SO-CON 2025

The Shortest Path to Secure

Conference: March 31 – April 1, 2025
Training: April 2 – April 5, 2025
Location: Arlington, VA

SO-CON 2025 features talks, trainings, and networking events focused on identity-based security and Attack Paths. It kicks off the week with a two-day main conference and ends with a selection of four-day trainings.

Discover

Explore the newest methods, tools, and research for identity-based Attack Paths.

Learn

Deepen your understanding of adversary tradecraft with cutting-edge talks and hands-on sessions.

Meet

Connect with fellow industry professionals throughout an immersive week of learning.

REGISTRATION

Conference Tickets

Includes access to all in-person talks, evening social events, and more!

Are you a member of the U.S. Government or press?
Email socon@specterops.io for special rates on tickets.

Please read our Code of Conduct.

EARLY BIRD (50% OFF)

$497.50

ENDS DECEMBER 1st

STANDARD RATE

$995

ENDS MARCH 30th

Looking to save more? Register for a training session below and get a free pass to the conference.

TRAININGS

Upgrade your skills by taking one of our four different courses.

Free Summit Pass Included

Engage with our Frontline Practitioners

Evening Social Events

APRIL
2 – 5Red Team Operations Register Now

This intense course immerses students in a single simulated enterprise environment, with multiple networks, hardened endpoints, modern defenses, and active network defenders responding to red team activities. We will focus on in-depth attacker tradecraft post-initial access; braking out of the beachhead, establishing resilient command and control (C2) infrastructure, gain situational awareness through opsec aware host and network enumerations, perform advanced lateral movement and sophisticated Active Directory escalation, gain persistence (userland, elevated, and domain flavors), and perform advanced Kerberos attacks, data mining, and exfiltration.

APRIL
2 – 5Identity-Driven
Offensive Tradecraft Register Now

Identity-driven Offensive Tradecraft offers an in-depth look at identity-driven attacks, targeting both on-premises and hybrid identities. Participants will learn how to abuse the intricacies of different authentication and authorization mechanisms to traverse on-premises and cloud environments, gain access to integrated systems, and even cross tenants. Participants will also be equipped with a practical approach to identifying known attack paths and forging new ones within complex operational environments and across people, processes, and technology.

APRIL
2 – 5Azure Security
Fundamentals Register Now

Get Your Head in the Clouds! This course will teach participants the fundamentals of Azure, with a focus on security informed by attacker insight. Participants will build on this knowledge through an understanding of how Azure architectures, like solely cloud-based environments or hybridized on-premises and Azure environments, can affect the overall security of an environment. Participants reinforce what they learn through hands-on labs throughout the course and through guidance given by SpecterOps practitioners instructing the class.

APRIL
2 – 5Tradecraft Analysis Register Now

In Adversary Tactics: Tradecraft Analysis, we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with students creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

Closed

Call for Presenters (CFP)

The Call for Presenters (CFP) closed on November 15, 2024 at 23:59 ET.

We invite submissions for 50-minute sessions (~45 minutes of content and 5 minutes for Q&A) that delve into the complexities of identifying, executing, and protecting against modern Attack Paths.

Some suggested topics we would love to see:

Novel research featuring Attack Path Management
Applications of Attack Path Management within your environment
Attack Path Management Theory
Attack Path Mapping and Management
Identity Provider Attacks and Defenses (Active Directory, Entra ID, Okta, etc.)
Federated Identity Attack Paths and solutions for managing attack paths across multiple identity providers

Exploring the potential of AI and ML for automating attack path discovery in offensive and defensive applications
CI/CD Pipeline Security
SaaS Application Identity Models
Cookie/Session Theft Approaches
Anything else where you’ve done something interesting with Attack Path Management, but please no product pitches

Submission Guidelines

CFP Review Process

SO-CON ensures a fair and impartial review process by anonymizing all CFP submissions before they are sent to our CFP Review Board. We carefully remove any identifying information, including names, pronouns, and affiliations, from the title, description, and outline. The CFP Review Board then evaluates the anonymized submissions using a comparative rating system based on the ELO method. This system allows reviewers to objectively assess submissions against one another, considering alignment with the conference theme, content quality, and originality.

Based on these ratings, the SO-CON team will curate a dynamic conference agenda that reflects the most compelling and thematically relevant topics that includes contributions from the open CFP, SpecterOps employees, and invited speakers. We will also choose a number of backup proposals in case any speakers have to cancel.

Selected speakers will be contacted directly via the Sessionize CFP portal to confirm their participation.

