Loading…
arrow_back View All Dates
Thursday, September 10
 

8:00am CDT

Building Fort Knox: A Practical Bootcamp for Cyber-Physical Defense!
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
Ready to build Fort Knox and bulletproof your physical and wireless perimeters? Turn the tables on attackers with the ultimate bootcamp! You'll get hands-on with card readers, access control systems, Wi-Fi, security cameras, and more using a 25/75 tactical split. Spend 25% of your time getting your hands dirty to understand the offensive threat, and the remaining 75% mastering wireless threat hunting, detecting rogue signals, auditing access control infrastructure, and making the case to secure critical areas. Are you up for the challenge?

What You'll Do & Learn:
Access Control Hardening & Physical Auditing
  • The Threat (25%): Demystify how attackers clone LF/HF RFID badges, bypass locks, and exploit sensors using tools like the Proxmark3 and Flipper Zero.
  • The Defense (75%): Flip the script and use those tools for defense! Learn how to audit your own facility, confidently evaluate vendor hardware, and build the business case to migrate vulnerable legacy systems to secure standards.
Wireless Defense & Rogue Infrastructure Tracking
  • The Threat (25%): Get hands-on to see how rogue APs, "evil twins," and Wi-Fi exploitation techniques compromise corporate airwaves.
  • The Defense (75%): Grab an SDR (HackRF, RTL, B210) and a directional antenna to actively hunt down shadow IT. Analyze wireless protocols in real-time, defend against active attacks, and make critical architectural hardening decisions for your business.
Airspace Defense & Bug Sweeping (TSCM)
  • The Threat (25%): Recognize the physical footprints, RF signatures, and deployment methods of covert transmitters and unauthorized hardware.
  • The Defense (75%): Deploy infrared/thermal cameras and SDRs for foundational bug sweeping. Actively hunt down unauthorized signals and neutralize rogue hardware before it compromises your secure space.
Each day is filled with hands-on, defense-focused mini challenges. Put your new skills to the test as you work with a team to detect compromised hardware, hunt hidden transmitters, isolate wireless threats, and harden cyber-physical infrastructure under pressure.Walk away with take-home hardware and the practical skills to lock down your perimeters! 

ALL SKILL LEVELS WELCOME.

LAPTOP AND PASSION FOR LEARNING NEEDED. ALL OTHER TOOLS PROVIDED.

QUESTIONS? Contact Us: [email protected]
Shortrange Technologies LLC

Full Course Outline:
[Coming Soon!]

Prerequisites: None
Trainers
avatar for Evan

Evan "Shortrange" Cook

Owner, Lead Trainer, Shortrange Technologies LLC
Evan "Shortrange" Cook is a passionate teacher dedicated to "bringing RFID to the people." A multi-time CTF champion on both local and national stages, Evan has trained hundreds of hackers—from university students to special operators—in the art of cyber-physical exploitation... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:00am CDT

CQURE Masterclass: System Forensics, Incident Handling & Threat Hunting
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
System Forensics followed by Threat Hunting and Incident Readiness are constantly evolving and crucial topics in the area of cybersecurity. In order to stay ahead of cyber-criminals, the knowledge of Individuals and Teams responsible for threat hunting, collecting digital evidence, and handling the incidents has to be constantly enhanced and updated.

This course offers a comprehensive, hands-on approach to mastering system forensics, incident handling, and threat hunting, equipping participants with the skills to detect, investigate, and respond to advanced cyber threats. Through case studies, practical labs, and real-world examples, participants will gain expertise in identifying and mitigating modern attacks across various environments. Key learning themes include:


1. Windows Internals & System Forensics: Understand Windows internals, including processes, threads, and permissions. Learn to gather volatile data, audit system configurations, and detect malicious or unnecessary services using tools like PowerShell


2. Malware Analysis and Incident Handling: Gain hands-on experience in analyzing malware, including static and behavioral techniques. Learn how to detect, contain, and eradicate malware, while mastering the steps for gathering evidence, preventing incidents, and recovering from attacks.


