BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Active Countermeasures - ECPv6.16.4.1//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-ORIGINAL-URL:https://www.activecountermeasures.com
X-WR-CALDESC:Events for Active Countermeasures
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:America/New_York
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20240310T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20241103T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20250309T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20251102T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20260308T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20261101T060000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
TZNAME:EDT
DTSTART:20270314T070000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
TZNAME:EST
DTSTART:20271107T060000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20250418T130000
DTEND;TZID=America/New_York:20250418T140000
DTSTAMP:20250508T160702Z
CREATED:20250318T213849Z
LAST-MODIFIED:20250508T160702Z
UID:15537-1744981200-1744984800@www.activecountermeasures.com
SUMMARY:Fireside Friday - Firewalling - Hands-on
DESCRIPTION:We all have gaps in our security knowledge. Fireside Fridays will be an opportunity to fill in those gaps. Each Friday we will pick a topic and go over the basics. These sessions will be a combination of lecture and hands on labs. We’ll cover a single topic and hopefully fill in some of those cracks. Think of it as a single focused “ask us anything” session. No judgment on the questions that get asked\, just a chance to raise the bar for all of us. \nIn the last Fireside we discussed firewalling. In this hands-on class we will create various types of packet filtering firewalls and observe how they impact traffic patterns. For this class you will need access to a Linux system with Netfilter/iptables. \nChat with your fellow attendees in the Threat Hunter Community Discord server: https://discord.gg/threathunter in the #live-chat channel. \n  \nRegister Here\nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/fireside-friday-firewalling-hands-on/
LOCATION:Zoom
CATEGORIES:Chris Brenton,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/03/fireside-friday-firewalling-hands-on.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20250425T130000
DTEND;TZID=America/New_York:20250425T140000
DTSTAMP:20250508T160633Z
CREATED:20250318T214217Z
LAST-MODIFIED:20250508T160633Z
UID:15540-1745586000-1745589600@www.activecountermeasures.com
SUMMARY:Fireside Friday - Anatomy of a VPN - Part 1 of 3
DESCRIPTION:We all have gaps in our security knowledge. Fireside Fridays will be an opportunity to fill in those gaps. Each Friday we will pick a topic and go over the basics. These sessions will be a combination of lecture and hands on labs. We’ll cover a single topic and hopefully fill in some of those cracks. Think of it as a single focused “ask us anything” session. No judgment on the questions that get asked\, just a chance to raise the bar for all of us. \nIn this webcast\, we will start discussing the components that make up a VPN. We’ll talk about symmetric encryption\, hashing\, and Hash based Message Authentication Code (HMAC). We will also do a lab that shows the challenges you encounter when there are collisions in the hash space. \nChat with your fellow attendees in the Threat Hunter Community Discord server: https://discord.gg/threathunter in the #live-chat channel. \n  \nRegister Here\nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/fireside-friday-anatomy-of-a-vpn-part-1/
LOCATION:Zoom
CATEGORIES:Chris Brenton,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/03/fireside-friday-anatomy-of-a-vpn-part1.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20250502T130000
DTEND;TZID=America/New_York:20250502T140000
DTSTAMP:20250508T160608Z
CREATED:20250318T214536Z
LAST-MODIFIED:20250508T160608Z
UID:15543-1746190800-1746194400@www.activecountermeasures.com
SUMMARY:Fireside Friday - Anatomy of a VPN - Part 2 of 3
