{
	"id": "316da6b1-12d7-4aca-9bec-a380cd3834dd",
	"created_at": "2026-04-06T00:18:37.240588Z",
	"updated_at": "2026-04-10T13:11:38.833465Z",
	"deleted_at": null,
	"sha1_hash": "3f49900cfb7edbdd1ece759090d529954c762d14",
	"title": "Offensive Security Training, Courses \u0026 Certifications",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32597759,
	"plain_text": "Offensive Security Training, Courses \u0026 Certifications\r\nBy Mike DozierSavannah River Nuclear Solutions\r\nArchived: 2026-04-05 19:40:08 UTC\r\nOutsmart Hackers with Real-World Offensive Security Training\r\nAs cyberthreats grow more sophisticated, it is critical to proactively identify and address vulnerabilities before\r\nadversaries exploit them. SANS Offensive Operations delivers expert-led training across the entire attack surface,\r\ncovering everything from penetration testing and red teaming to exploit development and hardware hacking.\r\nThrough hands-on labs and industry-recognized certifications, we equip professionals to master real-world\r\noffensive techniques and adversarial tactics.\r\nStudent Insights\r\nIn one week, my instructor built a bridge from typical vulnerability scanning to the true art of\r\npenetration testing. Thank you, SANS, for making myself and my company much more capable in\r\ninformation security.\r\nMeet Your Experts\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 1 of 21\n\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 2 of 21\n\nErik Van Buggenhout\r\nCo-Founder \u0026 Partner\r\nNVISO co-founder and SANS Senior Instructor, leading cybersecurity education in advanced adversary tactics.\r\nExperienced in offensive security with extensive background in penetration testing and ethical hacking across\r\nEurope.\r\nLearn more\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 3 of 21\n\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 4 of 21\n\nChris Elgee\r\nBuilder \u0026 Breaker\r\nChris is a senior security analyst for Counter Hack and Cyber Range Lead (S-6) for the Army National Guard's\r\n91st Cyber Brigade. Through his work, he shares his unique insights into cyber security threats to prepare and\r\ninspire students.\r\nLearn more\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 5 of 21\n\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 6 of 21\n\nMoses Frost\r\nSolutions Consultant\r\nMoses has built an impressive career as a Network Architect, DevOps Engineer, and Information Security\r\nprofessional. Today, he works in the Offensive Operations space as a Red Team Operator and serves as the course\r\nauthor for SEC588.\r\nLearn more\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 7 of 21\n\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 8 of 21\n\nJean-François is based in Portugal, where he is the CEO of Offensive Guardian, a boutique red and purple teaming\r\nshop providing freelance services to various organizations. He has worked for other noteworthy firms, including,\r\nbut not limited to: Neuvik, TrustedSec, Fortra's Cobalt-Strike team, and NVISO.\r\nLearn more\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 9 of 21\n\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 10 of 21\n\nJeff McJunkin, Rogue Valley InfoSec founder, has led Fortune 100 pen tests and shaped Core NetWars. His key\r\nrole in SANS Holiday Hack Challenge and hands-on security innovations continue to elevate the industry,\r\nadvancing defenses worldwide.\r\nLearn more\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 11 of 21\n\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 12 of 21\n\nLarry Pesce\r\nVice President of Services\r\nLarry has revolutionized embedded device security with decades of hands-on offensive research, co-authoring\r\nSANS's flagship wireless and IoT penetration testing courses, and pioneering SBOM exploitation techniques for\r\nsupply chain defense strategies.\r\nLearn more\r\nExplore Careers Within Offensive Operations\r\nUpcoming Events\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 13 of 21\n\nSlide 1 of 5\r\nDefending at the Speed of AI: Outpacing Tomorrow's Attackers\r\nThis talk explores the emerging landscape of AI-driven cyber threats and argues that organizations must\r\ndefend at the speed of AI to survive.\r\nWebinarOffensive Operations\r\n 14 Apr 2026\r\n 14:00 PHST\r\n Bryce Galbraith\r\nView details\r\nSlide 2 of 5\r\nHackventures with Josh: Better Password Attacks with AI\r\nThe Verizon DBIR says stolen credentials cause more breaches than phishing and exploits combined. Now,\r\nAI is making these attacks even more effective. Join SANS Fellow Joshua Wright to learn what you can do\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 14 of 21\n\nto protect your environment.\r\nWebinarOffensive Operations\r\n 15 Apr 2026\r\n 13:00 EDT\r\n Joshua Wright\r\nView details\r\nSlide 3 of 5\r\nVibe Coding Your Own Evasion Framework: AI-Assisted Red Team Tool\r\nDevelopment\r\nAI can accelerate red team tool development, but only with the right approach. This hands-on workshop\r\nexplores “vibe coding,” showing how to use LLMs to design, validate, and build evasion tooling step by\r\nstep, resulting in a functional, AI-assisted red team framework.\r\nWebinarOffensive Operations\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 15 of 21\n\n16 Apr 2026\r\n 10:00 EDT\r\n Jean-François Maes\r\nView details\r\nSlide 4 of 5\r\nSANS Network Security 2026 - Featured Keynote: Offense at Machine Speed:\r\nHow AI Is Reshaping the Threat Landscape\r\nThe session will demonstrate how AI can be applied as both a SAST and DAST capability for discovering\r\nand exploiting zero-day vulnerabilities in web applications, as well as its growing role in binary\r\nexploitation.\r\nWebinarOffensive Operations\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 16 of 21\n\n22 Sep 2026\r\n 18:00 PDT\r\n Stephen Sims\r\nView details\r\nSlide 5 of 5\r\nSANS 2026 Threat Hunting Survey: The Evolution of Threat Hunting\r\nThreat hunting is no longer just a niche skill—it’s a critical pillar of modern defense.\r\nWebinarOffensive Operations\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 17 of 21\n\n23 Sep 2026\r\n 10:30 EDT\r\n Josh Lemon\r\nView details\r\nModern Multi-Factor Authentication Bypass Techniques: A Taste of SANS SEC660\r\nWith the proliferation of multi-factor authentication, penetration testers need to apply existing tooling to\r\nmanipulate even internal applications. Building attack infrastructure internally during a penetration test is resource\r\nexhausting, but modern tools like evilginx can do most of the heavy lifting for us.\r\nWebinar\r\nFeaturesJames Shewmaker\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 18 of 21\n\nSlide 1 of 2\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 19 of 21\n\nSlide 2 of 2\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 20 of 21\n\nMore Insights\r\nFrequently Asked Questions\r\nSource: https://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nhttps://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411\r\nPage 21 of 21",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411"
	],
	"report_names": [
		"real-world-arp-spoofing-105411"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434717,
	"ts_updated_at": 1775826698,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3f49900cfb7edbdd1ece759090d529954c762d14.pdf",
		"text": "https://archive.orkl.eu/3f49900cfb7edbdd1ece759090d529954c762d14.txt",
		"img": "https://archive.orkl.eu/3f49900cfb7edbdd1ece759090d529954c762d14.jpg"
	}
}