CFP Submission Agreements

Please be aware that by submitting to the CFP and being accepted, you agree to the following:

The submitter(s) will review and adhere to the Code of Conduct.
You will show up (in-person) on time and give your presentation at the scheduled time slot. (Except in the event of understandable, unforeseen circumstances.)
Any content submitted is wholly owned by the submitting party and SO-CON asserts no ownership of the content.
You grant Specter Ops Inc. the rights to reproduce, distribute, advertise and show your presentation including but not limited to the SO-CON website, printed and/or electronic advertisements, and all other mediums.
Audience members may potentially take pictures of you and your slides, unless expressly stated otherwise at the start of the presentation.
You will submit a headshot photograph (or avatar) that can be posted on the SO-CON website, social media, and any printed materials.
You will provide us with a valid email address that you monitor regularly where you will receive official communications.
Any honorarium will be paid after the conference has ended.
You will respond by the specified deadline to the acceptance email with all asks of accepted speakers. You are not confirmed as a speaker until these tasks are complete.
You will bring your own presenting hardware (e.g., laptop) to present your talk. SO-CON will provide projectors, screens, internet, and an HDMI connection. You will identify any additional hardware requirements in the space provided in your submission.

Speaker Privileges

As a valued speaker at SO-CON 2025, you’ll enjoy a range of privileges to enhance your experience and support your participation. These include:

A free two-day conference ticket to SO-CON 2025 talks
A fixed honorarium to cover travel expenses based on location and number of speakers
- If you are the primary speaker for an accepted submission at SO-CON:
  - Domestic (US) – $1000
  - International – $2000
- If you are the secondary speaker for an accepted submission at SO-CON:
  - Domestic (US) – $500
  - International – $1000
A free four-day training ticket to a SO-CON training course (primary speaker only – in-person and course selection based on availability)
A free room at the SO-CON affiliated hotel (primary speaker only)
- Talks Only – 3 nights (Sunday – Tuesday)
- Talks + Training – 7 nights (Sunday – Saturday)
Most meals included as part of conference and training agenda
A speaker dinner if present on the evening of March 30, 2025

Visa Sponsorship

Speakers from many countries are eligible for a visa wavier (see https://www.dhs.gov/visa-waiver-program-requirements). However, if your home country is not part of this program, SO-CON is currently unable to sponsor your entry into the United States. International speakers must possess or obtain the necessary entry visas independently to speak at SO-CON.

Submission Guidelines

If you’d like to submit a proposal, please visit https://sessionize.com/socon-2025/ during the CFP submission period (October 1 – November 15, 2024). You may edit your submission anytime during the CFP submission period. After this time, you will only be able to view the status of your submission.

Important Dates

CFP opens: October 1, 2024 at 00:00 ET
CFP closes: November 15, 2024 at 23:59 ET
Final speaker notifications: January 2025
Talks: March 31 – April 1, 2025
Trainings: April 2 – 5, 2025

If you have any questions, please feel free to email us at socon@specterops.io

Back

Testimonials

Hear What Others Have to Say About SO-CON

Over the course of a week, SO-CON 2024 featured insightful talks and comprehensive training courses designed to deliver maximum value to all attendees. Hear from our guests as they share their experiences and insights in these video testimonials.

SO-CON 2024 TALKS

Click on the titles to watch the complete talks on our YouTube channel. Each presentation offers valuable insights and practical knowledge from industry experts.

The New SaaS Cyber Kill Chain [SO-CON 2024]

Luke Jennings

2023 SANS SOC Survey Review: Highlights and Deep Dive [SO-CON 2024]

Christopher Crowley

Domain Persistence: Detection, Triage, and Recovery [SO-CON 2024]

Joshua Prager / Nico Shyne

The Dog Ate My Homework… (re)Building a PowerShell module for the… [SO-CON 2024]

JD Douillard

Identity Providers for Red Teamers [SO-CON 2024]

Adam Chester

KubeHound and Beyond: Evolving Security Through Graphs & Automation [SO-CON 2024]

Jeremy Fox

Project Apeman: Mapping AWS Identity Attack Paths [SO-CON 2024]

Daniel Heinsen

LSA Whisperer [SO-CON 2024]

Evan McBroom

Misconfiguration Manager: Overlooked and Overprivileged [SO-CON 2024]

Duane Michael / Chris Thompson

No Cert? No Problem – ClickOnce (Ab)Use for Trusted Code Execution

Nick Powers / Steven Flores

Graphs are Hard [SO-CON 2024]

John Hopper / Rohan Vazarkar

Analyzing and Executing ADCS Attack Paths with BloodHound [SO-CON 2024]

Andy Robbins / Jonas Bülow Knudsen

Attack Path Based Detection Engineering : Leveraging BloodHound for Robust Defense [SO-CON 2024]

Olaf Hartong

The BloodHound Enterprise State of Attack Path Management [SO-CON 2024]

Justin Kohler

Beyond the Shell: Unconventional Agents for Red Teaming Success [SO-CON 2024]

Cody Thomas

Manually Enumerating AD Attack Paths with BOFHound [SO-CON 2024]

Adam Brown / Matt Creel

Back to Sessions

LOCATION

Questions? Email socon@specterops.io