferences organized during SANS @ Night. Twelve hours per day and some extra hours spent to play in my hotel room finished to kill me. This was also the last event for 2012. It’s now time to come back to home and enjoy the EOY with the family!
Next step, in the beginning of 2013, pass my GCIH certification based on the training I attended…