Post by SANS Institute

Attackers don't need a zero-day when they have your credentials. Identity-based attacks remain one of the most common ways breaches start — and AI is making them faster and harder to spot. SANS Instructor Jon Gorenflo wrote about this pattern on The Hacker News, including how the Dynamic Approach to Incident Response (DAIR) gives IR teams a way to handle the messy, iterative reality of investigating credential-based compromises. Jon is teaching SEC504: Hacker Tools, Techniques, and Incident Handling at SANS Chicago 2026 this June. 🔗 Read the full article → https://lnkd.in/e87eWPpA  📌 Register for SANS Chicago 2026 → https://go.sans.org/pJ3OiS