NEW for Blue Team Con 2024 – Labs! The Lab room is a place where attendees can get an in-depth walk-through or workshop through use cases with hands-on experience using cybersecurity products developed by our sponsors. Each Lab is open for two hours, so if there is a particular company or product that you’d like to see, make note of their Lab timeslot.
Sunday, September 8, 2024 from 10am to 12pm CT
Assumed is excited to introduce our new cyber-deception platform at Blue Team Con. As you may have inferred from your lanyards or honey jar included in the swag bag, Assumed Seeds are honey tokens and honey accounts. Honey tokens and honey accounts are fake data or user accounts set up to lure cyber attackers, helping organizations detect and respond to unauthorized access attempts without risking real information under their care. During this lab session, get hands on with the Assumed platform to create honey tokens to detect data leaks faster, identify insider threats, vet data partners, and most importantly – slow attackers down, reveal their tactics and identify abuse of personal data.
Saturday, September 7, 2024 from 4pm to 6pm CT
Sunday, September 8, 2024 from 12pm to 2pm CT
The Graylog sandbox is an interactive demo system which will allow the end user to experience a powerful threat detection, investigation, and response (TDIR) platform. In this demo the user will be able to identify, prioritize and respond to security events leveraging curated anomaly detection and sigma rules utilizing the guided analyst workflow. The user will be able to harness the full range of functionality within Graylog security, leveraging a wide range of data sources at their fingertips.
Saturday, September 7, 2024 from 2pm to 4pm CT
Join us for a hands-on lab demo focused on maximizing your organization’s security using Microsoft Defender. In this live demo, we will explore practical strategies to streamline security operations, reduce redundancies, and retire costly legacy controls. Attendees will learn to:
- Simplify Security Management: Integrate and consolidate security tools within the Microsoft ecosystem.
- Minimize Operational Complexity: Reduce the number of management interfaces and streamline workflows.
- Optimize Resource Allocation: Free up your team to focus on strategic initiatives and more pressing matters.
- Utilize Existing Microsoft Licensing: Maximize the value of your current Microsoft investments by utilizing built-in security features.
This interactive lab will provide practical insights and techniques to help you achieve a more efficient, robust, and cost-effective security strategy using Microsoft Defender.
Saturday, September 7, 2024 from 10am to 12pm CT
During the Push Security Lab Slot, see how you can get hands on with Push to detect and prevent identity breaches, stop corporate password reuse and phishing, in addition to exploring in-browser security guardrails for employee endpoints, and visualized metrics to track improvements in your overall identity security posture.
Saturday, September 7, 2024 from 12pm to 2pm CT
In this hands-on lab we will review a Play ransomware attack and you can review the collected data to find evidence. We’ll look at the methods of initial access, tools used to pivot and exfiltrate data and culminating in the deployment of the Play encryptor. In addition to an overview of the attack we will conduct a deep dive into the incident investigation. Examining the artifacts created during the attack and how they can be leveraged to build a picture of what happened. The primary tool for the lab will be Cyber Triage, which is an automated investigation platform that focuses on identifying the relevant artifacts.