DESCRIPTION:We all have gaps in our security knowledge. Fireside Fridays will be an opportunity to fill in those gaps. Each Friday we will pick a topic and go over the basics. These sessions will be a combination of lecture and hands on labs. We’ll cover a single topic and hopefully fill in some of those cracks. Think of it as a single focused “ask us anything” session. No judgment on the questions that get asked\, just a chance to raise the bar for all of us. \nIn this webcast we will build on what we learned in the last Fireside Friday\, in order to lay out the needed components for a VPN. We’ll talk about asymmetric encryption and setting up a secure channel over an insecure medium. We will also discuss the various methods available for initial authentication in a VPN. \nChat with your fellow attendees in the Threat Hunter Community Discord server: https://discord.gg/threathunter in the #live-chat channel. \n  \nRegister Here\nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/fireside-friday-anatomy-of-a-vpn-part-2/
LOCATION:Zoom
CATEGORIES:Chris Brenton,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/03/fireside-friday-anatomy-of-a-vpn-part2.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20250509T130000
DTEND;TZID=America/New_York:20250509T140000
DTSTAMP:20250508T160458Z
CREATED:20250423T200659Z
LAST-MODIFIED:20250508T160458Z
UID:15664-1746795600-1746799200@www.activecountermeasures.com
SUMMARY:Fireside Friday - Anatomy of a VPN - Part 3 of 3
DESCRIPTION:We all have gaps in our security knowledge. Fireside Fridays will be an opportunity to fill in those gaps. Each Friday we will pick a topic and go over the basics. These sessions will be a combination of lecture and hands on labs. We’ll cover a single topic and hopefully fill in some of those cracks. Think of it as a single focused “ask us anything” session. No judgment on the questions that get asked\, just a chance to raise the bar for all of us. \nIn the final installment of our VPN discussions\, we will leverage the previous defined framework to understand various VPN technologies. We will discuss SSH\, IPSec as well as TLS. We will also review recommended configuration options for each implementation. \nChat with your fellow attendees in the Threat Hunter Community Discord server: https://discord.gg/threathunter in the #live-chat channel. \n  \nRegister Here\nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/fireside-friday-anatomy-of-a-vpn-part-3-of-3/
LOCATION:Zoom
CATEGORIES:Chris Brenton,Online Trainings,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/04/fireside-friday-anatomy-of-a-vpn-part3.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20250516T130000
DTEND;TZID=America/New_York:20250516T140000
DTSTAMP:20250508T160536Z
CREATED:20250508T142426Z
LAST-MODIFIED:20250508T160536Z
UID:15715-1747400400-1747404000@www.activecountermeasures.com
SUMMARY:Fireside Friday - Authentication and Password Cracking
DESCRIPTION:We all have gaps in our security knowledge. Fireside Fridays will be an opportunity to fill in those gaps. Each Friday we will pick a topic and go over the basics. These sessions will be a combination of lecture and hands on labs. We’ll cover a single topic and hopefully fill in some of those cracks. Think of it as a single focused “ask us anything” session. No judgment on the questions that get asked\, just a chance to raise the bar for all of us. \nIn this episode of Fireside Fridays we will discuss authentication and password policies. We’ll also look at how passwords are “cracked” discussing online and offline password cracking. \nChat with your fellow attendees in the Threat Hunter Community Discord server: https://discord.gg/threathunter in the #live-chat channel. \n  \nRegister Here\nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/fireside-friday-authentication-and-password-cracking/
LOCATION:Zoom
CATEGORIES:Chris Brenton,Online Trainings,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/05/fireside-friday-authentication-and-password-cracking.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20250815T130000
DTEND;TZID=America/New_York:20250815T140000
DTSTAMP:20251017T191936Z
CREATED:20250811T201117Z
LAST-MODIFIED:20251017T191936Z
UID:15932-1755262800-1755266400@www.activecountermeasures.com
SUMMARY:Command & Convo - The C2 Webcast - Episode 1: Fiesta
