Guarding Your Identity

IN PERSONMarch 11-15, 2024Arlington, VA

SO-CON 2024 is a one-day summit followed by adversary and fundamentals training courses.

REGISTER TO ATTEND SIGN UP FOR UPDATES
OVERVIEW
Discover Cutting Edge Insights

Explore new approaches, tools, and techniques to combat identity-based attack paths. Discover the latest trends, research from frontline practitioners, case studies and firsthand experiences.

Learn Comprehensive Skills

Gain in-depth knowledge into how to attack, defend, and harden enterprise environments against advanced threat actors from our in-the-field experts.

Connect with Industry Peers

Connect in-person on the latest in the industry. Immerse yourself in interactive sessions, gain practical insights, and build lasting relationships.

Agenda

One Day Summit

Monday,
March 11

8 – 9 AM Breakfast
9 AM – 12 PM Sessions Track I
Discover operational approaches to identify and neutralize attack paths in the enterprise.
Track II
Explore the latest open research and tools to simulate, detect, and safeguard against identity attacks.
12 – 1 PM Lunch
1 – 5 PM Sessions Track I
Discover operational approaches to identify and neutralize attack paths in the enterprise.
Track II
Explore the latest open research and tools to simulate, detect, and safeguard against identity attacks.
6 PM Reception

Trainings

Tuesday,

March 12

Wednesday,

March 13

Thursday,

March 14

Friday,

March 15
8 – 9 AM Breakfast
9 AM – 12 PM Trainings
12 – 1 PM Lunch
1 – 5 PM Trainings

TRAININGS

Upgrade your skills by taking one of our four different courses.

Early-Bird Offer: 25% Off

Free Summit Pass Included

Engage with our Frontline Practitioners

Evening Social Events

Test Your Skills on Bonus Cyber Ranges

This intense course immerses students in a single simulated enterprise environment, with multiple networks, hardened endpoints, modern defenses, and active network defenders responding to red team activities. We will focus on in-depth attacker tradecraft post-initial access; braking out of the beachhead, establishing resilient command and control (C2) infrastructure, gain situational awareness through opsec aware host and network enumerations, perform advanced lateral movement and sophisticated Active Directory escalation, gain persistence (userland, elevated, and domain flavors), and perform advanced Kerberos attacks, data mining, and exfiltration.

Register Now

In Adversary Tactics: Tradecraft Analysis, we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with students creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

Register Now

This course builds on standard network defense and incident response (which often focuses on alerting for known malware signatures) by focusing on abnormal behaviors and the use of adversary Tactics, Techniques, and Procedures (TTPs). We will teach you how to engineer detections based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will learn use utilize free and/or open source data collection and analysis tools (such as Sysmon, Windows Event Logs, and ELK) to analyze large amounts of host information and build detections for malicious activity. You will use the techniques and toolsets you learn to create threat hunting hypotheses and build robust detections in a simulated enterprise network undergoing active compromise from various types of threat actors.

Register Now

Get Your Head in the Clouds! This course will teach participants the fundamentals of Azure, with a focus on security informed by attacker insight. Participants will build on this knowledge through an understanding of how Azure architectures, like solely cloud-based environments or hybridized on-premises and Azure environments, can affect the overall security of an environment. Participants reinforce what they learn through hands-on labs throughout the course and through guidance given by SpecterOps practitioners instructing the class.

