SO-CON 2025 Conference & Training (In-person)

SO-CON 2025 is a two-day conference followed by Adversary Tactics & Adversary Perspectives training courses.

Further details will be posted soon, keep an eye out for updates! Or sign up to be notified when new details are announced.

ATTENDEES WILL GET TO:

• Discover Cutting Edge Insights
  Explore new approaches, tools, and techniques to combat identity-based attack paths. Discover the latest trends, research from frontline practitioners, case studies and firsthand experiences.
  
• Learn Comprehensive Skills
  Gain in-depth knowledge into how to attack, defend, and harden enterprise environments against advanced threat actors from our in-the-field experts.
  
• Connect with Industry Peers
  Connect in-person on the latest in the industry. Immerse yourself in interactive sessions, gain practical insights, and build lasting relationships.
  

HOTEL INFORMATION:

• Hyatt Centric Arlington
• Just a few blocks away from the venue!

SO-CON 2025 Schedule

SO-CON 2025 comprises a two-day conference and four-day trainings, starting Monday, March 31, 2025. 

Stay tuned for a full schedule and details!

Conference

Join us for our two-day, in-person conference that includes informative sessions, educational activities, and networking opportunities!

Trainings

Upgrade your skills by taking one of our four different courses

• Free Conference Pass Included
• Early Bird Discount on Training: 25% off until December 1st!
• Engage with our Frontline Practitioners
• Hands-on Labs throughout the courses
• Note: Only in-person training tickets are considered part of the SO-CON event; virtual tickets do not include the in-person benefits of the event

Upgrade your Red Team engagements with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary. Participants will use the skillsets taught in Adversary Tactics: Red Team Operations to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Participants will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses.

Topics covered include:

• Design and deploy sophisticated, resilient covert attack infrastructure
• Utilize advanced Active Directory attack techniques to execute domain enumeration, escalation, and persistence
• Perform sophisticated post-exploitation actions, including sophisticated data mining, going beyond just achieving “Domain Admin”
• Use cutting-edge lateral movement methods to move through the enterprise
• Practice “offense-in-depth” by utilizing a variety of tools and techniques in response to defender actions and technical defenses
• Effectively train network defenders to better protect themselves against advanced, persistent adversaries

Full course details here.

As modern architecture increasingly shifts services and data from on-premises infrastructure to the cloud, Identity becomes the thread that ties everything together.

Our Adversary Tactics: Identity-driven Offensive Tradecraft course is a follow-on to our Adversary Tactics: Red Team Operations course and offers an in-depth look at identity-driven attacks, targeting both on-premises and hybrid identities. Participants will learn how to abuse the intricacies of different authentication and authorization mechanisms to traverse on-premises and cloud environments, gain access to integrated systems, and even cross tenants. Participants will also be equipped with a practical approach to identifying known attack paths and forging new ones within complex operational environments and across people, processes, and technology.

Full course details here.

Your organization has just implemented the leading detection and response products. Are they configured with default configuration? How much faith should you have in your ability to detect sophisticated attacks? How would you simulate attacks to ensure robust detections are in place? This course will teach the importance of understanding the inner workings of attack techniques and telemetry availability and provide a workflow for developing robust detection analytics or data driven evasion decisions. Focusing on various Windows components and attacker TTPs, you will dive deep into how software abstracts underlying capabilities and how attackers can interact with deeper layers to bypass superficial detection capabilities.

In Adversary Tactics: Tradecraft Analysis, we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with participants creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

Whether you are a red team operator or detection engineer, you will have a comprehensive understanding of several attack chains. Red team operators will learn an approach to analyzing their own tools, a better understanding of which techniques to select to evade detection, and how to better describe to defenders why an evasion was successful. Detection engineers will understand how to craft a strategy to create robust detections and better detect families of attacks.

Full course details here.

Before you can emulate or defend against the tactics of an adversary operating in Azure, first you must understand their perspective. How do premiere security operators view Azure’s infrastructure components, common architecture designs, and security controls? Through hands-on labs, this course teaches participants how to identify misconfigurations in Azure that are commonly leveraged by attackers. Participants should expect to walk away from Adversary Perspectives: Azure with a strong foundation of Azure security knowledge and first step on their journey of attacking or defending corporate Azure and Entra (Azure AD) environments.

Organizations have their heads in the clouds, or at least their infrastructure. Gone are the days of on-prem domain controllers and Exchange servers. Microsoft’s Azure provides organizations with the ability to deploy cloud hosts and services to augment, or in some cases, replace existing functionality completely. All of these new cloud assets need protection, both through traditional defensive security measures, and offensive security assessments. For new and veteran security professionals alike, understanding how these new technologies work and the nuances of securing them can quickly become complicated. Adversary Perspectives: Azure aims to provide participants without previous Azure experience with a solid understanding of how attackers look at Microsoft Azure, its authentication mechanisms, and how they commonly attack Azure-based environments. (Note: This course was previously named "Azure Security Fundamentals")

Full course details here.

Questions?

Reach out to socon@specterops.io and a Specter will be in touch soon!

Special Tickets

Are you a member of the U.S. Government? Email socon@specterops.io for a registration code to receive 50% off an in-person ticket for the conference days.