SO Con Register
Sign up for SO-CON updates for the latest information:
Explore new approaches, tools, and techniques to combat identity-based attack paths. Discover the latest trends, research from frontline practitioners, case studies and firsthand experiences.
Gain in-depth knowledge into how to attack, defend, and harden enterprise environments against advanced threat actors from our in-the-field experts.
Connect in-person on the latest in the industry. Immerse yourself in interactive sessions, gain practical insights, and build lasting relationships.
Upgrade your skills by taking one of our four different courses.
Early-Bird Offer: 25% Off
Free Summit Pass Included
Engage with our Frontline Practitioners
Evening Social Events
Test Your Skills on Bonus Cyber Ranges
12 – 15Red Team Operations Register now
This intense course immerses students in a single simulated enterprise environment, with multiple networks, hardened endpoints, modern defenses, and active network defenders responding to red team activities. We will focus on in-depth attacker tradecraft post-initial access; braking out of the beachhead, establishing resilient command and control (C2) infrastructure, gain situational awareness through opsec aware host and network enumerations, perform advanced lateral movement and sophisticated Active Directory escalation, gain persistence (userland, elevated, and domain flavors), and perform advanced Kerberos attacks, data mining, and exfiltration.
12 – 15Tradecraft Analysis Register now
In Adversary Tactics: Tradecraft Analysis, we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with students creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.
12 – 15Detection Register now
This course builds on standard network defense and incident response (which often focuses on alerting for known malware signatures) by focusing on abnormal behaviors and the use of adversary Tactics, Techniques, and Procedures (TTPs). We will teach you how to engineer detections based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will learn use utilize free and/or open source data collection and analysis tools (such as Sysmon, Windows Event Logs, and ELK) to analyze large amounts of host information and build detections for malicious activity. You will use the techniques and toolsets you learn to create threat hunting hypotheses and build robust detections in a simulated enterprise network undergoing active compromise from various types of threat actors.
12 – 15Azure Security Fundamentals New Register now
Get Your Head in the Clouds! This course will teach participants the fundamentals of Azure, with a focus on security informed by attacker insight. Participants will build on this knowledge through an understanding of how Azure architectures, like solely cloud-based environments or hybridized on-premises and Azure environments, can affect the overall security of an environment. Participants reinforce what they learn through hands-on labs throughout the course and through guidance given by SpecterOps practitioners instructing the class.
Principal Security Consultant
Adam has over 10 years of professional experience in offensive and defensive security, specializing in conducting intelligence-led attack simulations for a range of sectors.
As a firm believer in free and open information sharing, Adam has spent his career developing tools and techniques to help further the skills of the offensive security industry. From working with a range of companies to identify and remediate vulnerabilities, to researching novel methods that Red Teams can use to avoid detection, Adam has contributed research openly with the aim of helping the Information Security community assess and defend against a range of adversaries.
Principal Product Architect
Andy’s background is in red teaming, where he performed numerous red team operations and penetration tests against banks, credit unions, health-care providers, defense companies, and other Fortune 500 companies across the world. He has presented at BlackHat USA, DEF CON, BSides Las Vegas, DerbyCon, ekoparty, and actively researches Active Directory and Azure security. And is a co-creator of BloodHound, and the Product Architect of BloodHound Enterprise.
Mr. Crowley has 20 years of industry experience managing and securing networks. His consultant company Montance® LLC , based in the Washington, DC area focuses on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.
His current primary focus is cybersecurity operations. Montance® LLC is a trusted independent Information Security partner providing cybersecurity assessment, and framework development services enabling clients to create a new SOC, or improve existing security operations. We are committed to enhancing your SOC capabilities to execute its mission: to provide optimum security protection for digital assets. Montance® LLC has provided services to organizations large and small in the financial, industrial, energy, medical, and government sectors.
Daniel Heinsen is a red team operator, offensive tools developer, and security researcher at SpecterOps. Prior to working at SpecterOps, Daniel spent over 10 years within the U.S. Department of Defense as a software developer and capabilities specialist. Daniel has experience in offensive tool development, Windows internals, and web application exploitation. Since joining SpecterOps, Daniel has directed his research focus to novel initial access vectors and AWS. He maintains several projects at https://github.com/hotnops and posts to his blog at https://medium.com/@hotnops.
Chief Executive Officer
David specializes in building enterprise adversary-focused assessment teams, which have performed thousands of engagements for large private-sector organizations and major government agencies. David has extensive experience in conducting highly specialized, large-scale adversarial operations against a variety of targets. In addition, he has built several training courses focused on red team operations methodologies. In his previous life, David was a senior technical lead for the National Security Agency Red Team, providing mission direction through numerous large-scale operations.
