SO-CON 2025 Conference & Training (In-person)

SO-CON 2025 is a two-day conference followed by adversary and fundamentals training courses.

Further details will be posted soon, keep an eye out for updates! Or sign up to be notified when new details are announced.

Early Bird Discount

Take advantage of the early bird discount for SO-CON 2025, register by December 1, 2024 to receive 50% off your conference ticket price during checkout!

ATTENDEES WILL GET TO:

• Discover Cutting Edge Insights
  Explore new approaches, tools, and techniques to combat identity-based attack paths. Discover the latest trends, research from frontline practitioners, case studies and firsthand experiences.
  
• Learn Comprehensive Skills
  Gain in-depth knowledge into how to attack, defend, and harden enterprise environments against advanced threat actors from our in-the-field experts.
  
• Connect with Industry Peers
  Connect in-person on the latest in the industry. Immerse yourself in interactive sessions, gain practical insights, and build lasting relationships.
  

HOTEL INFORMATION:

• Hyatt Centric Arlington
• Just a few blocks away from the venue!

SO-CON 2025 Schedule

SO-CON 2025 comprises a two-day conference and four-day trainings, starting Monday, March 31, 2025. 

Stay tuned for a full schedule and details!

Conference

Join us for our two-day, in-person conference that includes informative sessions, educational activities, and networking opportunities!

Trainings

Upgrade your skills by taking one of our four different courses

• Free Conference Pass Included
• Early Bird Discount on Training: 25% off until December 1st!
• Engage with our Frontline Practitioners
• Hands-on Labs throughout the courses
• Note: Only in-person training tickets are considered part of the SO-CON event; virtual tickets do not include the in-person benefits of the event

Upgrade your Red Team engagements with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach participants how to infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary. Participants will use the skillsets taught in Adversary Tactics: Red Team Operations to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Participants will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses.

Topics covered include:

• Design and deploy sophisticated, resilient covert attack infrastructure
• Utilize advanced Active Directory attack techniques to execute domain enumeration, escalation, and persistence
• Perform sophisticated post-exploitation actions, including sophisticated data mining, going beyond just achieving “Domain Admin”
• Use cutting-edge lateral movement methods to move through the enterprise
• Practice “offense-in-depth” by utilizing a variety of tools and techniques in response to defender actions and technical defenses
• Effectively train network defenders to better protect themselves against advanced, persistent adversaries

Full course details here.

As modern architecture increasingly shifts services and data from on-premises infrastructure to the cloud, Identity becomes the thread that ties everything together.

Our Adversary Tactics: Identity-driven Offensive Tradecraft course is a follow-on to our Adversary Tactics: Red Team Operations course and offers an in-depth look at identity-driven attacks, targeting both on-premises and hybrid identities. Participants will learn how to abuse the intricacies of different authentication and authorization mechanisms to traverse on-premises and cloud environments, gain access to integrated systems, and even cross tenants. Participants will also be equipped with a practical approach to identifying known attack paths and forging new ones within complex operational environments and across people, processes, and technology.

Full course details here.

Your organization has just implemented the leading detection and response products. Are they configured with default configuration? How much faith should you have in your ability to detect sophisticated attacks? How would you simulate attacks to ensure robust detections are in place? This course will teach the importance of understanding the inner workings of attack techniques and telemetry availability and provide a workflow for developing robust detection analytics or data driven evasion decisions. Focusing on various Windows components and attacker TTPs, you will dive deep into how software abstracts underlying capabilities and how attackers can interact with deeper layers to bypass superficial detection capabilities.

In Adversary Tactics: Tradecraft Analysis, we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with participants creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

Whether you are a red team operator or detection engineer, you will have a comprehensive understanding of several attack chains. Red team operators will learn an approach to analyzing their own tools, a better understanding of which techniques to select to evade detection, and how to better describe to defenders why an evasion was successful. Detection engineers will understand how to craft a strategy to create robust detections and better detect families of attacks.

Full course details here.

Get You Head in the Clouds! This course will teach participants the fundamentals of Azure, with a focus on security informed by attacker insight. Participants will build on this knowledge through an understanding of how Azure architectures, like solely cloud-based environments or hybridized on-premises and Azure environments, can affect the overall security of an environment. Participants reinforce what they learn through hands-on labs throughout the course and through guidance given by SpecterOps practitioners instructing the class.

Have you found yourself in a job role needing to attack or defend Azure architecture? Has your fast-paced organization moved to the cloud while leaving security to catch up? Azure Security Fundamentals cuts through the fog of the cloud by building participants' understanding of Azure's infrastructure components, common architecture designs, and security controls in the context of the attacker lifecycle. Through hands-on labs, this course also teaches participants how to identify misconfigurations in Azure that are commonly leveraged by attackers. Participants should expect to walk away from Azure Security Fundamentals with a strong foundation of Azure security knowledge and first step on their journey of attacking or defending corporate Azure environments.

Full course details here.

Questions?

Reach out to socon@specterops.io and a Specter will be in touch soon!

Special Tickets

Are you a member of the U.S. Government? Email socon@specterops.io for a registration code to receive 50% off the full summit rate.