DESCRIPTION:We welcome you to join us for our new monthly webcast series where we will have open and casual discussions about command and control\, malwares\, and expand upon our Malware of the Day blog posts. \nThis is an interactive webcast to include input\, comments and questions from attendees so you can be part of this too! You are welcome to join the Threat Hunter Discord to be part of the webcast in the #live-webcast-chat channel here: https://discord.gg/threathunter \nIn this Episode 1\, we will discuss the Fiesta malware command and control and we hope to see you there! \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/command-convo-the-c2-webcast-episode-1-fiesta/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Keith Chew,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/08/command-and-convo-the-c2-webcast-episode-01-fiesta-800.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20250926T130000
DTEND;TZID=America/New_York:20250926T140000
DTSTAMP:20251017T192028Z
CREATED:20250922T182420Z
LAST-MODIFIED:20251017T192028Z
UID:16163-1758891600-1758895200@www.activecountermeasures.com
SUMMARY:Command & Convo - The C2 Webcast - Episode 2: Merlin and Data Jitter
DESCRIPTION:We welcome you to join us for our monthly webcast series where we will have open and casual discussions about command and control\, malwares\, and expand upon our Malware of the Day blog posts. \nThis is an interactive webcast to include input\, comments and questions from attendees so you can be part of this too! You are welcome to join the Threat Hunter Discord to be part of the webcast in the #live-webcast-chat channel here: https://discord.gg/threathunter \nIn this Episode 2\, we will discuss the Merlin command and control framework and data jitter\, and we hope to see you there! \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/command-convo-the-c2-webcast-episode-2-merlin-and-data-jitter/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Keith Chew,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/09/command-and-convo-the-c2-webcast-episode-02-merlin-and-data-jitter-800.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20251024T130000
DTEND;TZID=America/New_York:20251024T140000
DTSTAMP:20251017T192836Z
CREATED:20251017T192836Z
LAST-MODIFIED:20251017T192836Z
UID:16207-1761310800-1761314400@www.activecountermeasures.com
SUMMARY:Command & Convo – The C2 Webcast – Episode 3: DNS Tunneling (dnscat2)
DESCRIPTION:We welcome you to join us for our monthly webcast series where we will have open and casual discussions about command and control\, malwares\, and expand upon our Malware of the Day blog posts. \nThis is an interactive webcast to include input\, comments and questions from attendees so you can be part of this too! You are welcome to join the Threat Hunter Discord to be part of the webcast in the #live-webcast-chat channel here: https://discord.gg/threathunter \nIn this Episode 3\, we will explore DNS Tunneling and the dnscat2 DNS tunnel – we hope to see you there! \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/command-convo-the-c2-webcast-episode-3-dns-tunneling-dnscat2/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Keith Chew,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/10/command-and-convo-the-c2-webcast-episode-03-dns-tunneling-dnscat2-800.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20251121T130000
DTEND;TZID=America/New_York:20251121T140000
DTSTAMP:20251111T180158Z
CREATED:20251111T180158Z
LAST-MODIFIED:20251111T180158Z
UID:16242-1763730000-1763733600@www.activecountermeasures.com
SUMMARY:Command & Convo - The C2 Webcast - Episode 4: Building Your Own Threat Hunting Home Lab
DESCRIPTION:We welcome you to join us for our monthly webcast series where we will have open and casual discussions about command and control\, malwares\, and expand upon our Malware of the Day blog posts. \nJoin us for this Episode 4 webcast\, where we’ll show you how to set up your own Threat Hunting lab at home. You’ll learn how to create a vulnerable host and run a simulated compromise using Sliver C2. We’ll then set up and configure Zeek and Sysmon for monitoring\, and use RITA for behavioral network analysis. This webcast will empower you to run your own network compromises and threat hunts at home\, allowing you to develop hands-on skills and gain practical experience. \nThis is an interactive webcast to include input\, comments and questions from attendees so you can be part of this too! You are welcome to join the Threat Hunter Discord to be part of the webcast in the #live-webcast-chat channel here: https://discord.gg/threathunter \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/command-convo-the-c2-webcast-episode-4-building-your-own-threat-hunting-home-lab/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Keith Chew,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/11/command-and-convo-the-c2-webcast-episode-04-building-your-own-threat-hunting-home-lab-800.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20251212T130000
