Specter Bash 2025
October 6 – 10, 2025HYBRIDDenver, CO
Trainings, evening sessions, and more with a Halloween twist to ring in the spooky time of year.
Join us – IF YOU DARE!
Register
SO Con Register
Sign up for SO-CON updates for the latest information:
Benefits of in Person
Sink your teeth into free food throughout the week!
- Located on an 18-hole golf course
- Adjoining Breckenridge Brewery
- Luxury spa on-site
- 30 minutes from Denver International Airport
Get your hands on some scary-cool exclusive SpecterOps swag as an in-person attendee!
Connect in person on the latest in the industry in a casual, Halloween-themed setting. Immerse yourself in interactive evening sessions, gain practical insights, and build lasting relationships.
We’re hosting a Halloween Costume Contest again this year. Details to follow!
TRAININGS
Upgrade your skills by taking one of our five different courses.
Red Team Operations
Red Team Operations
Adversary Tactics: Red Team Operations to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Participants will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses.
Identity-Driven Offensive Tradecraft
Identity-Driven Offensive Tradecraft
Our Adversary Tactics: Identity-driven Offensive Tradecraft course is a follow-on to our Adversary Tactics: Red Team Operations course and offers an in-depth look at identity-driven attacks, targeting both on-premises and hybrid identities. Participants will learn how to abuse the intricacies of different authentication and authorization mechanisms to traverse on-premises and cloud environments, gain access to integrated systems, and even cross tenants. Participants will also be equipped with a practical approach to identifying known attack paths and forging new ones within complex operational environments and across people, processes, and technology.
Tradecraft Analysis
Tradecraft Analysis
In Adversary Tactics: Tradecraft Analysis we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with participants creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.
Detection
Detection
Adversary Tactics: Detection builds on standard network defense and incident response (which often focuses on alerting for known malware signatures) by focusing on abnormal behaviors and the use of adversary Tactics, Techniques, and Procedures (TTPs). We will teach you how to engineer detections based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will learn use utilize free and/or open source data collection and analysis tools (such as Sysmon, Windows Event Logs, and ELK) to analyze large amounts of host information and build detections for malicious activity. You will use the techniques and toolsets you learn to create threat hunting hypotheses and build robust detections in a simulated enterprise network undergoing active compromise from various types of threat actors.
Let’s Chat!
Join the conversation now in the BloodHound Slack in channel #specter-bash-2025.
Sign up at https://ghst.ly/BHSlack
VENUE
Virtual Attendance
If traveling to Denver, CO isn’t feasible, you can opt to take the course virtually online through Zoom. You will receive the same training portal access and watch the live instruction. However, the virtual training is not part of Specter Bash – remote attendees will NOT receive any of the exclusive benefits that come with in-person attendance.
Remote attendees will receive logistics emails and credentials the week before the trainings.