3. Network Forensics & Monitoring: Learn advanced network forensics techniques to detect data exfiltration, webshells, and lateral movement. Explore how to analyze network traffic, logs, and protocols to uncover attack indicators, and apply these skills to mitigate threats


4. Memory Forensics & Incident Response: learn how to analyze memory dumps with tools like Volatility. Understand how to detect malicious code and trace system compromises in memory, with practical examples from high-profile incidents.


5. Disk Forensics & Data Recovery: Master storage acquisition and disk forensics techniques, including image mounting, file system analysis, and recovering deleted data.


6. Advanced Threat Hunting & Detection: Develop advanced threat-hunting strategies to uncover hidden threats and internal reconnaissance. Use practical techniques for detecting privilege escalation, lateral movement, and other adversary tactics to proactively defend against advanced attacks.


This course is designed for professionals in digital forensics, incident response, and security operations who wish to deepen their expertise in modern threat detection and response. By combining in-depth technical knowledge with real-world training, participants will be equipped to effectively handle the evolving challenges in cybersecurity and incident management.


Prerequisites: To fully benefit from our masterclass System Forensics, Incident Handling and Threat Hunting, participants should have a solid background in identity management and a general understanding of IT security concepts. Skills in log analysis and a knowledge of authentication mechanisms will also be helpful. Intermediate participants will gain solid fundamentals, while advanced users can deepen their expertise and explore the latest techniques.
Trainers
avatar for Amr Thabet

Amr Thabet

Cybersecurity Expert, CQURE
Amr Thabet is a malware researcher and incident handler with over 16 years of experience, he worked in some of the Fortune 500 companies.  He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing. He is a speaker and an instructor... Read More →
avatar for Paula Januszkiewicz

Paula Januszkiewicz

CEO and Founder, Microsoft MVP and RD, CQURE
Paula Januszkiewicz is the Founder and CEO of CQURE and CQURE Academy, globally recognized organizations delivering cutting-edge cybersecurity consulting and advanced training since 2008. She is an Enterprise Security MVP, Microsoft Regional Director, and one of the world’s leading... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:00am CDT

Defending Enterprises - 2026 Edition
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
Updated for 2026, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.


Not only have several existing topics had major tweaks; the training includes an entirely new section on Entra ID and Azure cloud based attacks! 


You’ll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA’s and IOC’s from a live enterprise breach executed by the trainers in real time.
Whether you’re new to Kusto Query Language (KQL) or a seasoned pro, there’s plenty for you in the 2-days! Yes, we’re using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform.


We look at the top 10+ methods we use in offensive engagements and show how these can be caught, along with numerous other examples and methods that go above and beyond these common TTPs!


This training goes beyond threat hunting as we peek into the world of detection engineering and the processes involved in converting logic into alerts!
With 14 hands-on exercises, many of which also featuring extra time and bonus content, you’ll gain real-world experience in the following areas:


* Introduction to Kusto Query Language (KQL)
* Reviewing popular phishing attacks and living off the land techniques
* Locating C2 traffic and beaconing activity
* Detecting persistence activities
* Digging into credential exploitation (Kerberoasting, Pass-the-Hash, Pass-the-Ticket, DCSync)
* Reviewing Active Directory Certificate Services (AD CS) attacks
* Identifying lateral movement (WinRM, SMB)
* Cloud Attacks (Entra ID Enumeration, Azure IMDS, Authentication Tokens, Conditional Access, App Registrations)
* + much more!


We know 2 days isn't a lot of time, so you'll also get 14-days FREE lab time after class and Discord access for support.

Prerequisites: Detection methods will be taught during training, however an understanding of KQL concepts would be beneficial, and previous SOC experience and/or pentesting is advantageous but not required.
Trainers
avatar for Jeroen

Jeroen "Jay" Hoof

Instructor, SANS
Jeroen Hoof is a SANS Certified Instructor Candidate for SEC504: Hacker Tools, Techniques, and Incident Handling and a Security Operations Specialist at Davinsi Labs, where he specializes in intrusion analysis, SOC operations and detection engineering. With a career spanning law enforcement investigations, SOC operations, and cyber breach response, Jeroen brings a practitioner’s perspective... Read More →
avatar for Owen Shearing

Owen Shearing

Director, In.security
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over two decades of experience in technical security roles... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:00am CDT

Exploring AI Visibility: Shedding Light on Shadow AI, Attack Surface, Telemetry, and LLM Proxies
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
With the explosive adoption of AI agents, corporate networks are experiencing a massive influx of programmatic and shadow AI usage. Unfortunately, default audit capabilities provided by major AI vendors are notoriously sparse, leaving defenders with little to no visibility. Many providers only organize logging in a "billing forward" manner rather than focusing on cybersecurity. 