Senior Security Engineer
Jeremy Fox is a cybersecurity specialist with 10 years experience across government and private sector. Following a career change from the finance industry, he developed a wide range of skills in offensive security from reverse engineering and exploit development to red team operations and cloud security.
He is an engineer at heart, having programmed in everything from C/C++ and ASM, through Python and .NET, to Golang. Although his first love was, and always will be, low-level Windows internals, he now works as a Senior Security Engineer at Datadog developing automated offensive security tooling to detect vulnerabilities in large scale cloud environments. His most recent project is KubeHound, an automated Kubernetes attack path calculator.
Jonas is a passionate IT security professional with experience in helping organizations improve their Windows and Active Directory security level through offensive and defensive services. He enjoys remediating attack paths using pragmatic approaches without breaking production systems. Jonas has developed a FOSS tool called ImproHound to identify attack paths breaking tier model implementation in Active Directory using Bloodhound data: https://github.com/JonasBK/ImproHound
Josh Prager has over 9 years’ experience focusing on DoD red team infrastructure, cyber threat emulation and threat hunting. As a former threat hunter for Accenture’s Adversary Research and Reconnaissance Team he developed various cyber threat emulation and threat hunting programs within the Federal industry.
Vice President of Products
Justin is an operations expert who has over a decade of experience in project and program development. After the Air Force, he worked for several consulting firms focused on process and workflow optimization. He enjoys building and leading teams focused on customer delivery at Fortune 500 companies.
VP, Research & Development
Luke Jennings is a security researcher from the UK. He spent most of his early career focused on red teaming and offensive security research at MWR, before moving on to developing new detection and response techniques and designing EDR software as the Chief Research Officer for Countercept. He has now pivoted away from the endpoint to focusing on the emerging threats in SaaS security at Push Security.
Michael comes from a SOC operations background where he used his experience as a SOC analyst and IR investigator to build better MDR services that detect attacker activity in organizations big and small. He is always fascinated by the ways that technical changes to malware functionality and campaign TTPs reflect larger trends in the e-crime ecosystem. He enjoys breaking down these concepts into guidance that is informed by a larger understanding of attacker behavior but meets target audiences where they are.
Nick Landers is an established offensive engineer and researcher, with a focus on training, consulting, tool development, malware internals, and security research. He held the position of VP of Research at NetSPI after leading the Red Team at Silent Break Security. Notable for his “Dark Side Ops” course series, Nick has shared his expertise at industry conferences like Black Hat, as well as in private sessions for internal teams. His work combines deep technical knowledge with practical applications in cybersecurity.
Nico is an Associate Consultant on the Defensive Capability team. He graduated from the US Naval Academy (Beat Army) with a degree in Cyber Operations. Prior to joining SpecterOps Nico served as a Surface Warfare Officer and as an Information Professional Officer during his naval career. Nico loves finding new programming languages to play with and in his free time can be found working on two of his other passions: music and movies.
Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specializes in understanding the attacker tradecraft and thereby improving detection. He has an extensive background in detection engineering and threat hunting. Olaf is the author of several open source security tools like sysmon-modular, Splunk Threathunting app and co-author of FalconHound.
Director of Service Delivery
Russel is a well-rounded information security consultant and offensive security practitioner. He has over 15 years of IT experience with 7 years as an offensive security consultant performing tasks such as penetration testing, web application assessments, social engineering, and wireless assessments. He has spoken at several security conferences to include Knoxville TN chapters of OWASP and BSides along with BlackHat Arsenal. Tools and open source projects developed by Russel can be found on his GitHub page at https://github.com/Ne0nd0g or on his blog at https://medium.com/@Ne0nd0g. Additionally, he enjoys knowledge sharing and teaching and has presented at several colleges and high schools.
Will Pearce is a prominent figure in the AI security and red teaming world, specializing in attacking machine learning systems and developing both tools and methodologies. He plays a key role on the steering committee for the AI Village and notably co-architected and hosted the AI Village Capture the Flag competition at DEFCON. Will has served as the AI Red Team Lead at both Microsoft Azure and NVIDIA, following his tenure as a Senior Security Consultant at Silent Break Security. His expertise in offensive machine learning is recognized at various industry and academic forums, including Blackhat, Defcon AI Village, WWHF, DerbyCon, LabsCon, and at events like the SAI Conference on Computing and IEEE.