DTEND;TZID=America/New_York:20251212T140000
DTSTAMP:20251202T200850Z
CREATED:20251202T200850Z
LAST-MODIFIED:20251202T200850Z
UID:16260-1765544400-1765548000@www.activecountermeasures.com
SUMMARY:Command & Convo - The C2 Webcast - Episode 5: Tunneled C2 Communication with Ligolo-ng
DESCRIPTION:We welcome you to join us for our monthly webcast series where we will have open and casual discussions about command and control\, malwares\, and expand upon our Malware of the Day blog posts. \nThis is an interactive webcast to include comments and questions from attendees so you can be part of this too! Join the Threat Hunter Community Discord to interact during the webcast in the #live-webcast-chat channel here: https://discord.gg/threathunter \nIn Episode 5 we focus on how threat actors use tunneling tools (Ligolo-ng) to pivot their C2 communication across an internal network. \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/command-convo-the-c2-webcast-episode-5-tunneled-c2-communication-with-ligolo-ng/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Keith Chew,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/12/command-and-convo-the-c2-webcast-episode-05-tunneled-C2-communication-with-ligolo-ng-800.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20260109T130000
DTEND;TZID=America/New_York:20260109T140000
DTSTAMP:20260106T200646Z
CREATED:20251202T200929Z
LAST-MODIFIED:20260106T200646Z
UID:16263-1767963600-1767967200@www.activecountermeasures.com
SUMMARY:Command & Convo - The C2 Webcast - Episode 6: Velociraptor as C2
DESCRIPTION:We welcome you to join us for our monthly webcast series where we will have open discussions about command and control\, malwares\, and expand upon our Malware of the Day blog posts. \nThis is an interactive webcast to include comments and questions from attendees so you can be part of this too! NEW CHAT LOCATION: Join the Black Hills Infosec Discord to interact during the webcast in the #live-chat channel here: https://discord.com/invite/BHIS \nIn Episode 6 we examine how threat actors can misuse the legitimate remote DFIR tool\, Velociraptor\, to establish C2 capabilities. \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/command-convo-the-c2-webcast-episode-6-velociraptor-as-c2/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Keith Chew,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2025/12/command-and-convo-the-c2-webcast-episode-06-velociraptor-as-C2-800.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20260220T130000
DTEND;TZID=America/New_York:20260220T140000
DTSTAMP:20260218T161002Z
CREATED:20260218T154640Z
LAST-MODIFIED:20260218T161002Z
UID:16360-1771592400-1771596000@www.activecountermeasures.com
SUMMARY:Threat Hunting C2: DNS TXT Record Abuse with Faan Rossouw
DESCRIPTION:Could DNS traffic be hiding active C2 in your environment right now? \nWe welcome you to join us for a free monthly one-hour training session on command & control and malicious traffic with Faan Rossouw (Active Countermeasures) and learn a stealthy C2 technique that bypasses common DNS tunneling detections and how to catch it. \nWhat you’ll learn: \n\nHow attackers abuse DNS TXT records to deliver payloads (server to agent)\nWhy low-subdomain-count DNS C2 slips past default thresholds\nThe behavioral signals defenders can reliably hunt for\nA real-world case study: Joker Screenmate malware (DomainTools\, July 2025)\n\nFaan will walk through a full threat hunt\, so you’ll leave with practical skills you can apply immediately\, including one Zeek command you can run today to find TXT record abuse in your logs. \nChat and interact with us and your fellow attendees in the BHIS Discord server: https://discord.gg/bhis in the #🔴live-chat channel \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/threat-hunting-c2-dns-txt-record-abuse-with-faan-rossouw/
LOCATION:Zoom