This 2-day, hands-on training workshop equips security teams with the practical skills needed to detect, audit, and secure AI usage within their environments. Attendees will learn how to identify shadow AI usage from existing network and endpoint logs (such as Zeek and Sysmon) without needing increased vendor visibility. Because AI tooling is ultimately just software, we will also explore how these tools can introduce vulnerabilities, such as unauthenticated servers allowing local execution.


Furthermore, the course will move beyond basic logs to explore advanced visibility techniques. Attendees will learn how to use OpenTelemetry to extract detailed insights from major AI providers that support it, and how to deploy LLM proxies to actively intercept and inspect AI activity and tool calls. Finally, we will dive deep into the Model Context Protocol (MCP), a protocol specifying how AI apps integrate with external tools, and demonstrate the severe risks of malicious integrations via the "Evil MCP" vector.

Prerequisites: Linux terminal or powershell
Trainers
avatar for Corey Thuen

Corey Thuen

Founder, Gravwell
Corey Thuen is the CEO and Co-Founder of Gravwell, an analytics platform built for massive-scale security telemetry. With over a decade of experience across IT, IoT, and ICS/OT security, he brings a unique, attacker-informed perspective to cyber defense. Previously, Corey was a vulnerability... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:01am CDT

Offense for Defense
LIMITED
Thursday September 10, 2026 8:01am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
Join us for Offense for Defense, a high-impact, hands-on cybersecurity course built specifically for blue team professionals, systems administrators, SOC analysts, threat hunters, and incident responders. This training arms defenders with the tactics, tools, and mindset of attackers, empowering teams to proactively identify weaknesses and design better protections, detections, and responses. All while learning from one of the most prominent names in cybersecurity instruction and enterprise penetration testing.

Prerequisites: A couple of years in IT
Trainers
avatar for Tim Medin

Tim Medin

CEO, Red Siege
Tim is the CEO and founder of Red Siege Information Security. He is the creator of the Kerberoasting. Tim was a Senior Instructor and course author (SEC560) at The SANS Institute. Tim has performed penetration tests on a wide range of organizations and technologies. Tim is an experienced... Read More →
Thursday September 10, 2026 8:01am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training
 
Blue Team Con 2026
From $0.00

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Thursday, September 10
Saturday, September 12
Microsoft Technology Center (Aon Center)
Swissôtel Chicago
  • Talk
  • Training
  • Company
  • Abstract
  • Acalvio
  • Amazon
  • Beazley Security
  • Black Hills Information Security
  • Bloom security
  • Broadcom
  • C Spire
  • Campbell Clinic
  • Coalfire
  • CQURE
  • Critical Path Security
  • Data Defenders
  • Dataminr
  • Daylight Security
  • DHS/CISA
  • EXOS
  • First National Bank of Omaha (FNBO)
  • Flare
  • Fortune 150 Food & Bev Manufacturer
  • GetReal Security
  • Horizon Secured
  • Invisible Technologies
  • LevelBlue
  • Liberty Mutual Insurance
  • Nationwide
  • Netwrix
  • Notion
  • Pixee AI
  • Push Security
  • Rapid7
  • Reflex Security
  • Reversec
  • Revology
  • SCYTHE
  • Semperis
  • Spacewalk.ai
  • SpecterOps
  • StoneX
  • TrustedSec
  • Webflow
  • WiCyS Wisconsin
  • Zelis Healthcare
  • Audience
  • Advanced
  • Beginner
  • Early Career
  • Intermediate
  • Subject
  • Application Security / DevSecOps
  • Career Matters
  • Governance / Risk / Compliance
  • Management / Leadership
  • Physical Security
  • Resilience
  • Security Operations / Tools
  • Threat Hunting and Red Teaming
  • Threat Intel and DFIR
  • Vulnerability Management