Register Now

SPEAKERS

SPEAKER

Adam Chester

Principal Security Consultant
TrustedSec

VIEW BIO
SPEAKER

Andy Robbins

Principal Product Architect
SpecterOps

VIEW BIO
SPEAKER

Christopher Crowley

Founder
Montance®

VIEW BIO
SPEAKER

Daniel Heinsen

Service Architect
SpecterOps

VIEW BIO
SPEAKER

David McGuire

Chief Executive Officer
SpecterOps

VIEW BIO
SPEAKER

Jeremy Fox

Senior Security Engineer
Datadog

VIEW BIO
SPEAKER

Jonas Knudsen

Product Architect
SpecterOps

VIEW BIO
SPEAKER

Joshua Prager

Principal Consultant
SpecterOps

VIEW BIO
SPEAKER

Justin Kohler

Vice President of Products
SpecterOps

VIEW BIO
SPEAKER

Luke Jennings

VP, Research & Development
Push Security

VIEW BIO
SPEAKER

Michael Barclay

Service Architect
SpecterOps

VIEW BIO
SPEAKER

Nick Landers

Co-Founder
Dreadnode

VIEW BIO
SPEAKER

Nicolas Shyne

Consultant
SpecterOps

VIEW BIO
SPEAKER

Olaf Hartong

FalconForce

VIEW BIO
SPEAKER

Russel Van Tuyl

Director of Service Delivery
SpecterOps

VIEW BIO
SPEAKER

Will Pearce

Co-Founder
Dreadnode

VIEW BIO
Adam Chester

Principal Security Consultant
TrustedSec

Adam has over 10 years of professional experience in offensive and defensive security, specializing in conducting intelligence-led attack simulations for a range of sectors.

As a firm believer in free and open information sharing, Adam has spent his career developing tools and techniques to help further the skills of the offensive security industry. From working with a range of companies to identify and remediate vulnerabilities, to researching novel methods that Red Teams can use to avoid detection, Adam has contributed research openly with the aim of helping the Information Security community assess and defend against a range of adversaries.

Back to Team
Andy Robbins

Principal Product Architect
SpecterOps

Andy’s background is in red teaming, where he performed numerous red team operations and penetration tests against banks, credit unions, health-care providers, defense companies, and other Fortune 500 companies across the world. He has presented at BlackHat USA, DEF CON, BSides Las Vegas, DerbyCon, ekoparty, and actively researches Active Directory and Azure security. And is a co-creator of BloodHound, and the Product Architect of BloodHound Enterprise.

Back to Team
Christopher Crowley

Founder
Montance®

Mr. Crowley has 20 years of industry experience managing and securing networks. His consultant company Montance® LLC , based in the Washington, DC area focuses on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

His current primary focus is cybersecurity operations. Montance® LLC is a trusted independent Information Security partner providing cybersecurity assessment, and framework development services enabling clients to create a new SOC, or improve existing security operations. We are committed to enhancing your SOC capabilities to execute its mission: to provide optimum security protection for digital assets. Montance® LLC has provided services to organizations large and small in the financial, industrial, energy, medical, and government sectors.

Back to Team
Daniel Heinsen

Service Architect
SpecterOps

Daniel Heinsen is a red team operator, offensive tools developer, and security researcher at SpecterOps. Prior to working at SpecterOps, Daniel spent over 10 years within the U.S. Department of Defense as a software developer and capabilities specialist. Daniel has experience in offensive tool development, Windows internals, and web application exploitation. Since joining SpecterOps, Daniel has directed his research focus to novel initial access vectors and AWS. He maintains several projects at https://github.com/hotnops and posts to his blog at https://medium.com/@hotnops.

Back to Team
David McGuire

Chief Executive Officer
SpecterOps

David specializes in building enterprise adversary-focused assessment teams, which have performed thousands of engagements for large private-sector organizations and major government agencies. David has extensive experience in conducting highly specialized, large-scale adversarial operations against a variety of targets. In addition, he has built several training courses focused on red team operations methodologies. In his previous life, David was a senior technical lead for the National Security Agency Red Team, providing mission direction through numerous large-scale operations.

Back to Team
Jeremy Fox

Senior Security Engineer
Datadog

Jeremy Fox is a cybersecurity specialist with 10 years experience across government and private sector. Following a career change from the finance industry, he developed a wide range of skills in offensive security from reverse engineering and exploit development to red team operations and cloud security.

He is an engineer at heart, having programmed in everything from C/C++ and ASM, through Python and .NET, to Golang. Although his first love was, and always will be, low-level Windows internals, he now works as a Senior Security Engineer at Datadog developing automated offensive security tooling to detect vulnerabilities in large scale cloud environments. His most recent project is KubeHound, an automated Kubernetes attack path calculator.