CATEGORIES:Faan Rossouw,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2026/02/threat-hunting-c2-dns-txt-record-abuse-with-fann-rossouw-800.png
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=America/New_York:20260617T100000
DTEND;TZID=America/New_York:20260617T163000
DTSTAMP:20260610T203250Z
CREATED:20260610T182442Z
LAST-MODIFIED:20260610T203250Z
UID:16519-1781690400-1781713800@www.activecountermeasures.com
SUMMARY:Threat Hunting Summit 2026
DESCRIPTION:New tools are coming. The fundamentals are here to stay. \n  \nWhat’s happening \nThe Threat Hunting Summit 2026 is almost here! One day\, 12 practitioners\, all threat hunting. This year’s summit leans hard into a question the community is actively wrestling with: \nWhat does AI actually change about threat hunting\, and what does it not? \nThe short answer: AI is already being demonstrated as a genuinely useful tool by accelerating hypothesis generation\, surfacing patterns in telemetry\, and helping hunters move faster. But it doesn’t replace sound methodology. If your fundamentals are weak\, AI amplifies the noise\, not the signal. The talks this year reflect that tension and give you frameworks to adapt to the accelerating field. \nIf you’re already in the discipline\, this is a good gut-check on where the field is heading. If you’re building toward it\, there’s no better place to be for a day. \n  \nWhy attend \n\n12 practitioners talking about what’s actually working and what isn’t\nA direct look at how AI is being integrated into real hunting workflows\nThe full spectrum: detection engineering\, memory forensics\, network analysis\, C2 behavioral profiling\, agentic AI\nIt’s free! The ACM/BHIS community have always believed access to good training and tooling shouldn’t require a conference budget.\n\n  \nSummit talks: June 17\, 2026 \nMorning Keynote — David Bianco | The Hunter’s Paradox: Is It Time to Embrace Automated Threat Hunting? \nFaan Rossouw — How AI Agents Solve Threat Hunting’s Biggest Problem\nJamie Levy — Memory Forensics for Everyone\nSydney Marrone — Avoiding Hunt Amnesia: Building a Memory Your AI Can Use\nHermon Kidane — Threat Hunting with RITA: A Behavioral Analysis of C2 Traffic\nShane Hartman — Threat Hunting in the Dark: A Practical Approach\nLauren Proehl — Fast-track Reports into Ready-Made Hypotheses with AI\nPanel — Legal Landmines\, Insurance & Incident Response \nAfternoon Keynote — Jason Haddix | Defending AI: Organized Musings on Securing AI Agents for Cybersecurity \n  \nPost-summit trainings: June 18-26\, 2026 \nFive hands-on courses are being offered from Antisyphon Training the week after the summit. Live\, instructor-led\, and built for people who actually want to do the work\, not just watch slides. Spans beginner to advanced. Reimbursement letter templates are available on the training pages if you need to make the case to your org. \nJune 18 — Threat Hunting on the Edge | Troy Wojewoda\nJune 19 — Cyber Threat Intelligence 101 | Wade Wells\nJune 22–23 — LOLBINs vs. LOLBINs: Endpoint Threat Hunting | Patterson Cake\nJune 24–25 — Intro to Network Threat Hunting | John Strand\nJune 26 — Agentic AI for Threat Hunting | Faan Rossouw \n  \nThe summit takes place on Wednesday\, June 17\, 2026. \nMore info:  https://www.antisyphontraining.com/event/threat-hunting-summit/ \nChat and interact with us and your fellow attendees in the Antisyphon Training Discord server: https://discord.gg/antisyphon \n  \nRegister Here\n  \n  \nP.S. You are also welcome to join us up to 30 minutes early for pre-show banter! \nChris BrentonChris has been a leader in the IT and security industry for over 20 years. He’s a published author of multiple security books and the primary author of the Cloud Security Alliance’s online training material. As a Fellow Instructor\, Chris developed and delivered multiple courses for the SANS Institute. As an alumni of Y-Combinator\, Chris has assisted multiple startups\, helping them to improve their product security through continuous development and identifying their product market fit. \nShare this:
URL:https://www.activecountermeasures.com/event/threat-hunting-summit-2026/
LOCATION:Zoom
CATEGORIES:Online Trainings,Virtual Event,Webcasts
ATTACH;FMTTYPE=image/png:https://www.activecountermeasures.com/wp-content/uploads/2026/06/threat-hunting-summit-2026-antisyphon-training-active-countermeasures.png
END:VEVENT
END:VCALENDAR