Announcements   |   May 30 2018 | Andy Robbins

Announcing the First SpecterOps Summit


SpecterOps is excited to announce our first multi-course training event October 16 through 20th, 2018 in San Antonio, Texas! We’ll be hosting three four-day training courses (including launching our new 4-day Detection course), in addition to some fun events in the evenings. We’re going for an event that is a little different than our previous single public training courses, so we decided to call the event a SpecterOps Summit (SOSummit).

The main feature of the event will be two of our popular red team and PowerShell courses, along with a new 4-day detection course. For events outside of training courses, we’re aiming for activities that encourage social interactions and knowledge sharing. We’ll be announcing specifics soon.

The following courses will be offered at the Summit:

Adversary Tactics: Detection

The event will be the first time SpecterOps will be publicly offering the four-day version of this course. The course is designed to teach our approach on proactively identifying and hunting threat actors operating in your network that your tools and detection capabilities may miss. Course instructors include Robby Winchester, Jared Atkinson, and Roberto Rodriguez who have built and released Automated Collection and Enrichment (ACE), the Hunter’s ELK (HELK), and PowerForensics.

Participants will leave with a fundamental understanding on methods for collection, data enrichment, hypothesis generation, and threat identification.

Who should take this course:

This class is intended for defenders wanting to learn how to effectively Hunt in enterprise networks. Participants should have previous network defense/incident response experience and/or knowledge of offensive tools and techniques, primarily post-exploitation techniques. Additionally, familiarity with using a SIEM, such as ELK or Splunk, will be helpful.

Course Details and Registration at:

Adversary Tactics: Red Team Operations

This course has turned out to be surprisingly popular and we’re excited that so many folks are interested in learning our approach to red team methodologies and tradecraft. This will be the last publicly available US offering of the year.

This intense course immerses students in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems, modern defenses, and active network defenders responding to Red Team activities. Come learn to use some of the most well-known offensive tools from the authors themselves, including co-creators and developers of PowerView, PowerShell Empire, PowerSploit, PowerUp, and BloodHound.

Who should take this course:

This course is not for beginners and includes a team-based, on-keyboard execution of a simulated red team engagement in a complex network scenario. Participants should be comfortable with penetration testing concepts and tools, Active Directory, and attacking Microsoft Windows environments.

Course Details and Registration at:

Adversary Tactics: PowerShell

This event will feature the final public offering of this course (although don’t worry, we will have something new and exciting to announce soon). Taught by Matt Graeber, this class focuses on the methodology attackers use to research and develop security feature bypasses and stealthy tradecraft.

Participants will learn how to configure, audit, monitor, and bypass every preventive and detective control that PowerShell has to offer. Finally, the course is designed to show participants the offensive and defensive use-cases of PowerShell to determine when PowerShell is the right tool for the job.

Who should take this course:

This class is intended for attackers and defenders wanting to learn how to effectively wield PowerShell for their operations. It is also intended for those wanting to learn how to research and develop their own PowerShell security feature bypasses.

Course Details and Registration at:

This is the first time we’ll be conducting courses from various offensive and defensive perspectives together. We’ve often been able to engage in great discussions about our industry during our previous courses. By bringing various perspectives together in training and some fun events, we look forward to some very lively knowledge sharing and debate.