Back to Team
Jonas Knudsen

Product Architect
SpecterOps

Jonas is a passionate IT security professional with experience in helping organizations improve their Windows and Active Directory security level through offensive and defensive services. He enjoys remediating attack paths using pragmatic approaches without breaking production systems. Jonas has developed a FOSS tool called ImproHound to identify attack paths breaking tier model implementation in Active Directory using Bloodhound data: https://github.com/JonasBK/ImproHound

Back to Team
Joshua Prager

Principal Consultant
SpecterOps

Josh Prager has over 9 years’ experience focusing on DoD red team infrastructure, cyber threat emulation and threat hunting. As a former threat hunter for Accenture’s Adversary Research and Reconnaissance Team he developed various cyber threat emulation and threat hunting programs within the Federal industry.

Back to Team
Justin Kohler

Vice President of Products
SpecterOps

Justin is an operations expert who has over a decade of experience in project and program development. After the Air Force, he worked for several consulting firms focused on process and workflow optimization. He enjoys building and leading teams focused on customer delivery at Fortune 500 companies.

Back to Team
Luke Jennings

VP, Research & Development
Push Security

Luke Jennings is a security researcher from the UK. He spent most of his early career focused on red teaming and offensive security research at MWR, before moving on to developing new detection and response techniques and designing EDR software as the Chief Research Officer for Countercept. He has now pivoted away from the endpoint to focusing on the emerging threats in SaaS security at Push Security.

Back to Team
Michael Barclay

Service Architect
SpecterOps

Michael comes from a SOC operations background where he used his experience as a SOC analyst and IR investigator to build better MDR services that detect attacker activity in organizations big and small. He is always fascinated by the ways that technical changes to malware functionality and campaign TTPs reflect larger trends in the e-crime ecosystem. He enjoys breaking down these concepts into guidance that is informed by a larger understanding of attacker behavior but meets target audiences where they are.

Back to Team
Nick Landers

Co-Founder
Dreadnode

Nick Landers is an established offensive engineer and researcher, with a focus on training, consulting, tool development, malware internals, and security research. He held the position of VP of Research at NetSPI after leading the Red Team at Silent Break Security. Notable for his “Dark Side Ops” course series, Nick has shared his expertise at industry conferences like Black Hat, as well as in private sessions for internal teams. His work combines deep technical knowledge with practical applications in cybersecurity.

Back to Team
Nicolas Shyne

Consultant
SpecterOps

Nico is an Associate Consultant on the Defensive Capability team. He graduated from the US Naval Academy (Beat Army) with a degree in Cyber Operations. Prior to joining SpecterOps Nico served as a Surface Warfare Officer and as an Information Professional Officer during his naval career. Nico loves finding new programming languages to play with and in his free time can be found working on two of his other passions: music and movies.

Back to Team
Olaf Hartong

FalconForce

Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specializes in understanding the attacker tradecraft and thereby improving detection. He has an extensive background in detection engineering and threat hunting. Olaf is the author of several open source security tools like sysmon-modular, Splunk Threathunting app and co-author of FalconHound.

Back to Team
Russel Van Tuyl

Director of Service Delivery
SpecterOps

Russel is a well-rounded information security consultant and offensive security practitioner. He has over 15 years of IT experience with 7 years as an offensive security consultant performing tasks such as penetration testing, web application assessments, social engineering, and wireless assessments. He has spoken at several security conferences to include Knoxville TN chapters of OWASP and BSides along with BlackHat Arsenal. Tools and open source projects developed by Russel can be found on his GitHub page at https://github.com/Ne0nd0g or on his blog at https://medium.com/@Ne0nd0g. Additionally, he enjoys knowledge sharing and teaching and has presented at several colleges and high schools.

Back to Team
Will Pearce

Co-Founder
Dreadnode

Will Pearce is a prominent figure in the AI security and red teaming world, specializing in attacking machine learning systems and developing both tools and methodologies. He plays a key role on the steering committee for the AI Village and notably co-architected and hosted the AI Village Capture the Flag competition at DEFCON. Will has served as the AI Red Team Lead at both Microsoft Azure and NVIDIA, following his tenure as a Senior Security Consultant at Silent Break Security. His expertise in offensive machine learning is recognized at various industry and academic forums, including Blackhat, Defcon AI Village, WWHF, DerbyCon, LabsCon, and at events like the SAI Conference on Computing and IEEE.

Back to Team

LOCATION

Questions? Email socon@specterops.io

Convene

1201 Wilson Blvd.

Arlington, VA 22209

HOTEL

Hyatt Centric Arlington

1325 Wilson Blvd,
Arlington, VA 22209