Over the course of a week, SO-CON 2024 featured insightful talks and comprehensive training courses designed to deliver maximum value to all attendees. Hear from our guests as they share their experiences and insights in these video testimonials.
SO-CON 2025
The Shortest Path to Secure
See you next year!
SO Con Register
Sign up for SO-CON updates for the latest information:
SO-CON 2025 features talks, trainings, and networking events focused on identity-based security and Attack Paths. It kicks off the week with a two-day main conference and ends with a selection of four-day trainings.
Discover
Explore the newest methods, tools, and research for identity-based Attack Paths.
Learn
Deepen your understanding of adversary tradecraft with cutting-edge talks and hands-on sessions.
Meet
Connect with fellow industry professionals throughout an immersive week of learning.
TRAININGS
Upgrade your skills by taking one of our four courses.
Free Conference Pass Included
Engage with our Frontline Practitioners
Evening Social Events
APRIL
2 – 5Azure Register Now
Get Your Head in the Clouds! Through hands-on labs, this course teaches participants how to identify misconfigurations in Azure that are commonly leveraged by attackers. Participants should expect to walk away from Adversary Perspectives: Azure with a strong foundation of Azure security knowledge and first step on their journey of attacking or defending corporate Azure and Entra (Azure AD) environments.
APRIL
2 – 5Tradecraft Analysis Register Now
In Adversary Tactics: Tradecraft Analysis, we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with students creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.
APRIL
2 – 5Red Team Operations Register Now
This intense course immerses students in a single simulated enterprise environment, with multiple networks, hardened endpoints, modern defenses, and active network defenders responding to red team activities. We will focus on in-depth attacker tradecraft post-initial access; braking out of the beachhead, establishing resilient command and control (C2) infrastructure, gain situational awareness through opsec aware host and network enumerations, perform advanced lateral movement and sophisticated Active Directory escalation, gain persistence (userland, elevated, and domain flavors), and perform advanced Kerberos attacks, data mining, and exfiltration.
APRIL
2 – 5Identity-driven
Offensive Tradecraft Register Now
Identity-driven Offensive Tradecraft offers an in-depth look at identity-driven attacks, targeting both on-premises and hybrid identities. Participants will learn how to abuse the intricacies of different authentication and authorization mechanisms to traverse on-premises and cloud environments, gain access to integrated systems, and even cross tenants. Participants will also be equipped with a practical approach to identifying known attack paths and forging new ones within complex operational environments and across people, processes, and technology.
SO-CON 2025 TALKS
SO-CON 2025 Agenda At-A-Glance
We’re excited to announce that the official Sessionize App is now available.
Explore the sessions, plan your schedule, and get ready for an incredible event!
Testimonials
Hear What Others Have to Say About SO-CON
LOCATION
Questions? Email socon@specterops.io
Convene
1201 Wilson Blvd.
Arlington, VA 22209
HOTELS NEARBY
Looking for a place to stay near the conference? These two hotels are just a short walk from Convene at 1201 Wilson Blvd, Arlington, VA.
Please note: We do not have room blocks available at these hotels.